RE: [PATCH v2 21/31] x86/virt/tdx: Add SEAMCALL wrappers for trusted IOMMU setup and clear

Next message: David Laight: "Re: [PATCH v3 1/1] mtd: cfi_cmdset_0001: Factor out do_write_buffer_locked() to reduce stack frame"
Previous message: Damon Ding: "[PATCH v13 15/17] drm/bridge: analogix_dp: Attach the next bridge in analogix_dp_bridge_attach()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tian, Kevin

Date: Thu Apr 09 2026 - 03:30:42 EST

> From: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>
> Sent: Saturday, March 28, 2026 12:01 AM
>
> From: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
>
> Add SEAMCALLs to setup/clear trusted IOMMU for TDX Connect.

what is 'trusted IOMMU'? a new hardware, or some sensitive resource in
the IOMMU which is only visible to TDX module?

If the latter it's clearer to say "trusted configuration in IOMMU".

>
> Enable TEE I/O support for a target device requires to setup trusted IOMMU
> for the related IOMMU device first, even only for enabling physical secure
> links like SPDM/IDE.

this series is just about SPDM/IDE. then the first part about TEE I/O is not
really relevant.

>
> TDH.IOMMU.SETUP takes the register base address (VTBAR) to position an
> IOMMU device, and outputs an IOMMU_ID as the trusted IOMMU identifier.
> TDH.IOMMU.CLEAR takes the IOMMU_ID to reverse the setup.

Intel IOMMU is called VT-d. It has a register block but not a PCI device so
there is no BAR resource related.

let's just call it 'reg_base'

intel-iommu driver already has its own 'id' definition for each iommu device.
It's clearer to add a prefix to this new id, e.g. tdx_iommu_id?