Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting

[Adrian Hunter]

On 22/05/2026 06:41, Xu Yilun wrote:
> This posting is just to collect initial review.
> 
> Sean, Paolo, Dave please feel free to ignore for now. Sean, especially
> the x86 KVM stuff is only here as an example for the init code, and not
> ready for review.
> 
> Kiryl and Dan, we are trying to get acks for the first 4 patches of the
> series so they can be serve as a settled base for all the other work
> that uses Extensions. Please review the first 4 patches and treat the
> later ones as an example for the Extensions initialization.
> 
> == Why it's being posted ==
> 
> The TDX Module is introducing a new concept called "TDX Module
> Extensions", and several upcoming features depend on them. The
> Extensions need some extra setup at TDX module init time, and the code
> to do this is expected to be somewhat generic.
> 
> We want to get the basics of this TDX module extensions piece sorted so
> that all of the extension-based work can build on it. This series
> includes those basics, and an example usage called DICE-based TDX
> Quoting. Only the first 4 patches are about initializing the TDX module
> Extensions. I'd like some review on them. The later DICE patches are
> just included to serve as a usage example for the TDX module extension
> code.
> 
> The first 4 patches will eventually need an ack by an x86 maintainer, so
> please review with that in mind.
> 
> == Overview ==
> 
> TDX Module introduces the "TDX Module Extensions" to support long
> running / hard-irq preemptible flows inside. This makes TDX Module
> capable of handling complex tasks through "Extension SEAMCALLs".

For me it would be easier to understand by starting higher level,
like:

"TDX Module Extensions enables optional but important TDX features
 - such as DICE-based attestation quoting, TDX Connect, and live
migration - that require substantially more processing time than
core TDX operations, and also additional memory."

Also I would find it helpful to clarify how "TDX Module Extensions"
enhances interruptibility for Extension SEAMCALLs compared with
regular SEAMCALLs, since "hard-irq preemptible flows" had me
initially thinking along the wrong lines.

> 
> TDX Module allows some add-on features to use the Extension. The first
> feature to use Extensions is DICE-based TDX Quoting [1]. DICE is an
> industry-standard, certificate-backed attestation framework that layers
> evidence through a chain of certificates.
> 
> This series adds infrastructure to enable the Extensions and then
> implement DICE-based TDX Quoting.
> 
> The Extensions consumes relatively large amount of memory (~50MB). So it
> is designed to be off by default. It must be enabled after basic TDX
> Module initialization and when add-on features require it. To enable
> the Extensions, host first adds extra memory to TDX Module via a
> SEAMCALL (TDH.EXT.MEM.ADD), then uses another SEAMCALL (TDH.EXT.INIT) to
> initialize Extensions, and then some add-on features, e.g. DICE, could
> use Extension SEAMCALLs for work. Note that host can never get the added
> memory back.
> 
> Theoretically, the Extensions doesn't need to be enabled right after
> basic TDX initialization. It could be enabled right before the first
> Extension SEAMCALL is issued. That would save or postpone memory usage.
> But it isn't worth the complexity, the needs for the Extensions are vast
> but the savings are little for a typical TDX capable system (about
> 0.001% of memory). So the Linux decision is to just enable it along with
> the basic TDX.
> 
> This series has 2 distinct parts:
> 
>   Patches  1-4:  TDX Module Extensions enabling
>   Patches  5-15: DICE-based TDX Quoting, primarily Peter's work.
> 
> == Some history ==
> 
> The TDX Module Extensions part was first posted along with TDX
> Connect [2]. Now this part is remarkably smaller because we've removed
> the generic tdx_page_array abstraction for HPA_LIST_INFO. TDX Module
> Extensions is the first user of HPA_LIST_INFO, and doesn't use it in a
> typical way (HPA_LIST_INFO can only hold at most 2MB memory). There
> isn't enough justification to make the abstraction in this series. A
> possible plan is to rebuild tdx_page_array iteratively when more use
> cases arise.
> 
> == Misc ==
> 
> This series is based on tip/x86/tdx [3], because we need a small
> being-merged patch [4] before our work.
> 
> 
> Link: https://cdrdv2.intel.com/v1/dl/getContent/874303 # [1]
> Link: https://lore.kernel.org/all/20260327160132.2946114-1-yilun.xu@xxxxxxxxxxxxxxx/ # [2]
> Link: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/log/?h=x86/tdx # [3]
> Link: https://patch.msgid.link/20260402-fuller_tdx_kexec_support-v3-1-34438d7094bf@xxxxxxxxx # [4]
> 
> 
> Peter Fang (10):
>   x86/virt/tdx: Move tdx_tdr_pa() up in the file
>   x86/virt/tdx: Initialize Quoting extension during bringup
>   x86/virt/tdx: Prepare Quote buffer during extension bringup
>   x86/virt/tdx: Add interface to check Quoting availability
>   x86/virt/tdx: Add interface to generate a Quote
>   x86/tdx: Move and rename Quote request structure
>   KVM: TDX: Factor out userspace return path from tdx_get_quote()
>   KVM: TDX: Add in-kernel Quote generation
>   KVM: TDX: Support event-notify interrupts only with userspace quoting
>   x86/virt/tdx: Enable TDX Quoting extension
> 
> Xu Yilun (5):
>   x86/virt/tdx: Read global metadata for TDX Module Extensions
>   x86/virt/tdx: Add extra memory to TDX Module for Extensions
>   x86/virt/tdx: Make TDX Module initialize Extensions
>   x86/virt/tdx: Enable the Extensions right after basic TDX Module init
>   x86/virt/tdx: Embed version info in SEAMCALL leaf function definitions
> 
>  Documentation/virt/kvm/api.rst              |   8 +-
>  arch/x86/include/asm/tdx.h                  |  34 ++
>  arch/x86/include/asm/tdx_global_metadata.h  |  11 +
>  arch/x86/kvm/vmx/tdx.h                      |   6 +
>  arch/x86/virt/vmx/tdx/tdx.h                 |  32 +-
>  arch/x86/kvm/vmx/tdx.c                      | 176 ++++++++-
>  arch/x86/virt/vmx/tdx/tdx.c                 | 387 +++++++++++++++++++-
>  arch/x86/virt/vmx/tdx/tdx_global_metadata.c |  27 ++
>  drivers/virt/coco/tdx-guest/tdx-guest.c     |  25 +-
>  virt/kvm/kvm_main.c                         |   1 +
>  10 files changed, 655 insertions(+), 52 deletions(-)
> 
> 
> base-commit: 5209e5bfe5cab593476c3e7754e42c5e47ce36de