> For the complete documentation index, see [llms.txt](https://docs.enclaive.cloud/confidential-cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-tdx/technology/fundamentals/memory-encryption/keys-and-key-management.md). # Keys and Key Management In order to provide the security guarantees Intel TDX promises cryptographic algorithms are used to secure the data and attest the TD. These algorithms require keys which the CPU needs to keep strictly confidential. The keys are required by the attestation process and the memory encryption/integrity. The memory encryption and integrity process uses a total of 3 different key types. The first key is the encryption key. This key is unique for each Trust Domain (TD) and is used to encrypt the private memory pages of the TD. In order to identify which key needs to be used for which page the encryption engine on the memory controller holds the Key Encryption Table (KET). This table matches the key with a Host Key Identifier (HKID), which identifies the TD. This key is generated by the CPU through the usage of a Hardware Digital Random Number Generator (HW-DRNG) and is lost once the CPU resets. In addition this key is stored within the CPU and is only accessible by the CPU. During the encryption process a second key is used to generate the encryption tweak. The encryption tweak is the encrypted physical address and uses an ephemeral AES-XTS key which is unique for each HKID. The tweak key is also generated through the HW-DRNG. The integrity protection uses HMAC with SHA3-256 as a base. The key that is needed for this procedure is again generated by the HW-DRNG and is also ephemeral. The key is derived by the MCHECK firmware during the initialization process and the HW-DRNG is being accessed through the RDRAN instruction. As the attestation process of Intel TDX uses the already established process of [Intel SGX ](/confidential-cloud/technology-in-depth/intel-sgx/technology/concepts/dcap-attestation-framework.md)with a few minor adjustments to the exchanged data the keys remained the same. Information regarding these keys can be found in the Intel SGX subsection about Memory Encryption. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-tdx/technology/fundamentals/memory-encryption/keys-and-key-management.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.