Re: [PATCH v4 09/24] x86/virt/seamldr: Check update limit before TDX Module updates

Next message: Werner Sembach: "[PATCH v5 3/5] platform/x86: uniwill-laptop: Fix XMG Fusion 15 (L19) entries"
Previous message: Werner Sembach: "[PATCH v5 2/5] platform/x86: uniwill-laptop: Implement USB-C power priority setting"
In reply to: Chao Gao: "Re: [PATCH v4 09/24] x86/virt/seamldr: Check update limit before TDX Module updates"
Next in thread: Dave Hansen: "Re: [PATCH v4 09/24] x86/virt/seamldr: Check update limit before TDX Module updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edgecombe, Rick P

Date: Thu Mar 12 2026 - 15:25:43 EST

On Thu, 2026-02-12 at 06:35 -0800, Chao Gao wrote:
> TDX maintains a log about each TDX Module which has been loaded. This
> log has a finite size which limits the number of TDX Module updates
> which can be performed.
>
> After each successful update, the remaining updates reduces by one. Once
> it reaches zero, further updates will fail until next reboot.
>
> Before updating the TDX Module, verify that the update limit has not been
> exceeded. Otherwise, P-SEAMLDR will detect this violation after the old TDX
> Module is gone and all TDs will be killed.
>
> Note that userspace should perform this check before updates. Perform this
> check in kernel as well to make the update process more robust.

What happens if we drop this patch? The IIUC the idea is userspace needs to know
what they are doing already.

>
> Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
> Reviewed-by: Tony Lindgren <tony.lindgren@xxxxxxxxxxxxxxx>