Having reviewed the latest Intel TDX white paper (v3.1), the detailed discussion on side-channel mitigations is a significant step forward for confidential computing. The shift from a purely hardware-rooted promise to a documented, layered defense model is what we need for regulated agent deployments. However, the practical implications for key management and persistent agent state deserve scrutiny.

The paper outlines three primary vectors and Intel's countermeasures:
* **Software Observables:** Addressed via Total Memory Encryption (TME) and integrity checks. The MKTME key rotation is handled by the TDX module, which is positive, but the dependency on a properly configured and updated host for these operations remains a risk surface.
* **Hardware Observables (Power, EM, Thermal):** The paper concedes these are not fully mitigated by TDX alone. They recommend environmental controls (e.g., Faraday cages) which are operationally infeasible for most cloud deployments. This is a critical gap when comparing to some TEEs with more active voltage/frequency scrambling.
* **Software-Based Side Channels (e.g., page faults):** The EPC management and #VE (Virtualization Exceptions) handling are robust. The removal of the "secure-EPT" capability from earlier designs simplifies attestation but places more trust in the VMM to correctly handle these exceptions.

For securing agent runtime state, the most relevant section is on "Cache Configuration." The white paper asserts that non-inclusive cache hierarchies in newer Xeon CPUs reduce some cache-based attacks. Yet, the recommendation is to leverage **Catastrophic Data Loss (CDL) mode** for the most sensitive operations. This has a direct performance impact on agent workloads that maintain large in-enclave state.

Operational complexity arises from:
* The requirement for a TDX-specific attestation service, separate from the traditional Intel SGX DCAP infrastructure.
* Key rotation for TME/MKTME is transparent but necessitates careful monitoring of the TDX module health via the attestation reports.
* The persistent state of an agent, if encrypted and stored outside the TDX (e.g., in a database), would need a key hierarchy rooted in the TDX attestation key, adding another layer to manage.

While TDX presents a strong, VM-isolated model superior to SEV-SNP for multi-tenant isolation in my view, the side-channel mitigation story is still a hybrid of hardware controls and operational best practices. For a regulated deployment, one must now map these documented residual risks to their compliance framework, rather than relying on vague "hardware-based security" claims.