A few more points to add... * You probably need https://blueprints.launchpad.net/nova/+spec/libvirt-firmware-auto-selection to be implemented first for your work, so that an appropriate firmware with TDX support is selected during instance creation. * One mechanism we still have to implement for AMD SEV-SNP is an interface to allow users to pass down some additional fields such as hostData from api to actual guest domain. We don't really want that interface to be quite specific to a single technology and want it to be generic enough to cover multiple ones. However honestly I'm struggling to understand the requirements in TDX long after I played with it, and I'm unsure how we can make that interface "generic". If you can give some details about the required parameters for confidential computing use case with TDX that may be helpful to enhance that discussion. On 1/20/26 1:58 AM, Markus Hentsch wrote:
Dear Anton,
during the last PTG (project team gathering) there was some discussion about future extensions to the confidential computing support in Nova, not limited to just SEV-SNP [1]. As a result, there is currently ongoing work on extending the architecture to prepare for supporting multiple vendor's technologies [2][3], for example Intel TDX and ARM CCA, in addition to AMD SEV.
Maybe you could help with reviewing the patchsets to ensure that the architecture changes will work for TDX and/or join in there at some point and contribute to the TDX-specific side of things directly. I think that either would be very valuable.
[1] https://etherpad.opendev.org/p/nova-2026.1-ptg#L687
[2] https://blueprints.launchpad.net/nova/+spec/generalize-sev-code
[3] https://review.opendev.org/q/topic:%22bp/generalize-sev-code%22
Kind regards,
Markus
Hi,
I work with confidential computing and has previously contributed to Proxmox [1] to enable support for Intel TDX. I am looking to do the same for Openstack Nova.
I have proposed a blueprint [2] and am drafting a spec with target for 2026.2 release.
From what I gather, support for AMD SEV and SEV-ES is already implemented in Nova, while SEV-SNP support is ongoing. TDX shares some commonalities with SEV-SNP, and I believe that the work on both can be conducted in tandem. I also have experience with SEV-SNP and am happy to contribute if needed.
Early feedback or any concerns and guidance are very welcome!
[1] https://pve.proxmox.com/wiki/Roadmap#Proxmox_VE_9.1 [2] https://blueprints.launchpad.net/nova/+spec/intel-tdx-libvirt-support
Best Regards, Anton