You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This updates the TDX setup guide to reflect the changes made in #1977. While we only tested on Ubuntu Server 25.10 so far, the deployment should work with any 6.16+ host kernel. Running the `setup-tdx-host.sh` script from Canonical is not required anymore, since it doesn't do anything besides adding the patched QEMU 8.2.2 repository (not required anymore) and adding the user to the KVM group, which is not required for us, since we don't start TDX VMs from unprivileged users. The only remaining step the script performs is editing the kernel command line, which is now also reflected in the documentation.
Copy file name to clipboardExpand all lines: docs/docs/howto/cluster-setup/bare-metal.md
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ Consult AMD's [Using SEV with AMD EPYC Processors user guide](https://www.amd.co
34
34
</TabItem>
35
35
<TabItemvalue="intel"label="Intel TDX">
36
36
37
-
Follow Canonical's instructions in [4.2 Enable Intel TDX in Host OS](https://github.com/canonical/tdx?tab=readme-ov-file#42-enable-intel-tdx-in-host-os) (set `TDX_SETUP_ATTESTATION=1` in `setup-tdx-config`), [4.3 Enable Intel TDX in the Host's BIOS](https://github.com/canonical/tdx?tab=readme-ov-file#43-enable-intel-tdx-in-the-hosts-bios) and [9.2 Setup Intel® SGX Data Center Attestation Primitives (Intel® SGX DCAP) on the Host OS](https://github.com/canonical/tdx?tab=readme-ov-file#92-setup-intel-sgx-data-center-attestation-primitives-intel-sgx-dcap-on-the-host-os) (skipping step 9.2.1).
37
+
Follow Canonical's instructions in [4.3 Enable Intel TDX in the Host's BIOS](https://github.com/canonical/tdx?tab=readme-ov-file#43-enable-intel-tdx-in-the-hosts-bios) and [9.2 Setup Intel® SGX Data Center Attestation Primitives (Intel® SGX DCAP) on the Host OS](https://github.com/canonical/tdx?tab=readme-ov-file#92-setup-intel-sgx-data-center-attestation-primitives-intel-sgx-dcap-on-the-host-os) (skipping step 9.2.1).
38
38
You can ignore the other sections of the document.
39
39
40
40
Follow Intel's guide to [Update Intel TDX Module via Binary Deployment](https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/04/hardware_setup/#update-intel-tdx-module-via-binary-deployment).
@@ -50,7 +50,8 @@ Intel recommends to install the latest TDX module version available.
50
50
Install Linux kernel 6.11 or greater.
51
51
</TabItem>
52
52
<TabItemvalue="intel"label="Intel TDX">
53
-
Follow Canonical's instructions on [setting up Intel TDX on Ubuntu 24.04](https://github.com/canonical/tdx?tab=readme-ov-file#41-install-ubuntu-server-image). Note that Contrast currently only supports Intel TDX with Ubuntu 24.04.
53
+
Install Linux kernel 6.16 or greater.
54
+
Add the `nohibernate` and `kvm_intel.tdx=1` kernel command line parameters, for example by updating `GRUB_CMDLINE_LINUX` in `/etc/default/grub`.
0 commit comments