How to enable Intel TDX function in Windows Server 2022

jason.ct.kuo 0 Reputation points
2024-05-09T07:54:38.16+00:00

In Windows Server 2022, if I want to enable the Intel TDX function (Host side), in addition to the BIOS being Enabled, what settings do Windows need to make? I have confirmed that the BIOS is enabled, but it still doesn't work.

SPR Platform

CPU: Intel(R) Xeon(R) Platinum 8473C

BIOS Configuration:

• Socket Configuration -> Processor Configuration -> Total Memory Encryption (TME) = Enabled

• Socket Configuration -> Processor Configuration -> Total Memory Encryption (Intel TME) Bypass = Auto

• Socket Configuration -> Processor Configuration -> Total Memory Encryption Multi-Tenant (TME-MT) =      Enabled

• Socket Configuration -> Processor Configuration -> Memory Integrity = Disabled

• Socket Configuration -> Processor Configuration -> Trust Domain Extensions (TDX) = Enabled

• Socket Configuration -> Processor Configuration -> TDX Secure Arbitration Mode Loader (SEAM Loader) = Enabled

• Socket Configuration -> Processor Configuration -> TME-MT/TDX key split = 7

• Socket Configuration -> Processor Configuration -> Software Guard Extension (SGX) = Enabled

Verify with Intel(R) Software Guard Extensions BIOS Info Tool Version 0.8.2.0 (log: please refer to attached file SgxBIOSInfoToolOutput.log)

Test Summary:

SGX: Support

 HARDWARE: Support

 BIOS/OS: Enabled

TDX: Not Support

 HARDWARE: Support

 BIOS/OS: Disabled
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,316 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Wesley Li 5,490 Reputation points
    2024-05-09T14:44:51.92+00:00

    Hello

    To enable Intel Trust Domain Extensions (Intel TDX) on Windows Server 2022, you need to ensure that your hardware and BIOS support it, which seems to be the case based on your provided information. However, the BIOS/OS setting for TDX is currently disabled.

    Unfortunately, there’s no specific step-by-step guide available for enabling Intel TDX in Windows Server 2022. Microsoft has announced support for Intel TDX in Azure confidential VMs, starting with Windows Server 2019, 2022, and Windows 11.

    [Announcing the public preview of Azure confidential VMs with Intel TDX - Microsoft Community Hub](https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-confidential-computing%2Fannouncing-the-public-preview-of-azure-confidential-vms-with%2Fba-p%2F3968256&data=05%7C02%7Cwesleyl%40wicresoft.com%7Cb023d3713c844756c61808dc70361156%7Cb2ae8dd9097749768706861b488b1512%7C0%7C0%7C638508624744567977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=JYL2EDyVvCcI2fhA6fq7xviObS%2BijMD73K9E7T4enGk%3D&reserved=0"原始 URL: https://techcommunity.microsoft.com/t5/azure-confidential-computing/announcing-the-public-preview-of-azure-confidential-vms-with/ba-p/3968256。如果你信任此链接, 请单击或点击。")

    0 comments No comments