Re: [RFC PATCH 09/15] x86/virt/tdx: Add interface to generate a Quote

Next message: Nico Pache: "Re: [Bug Report] Elevated PMD nr_anon after running selftests"
Previous message: Ian Rogers: "[PATCH v12 17/19] perf python: Add config file access"
Next in thread: Peter Fang: "Re: [RFC PATCH 09/15] x86/virt/tdx: Add interface to generate a Quote"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Adrian Hunter

Date: Thu Jun 11 2026 - 13:30:40 EST

On 22/05/2026 06:41, Xu Yilun wrote:
> From: Peter Fang <peter.fang@xxxxxxxxx>
>
> Use the TDX Quoting extension's TDH.QUOTE.GET SEAMCALL to generate a
> Quote. Since the interface is shared across all KVM instances,
> serialize access to the SEAMCALL buffer with a mutex.

Isn't the concurrency configurable, so supporting only 1 instance
is a decision of the software implementation, not a TDX limitation?

> +static u64 tdx_quote_get(struct tdx_td *td, u64 in_data_pa, u64 in_data_len,
> + u64 hpa_list_pa, u64 total_len, u64 *quote_len)
> +{
> + struct tdx_module_args args = {
> + .rcx = tdx_tdr_pa(td),
> + /* Don't bother specifying the quote id */

Need to explain why

> + .rdx = QUOTE_ID_MASK & (u64)-1,
> + .r8 = in_data_pa,
> + .r9 = in_data_len,
> + .r10 = hpa_list_pa,
> + .r11 = total_len,
> + };
> + u64 r;
> +
> + do {
> + r = seamcall_ret(TDH_QUOTE_GET, &args);
> + } while (r == TDX_INTERRUPTED_RESUMABLE);
> +
> + *quote_len = args.rcx;
> +
> + return r;
> +}

...

> + r = tdx_quote_get(td, quote_data.hpa_list[0], (u64)in_data_len,
> + quote_data.hpa_list_pa, quote_data.buf_len, &out_len);
> + if (r || !out_len || out_len > quote_data.buf_len)

Is r != TDX_SUCCESS more consistent

> + goto out;