Ask in ChatGPT 
๐ก๏ธ Using TDX (Experimental) โ
โ ๏ธ EXPERIMENTAL FEATURE
TDX support is currently experimental and should NOT be used in production. This feature is provided for testing and development purposes only. Expect instabilities, limited compatibility, and potential outages.
Intel TDX (Trust Domain Extensions) is the next generation of TEE technology. This guide shows you how to enable TDX in your iApp and understand the differences from the default SGX implementation.
What is TDX? โ
TDX (Trust Domain Extensions) is Intel's newer confidential computing technology, different from the default SGX implementation.
SGX vs TDX Differences โ
SGX (Current Default):
- โ Production ready and stable
- โ Widely supported by iExec workers
- โ Memory limitations in TEE environment
TDX (Experimental):
- โ Potentially better for memory-intensive workloads
- โ Experimental and unstable
- โ Limited worker availability
- โ Not production ready
| Feature | Intel SGX | Intel TDX |
|---|---|---|
| Release Year | 2015 | 2023 |
| Enclave Scope | Application level | Virtual machine level |
| Code Adaptation Required | Yes - needs redesign of app's logic | No - supports lift-and-shift of full systems |
| Memory Size | Limited | Extensive (multi-GB+) |
| Integration Complexity | Higher (more dev work) | Lower (VM legacy code) |
| Best Fit For | Lightweight, high-assurance modules (e.g. wallets, crypto key ops, small AI models) | Heavier AI workloads, legacy apps, databases |
Enabling TDX in iApp Generator โ
Environment Variable Method โ
Enable TDX for deployment and execution:
# Set the experimental flag
export EXPERIMENTAL_TDX_APP=true
# Deploy and run with TDX
iapp deploy
iapp run <app-address>Environment Variable Declaration
The syntax for setting environment variables differs between operating systems:
- Mac/Linux:
export EXPERIMENTAL_TDX_APP=true - Windows:
set EXPERIMENTAL_TDX_APP=true
Per-Command Method โ
Enable TDX for specific commands:
# Deploy TDX-enabled iApp
EXPERIMENTAL_TDX_APP=true iapp deploy
# Run with TDX
EXPERIMENTAL_TDX_APP=true iapp run <app-address>
# Debug TDX execution
EXPERIMENTAL_TDX_APP=true iapp debug <taskId>Verification โ
Check if TDX is enabled:
# Your deployed iApp should show TDX-related tags
iexec app show <app-address>โ
โ ๏ธ To use the iExec DataProtector SDK with TDX support, you must configure the SDK with the right SMS endpoint.
const dataProtector = new IExecDataProtector(web3Provider, {
iexecOptions: {
smsURL: 'https://sms.labs.iex.ec',
},
});โ ๏ธYou need to change the default worker pool in your protected Data declaration
await dataProtector.core.processProtectedData({
protectedData: protectedData.address,
workerpool: 'tdx-labs.pools.iexec.eth',
app: '0x1919ceb0c6e60f3B497936308B58F9a6aDf071eC',
});Protected Data Compatibility โ
Protected Data Requirements
TDX iApp may require TDX-compatible protected data. Check compatibility before using protected data with TDX iApp.
Important: The exact process for creating TDX-compatible protected data may differ from standard protected data creation. Consult the latest DataProtector documentation for TDX-specific requirements.
Development Workflow โ
1. Local Testing โ
# Test locally (same as regular iApp)
iapp test --protectedData "mock_name"
# TDX only affects remote deployment/execution2. Deployment โ
# Deploy TDX iApp
EXPERIMENTAL_TDX_APP=true iapp deploy3. Execution โ
# Run with TDX
EXPERIMENTAL_TDX_APP=true iapp run <app-address>Current Limitations โ
Production Warnings
- ๐ซ NOT for production use
- ๐ซ Limited worker availability
- ๐ซ Unstable execution environment
- ๐ซ Breaking changes without notice
When to Use TDX โ
Consider TDX only for:
- ๐ฌ Research/development purposes
- ๐งช Testing future capabilities
Use SGX for:
- ๐ All production applications
- โก Reliable execution requirements
What's Next? โ
For production applications, use the standard SGX guides:
- Debugging Your iApp - Troubleshoot execution issues
- Inputs and Outputs - Handle data in TEE environment
- App Access Control and Pricing - Deploy production-ready iApp