Intel Developing Rust-Based TD-Shim Firmware For Confidential Containers


Among the many interesting talks this past weekend at the 2023 edition of FOSDEM was Intel engineer Jiewen Yao presenting TD-Shim as the company’s work on a lightweight virtual firmware for containers that complies with their approach to confidential computing.

Intel’s TD-Shim is designed a lightweight virtual firmware implementation for confidential containers with the likes of Kubernetes. TD-Shim is designed with security and confidential computing needs in mind while also being as fast to boot as possible.

TD-Shim aims to replace the traditional Open Virtual Machine Firmware and is also designed to be used with Trust Domain Extensions (TDX) introduced with their latest generation Xeon Scalable «Sapphire Rapids» processors.

Of interest to many Phoronix readers is the fast that TD-Shim is yet another new open-source Intel project making use of the Rust programming language. TD-Shim has been tested so far with hypervisors like KVM and the Intel-led Cloud Hypervisor project.

Intel TD-Shim FOSDEM 2023 slide

Those interested in learning more about TD-Shim for Intel confidential containers can see this slide deck (PDF) from FOSDEM 2023. The open-source TD-Shim firmware is hosted on GitHub.