Re: [PATCH v4 09/24] x86/virt/seamldr: Check update limit before TDX Module updates

Next message: Raju Rangoju: "[PATCH v2 net 3/3] amd-xgbe: reset PHY settings before starting PHY"
Previous message: Raju Rangoju: "[PATCH v2 net 2/3] amd-xgbe: prevent CRC errors during RX adaptation with AN disabled"
Next in thread: Huang, Kai: "Re: [PATCH v4 09/24] x86/virt/seamldr: Check update limit before TDX Module updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xu Yilun

Date: Wed Mar 04 2026 - 23:30:56 EST

On Thu, Feb 12, 2026 at 06:35:12AM -0800, Chao Gao wrote:
> TDX maintains a log about each TDX Module which has been loaded. This
> log has a finite size which limits the number of TDX Module updates
> which can be performed.
>
> After each successful update, the remaining updates reduces by one. Once
> it reaches zero, further updates will fail until next reboot.
>
> Before updating the TDX Module, verify that the update limit has not been
> exceeded. Otherwise, P-SEAMLDR will detect this violation after the old TDX
> Module is gone and all TDs will be killed.
>
> Note that userspace should perform this check before updates. Perform this
> check in kernel as well to make the update process more robust.
>
> Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
> Reviewed-by: Tony Lindgren <tony.lindgren@xxxxxxxxxxxxxxx>

Reviewed-by: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>