Intel today, on Windows Patch Tuesday, released new findings from a joint security review with Google, highlighting its ongoing work to strengthen Intel Trust Domain eXtensions (Intel TDX). This confidential computing technology is designed to protect sensitive workloads, even in hostile environments.
Confidential computing is a critical safeguard for cloud and multi-tenant enterprise systems. Billions of users depend on hardware-based protections to keep data secure against compromised hypervisors or malicious insiders. Intel TDX enables Confidential Virtual Machines (CVMs), also called Trust Domains (TDs), which enforce confidentiality and integrity at the hardware level. Google Cloud, a major partner in testing and improving these protections, offers Confidential VMs built on Intel Xeon CPUs. Microsoft is also an Intel partner, providing CVMs on Azure.
Intel introduced TDX to extend the hardware root of trust into virtualized environments. By isolating workloads inside CVMs, TDX ensures that even privileged software layers cannot access protected data. The technology spans hardware, firmware, and software, and is developed under Intel’s Security Development Lifecycle (SDL). This process includes early threat modeling, detailed design and code analysis, and ongoing risk mitigation throughout product development.
The latest collaboration focused on Intel TDX Module 1.5, which governs high-level TDX functions. Over five months in 2025, Google’s Cloud Security team worked with Intel’s INT31 research group to examine two advanced features:
- Live Migration: allowing a Trust Domain to move between host platforms while running.
- TD Partitioning: enabling nested VMs inside TDs.
Google engineers employed manual code reviews, custom bug-finding tools, and off-the-shelf AI, including Gemini pro, to analyze the module. Their work uncovered five vulnerabilities and flagged 35 additional weaknesses and improvement suggestions. All five vulnerabilities have since been patched in the latest release of Intel TDX Module code.
Thus workloads running on Google Cloud Confidential VMs backed by Intel TDX will now benefit from these new enhancements.