]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit - arch/x86/kernel/cpu/common.c
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 33cc938) | patch
x86/virt/tdx: Detect TDX during kernel boot
authorKai Huang <kai.huang@intel.com>
Fri, 8 Dec 2023 17:07:21 +0000 (09:07 -0800)
committerDave Hansen <dave.hansen@linux.intel.com>
Fri, 8 Dec 2023 17:11:58 +0000 (09:11 -0800)
commit765a0542fdc7aad7cbc1da3bd19bed6297b54e2c
tree8a4e4efe76deb8ff077ed656e5421174f255d79atree | snapshot
parent33cc938e65a98f1d29d0a18403dbbee050dcad9acommit | diff
x86/virt/tdx: Detect TDX during kernel boot

Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
host and certain physical attacks.  A CPU-attested software module
called 'the TDX module' runs inside a new isolated memory range as a
trusted hypervisor to manage and run protected VMs.

Pre-TDX Intel hardware has support for a memory encryption architecture
called MKTME.  The memory encryption hardware underpinning MKTME is also
used for Intel TDX.  TDX ends up "stealing" some of the physical address
space from the MKTME architecture for crypto-protection to VMs.  The
BIOS is responsible for partitioning the "KeyID" space between legacy
MKTME and TDX.  The KeyIDs reserved for TDX are called 'TDX private
KeyIDs' or 'TDX KeyIDs' for short.

During machine boot, TDX microcode verifies that the BIOS programmed TDX
private KeyIDs consistently and correctly programmed across all CPU
packages.  The MSRs are locked in this state after verification.  This
is why MSR_IA32_MKTME_KEYID_PARTITIONING gets used for TDX enumeration:
it indicates not just that the hardware supports TDX, but that all the
boot-time security checks passed.

The TDX module is expected to be loaded by the BIOS when it enables TDX,
but the kernel needs to properly initialize it before it can be used to
create and run any TDX guests.  The TDX module will be initialized by
the KVM subsystem when KVM wants to use TDX.

Detect platform TDX support by detecting TDX private KeyIDs.

The TDX module itself requires one TDX KeyID as the 'TDX global KeyID'
to protect its metadata.  Each TDX guest also needs a TDX KeyID for its
own protection.  Just use the first TDX KeyID as the global KeyID and
leave the rest for TDX guests.  If no TDX KeyID is left for TDX guests,
disable TDX as initializing the TDX module alone is useless.

[ dhansen: add X86_FEATURE, replace helper function ]

Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Link: https://lore.kernel.org/all/20231208170740.53979-1-dave.hansen%40intel.com
arch/x86/include/asm/cpufeatures.h diff | blob | blame | history
arch/x86/include/asm/msr-index.h diff | blob | blame | history
arch/x86/include/asm/tdx.h diff | blob | blame | history
arch/x86/kernel/cpu/common.c diff | blob | blame | history
arch/x86/virt/vmx/tdx/Makefile diff | blob | blame | history
arch/x86/virt/vmx/tdx/tdx.c [new file with mode: 0644] blob
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git