Re: [PATCH v5 15/22] x86/virt/tdx: Restore TDX module state

Next message: Linus Walleij: "Re: [PATCH v12 3/4] soc: microchip: add mpfs gpio interrupt mux driver"
Previous message: Hangbin Liu: "Re: [PATCH net-next v3 0/5] net: centralize master device offload feature computation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kiryl Shutsemau

Date: Thu Mar 19 2026 - 09:38:43 EST

On Sun, Mar 15, 2026 at 06:58:35AM -0700, Chao Gao wrote:
> TDX module state was packed as handoff data during module shutdown. After
> per-CPU initialization, the new module can restore TDX module state from
> handoff data to preserve running TDs.
>
> Once the restoration is done, the TDX module update is complete, which
> means the new module is ready to handle requests from the host and guests.
>
> Implement the new TDH.SYS.UPDATE SEAMCALL to restore TDX module state
> and invoke it on one CPU since it only needs to be called once.
>
> Note that Intel® Trust Domain Extensions (Intel® TDX) Module Base
> Architecture Specification, Revision 348549-007, Chapter 4.5.5 states:
>
> If TDH.SYS.UPDATE returns an error, then the host VMM can continue
> with the non-update sequence (TDH.SYS.CONFIG, 15 TDH.SYS.KEY.CONFIG
> etc.). In this case all existing TDs are lost. Alternatively, the host
> VMM can request the P-SEAMLDR to update to another TDX module. If that
> update is successful, existing TDs are preserved
>
> Don't implement the two alternatives due to their complexity and unclear
> benefits.

Make it clear which option you've took.

>
> Also note that the location and the format of handoff data is defined by
> the TDX module. The new module knows where to get handoff data and how
> to parse it. The kernel doesn't need to provide its location, format etc.
>
> Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
> Reviewed-by: Tony Lindgren <tony.lindgren@xxxxxxxxxxxxxxx>
> Reviewed-by: Kai Huang <kai.huang@xxxxxxxxx>

Reviewed-by: Kiryl Shutsemau (Meta) <kas@xxxxxxxxxx>

--
Kiryl Shutsemau / Kirill A. Shutemov