Intel TDX Now Much More Practical With Ability To Apply Important Updates Without Reboot

Written by Michael Larabel in Intel on 19 June 2026 at 06:18 AM EDT. Add A Comment

For those interested in Trust Domain Extensions (TDX) with modern Intel Xeon processors for confidential computing but also view system uptime as critical, beginning in Linux 7.2 the TDX support is now much more practical with allowing live updates without the need to reboot the running system in the event of security updates and similar.

Similar to how Intel CPU microcode updates can be applied at run-time, beginning in Linux 7.2 all the pieces are in place for now supporting TDX module runtime updates to avoid the status quo of needing to reboot:

"The biggest change, however, is support for updating the TDX module after boot, just like CPU microcode. TDX users really want this because it lets them do security updates without tearing things down and rebooting."

The TDX runtime update support has been in the works for a while and now merged for Linux 7.2. Albeit it's a bit surprising it took so long until run-time updates for TDX modules became a reality considering security concerns these days and server administrators despising downtime.

👁 Intel TDX diagram

In addition to the TDX runtime module update support, with Linux 7.2 the TDX code also plays nicely with Kexec kernel booting now too.

These Intel Trust Domain Extensions improvements were merged via the x86/tdx pull this week for the Linux 7.2 kernel.