git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Isaku Yamahata <isaku.yamahata@intel.com>
	Wed, 4 Sep 2024 03:07:50 +0000 (20:07 -0700)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Fri, 14 Mar 2025 18:20:53 +0000 (14:20 -0400)
commit	012426d6f59cab21f4e1ab4cc2c919fd26a04ead
tree	3bb00bc2bd89e82714bfb93cff50c0dfcde4974b	tree
parent	c846b451d3c5d4ba304bbeeaf7aa9a04bb432408	commit \| diff

KVM: TDX: Finalize VM initialization

Add a new VM-scoped KVM_MEMORY_ENCRYPT_OP IOCTL subcommand,
KVM_TDX_FINALIZE_VM, to perform TD Measurement Finalization.

Documentation for the API is added in another patch:
"Documentation/virt/kvm: Document on Trust Domain Extensions(TDX)"

For the purpose of attestation, a measurement must be made of the TDX VM
initial state. This is referred to as TD Measurement Finalization, and
uses SEAMCALL TDH.MR.FINALIZE, after which:
1. The VMM adding TD private pages with arbitrary content is no longer
allowed
2. The TDX VM is runnable

Co-developed-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Message-ID: <20240904030751.117579-21-rick.p.edgecombe@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/include/uapi/asm/kvm.h		diff \| blob \| blame \| history
arch/x86/kvm/vmx/tdx.c		diff \| blob \| blame \| history
arch/x86/kvm/vmx/tdx.h		diff \| blob \| blame \| history