Re: [PATCH v3 04/21] x86/virt/tdx: Add skeleton for detecting and initializing TDX on demand
From: Sathyanarayanan Kuppuswamy
Date: Wed Apr 20 2022 - 10:30:23 EST
On 4/19/22 9:37 PM, Kai Huang wrote:
On Tue, 2022-04-19 at 07:53 -0700, Sathyanarayanan Kuppuswamy wrote:
On 4/5/22 9:49 PM, Kai Huang wrote:
The TDX module is essentially a CPU-attested software module running
in the new Secure Arbitration Mode (SEAM) to protect VMs from malicious
host and certain physical attacks. The TDX module implements the
/s/host/hosts
I don't quite get. Could you explain why there are multiple hosts?
Sorry, I misread it. It is correct, so ignore it.
+
+/**
+ * tdx_detect - Detect whether the TDX module has been loaded
+ *
+ * Detect whether the TDX module has been loaded and ready for
+ * initialization. Only call this function when all cpus are
+ * already in VMX operation.
+ *
+ * This function can be called in parallel by multiple callers.
+ *
+ * Return:
+ *
+ * * -0: The TDX module has been loaded and ready for
+ * initialization.
+ * * -ENODEV: The TDX module is not loaded.
+ * * -EPERM: CPU is not in VMX operation.
+ * * -EFAULT: Other internal fatal errors.
+ */
+int tdx_detect(void)
Will this function be used separately or always along with
tdx_init()?
The caller should first use tdx_detect() and then use tdx_init(). If caller
only uses tdx_detect(), then TDX module won't be initialized (unless other
caller does this). If caller calls tdx_init() before tdx_detect(), it will get
error.
I just checked your patch set to understand where you are using
tdx_detect()/tdx_init(). But I did not find any callers. Did I miss it?
or it is not used in your patch set?
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer