Re: [PATCH v2 19/31] iommu/vt-d: Reserve the MSB domain ID bit for the TDX module

Next message: Hongxing Zhu: "RE: [PATCH v1 1/3] dt-bindings: PCI: imx6q-pcie: Add intr, aer and pme interrupts"
Previous message: Wenchao Hao: "Re: [RFC PATCH v2 0/4] mm/zsmalloc: reduce zs_free() latency on swap release path"
In reply to: Tian, Kevin: "RE: [PATCH v2 19/31] iommu/vt-d: Reserve the MSB domain ID bit for the TDX module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xu Yilun

Date: Sun Apr 26 2026 - 23:13:55 EST

> > > btw in patch23 commit msg:
> > >
> > > "
> > > There is no dedicated way to enumerate which IOMMU devices support
> > > trusted operations. The host has to call TDH.IOMMU.SETUP on all IOMMU
> > > devices and tell their trusted capability by the return value.
> > > "
> > >
> > > which implies that ecap_tdxc() alone doesn't really report the capability?
> >
> > Ah, good catch. Let me explain:
> >
> > ecap_tdxc does report the capability. This bit is special cause both
> > trusted part & untrusted part access it.
> >
> > For IOMMU driver (which now handles the untrusted part), it can directly
> > query to this bit and decide what to do.
> >
> > But for tdx-host driver which handles the trusted part, it shouldn't
> > speculate into the IOMMU for capability enumeration. TDX Module has more
> > concerns about trusted capability, including the related I/O stack
>
> I guess "more concerns" means that there are more conditions for
> TDX module to look at beyond ecap_tdxc(), so it's not appropriate
> for tdx-host driver to check ecap alone.

Exactly.

>
> > capabilities e.g. SPDM/IDE cap... So in patch23 I actually mean we
> > don't have an enumeration SEAMCALL for trusted capability, I will
> > refactor that message:
> >
> > There is no dedicated *SEAMCALL* to enumerate which IOMMU devices
> > support
> > trusted operations...