[PATCH v2 12/17] x86/virt/tdx: Reinitialize the Quoting extension after TDX module update
From: Xu Yilun
Date: Thu Jun 18 2026 - 04:48:50 EST
From: Peter Fang <peter.fang@xxxxxxxxx>
Invoke TDH.QUOTE.INIT again after a runtime module update to trigger the
necessary rekey procedure in the TDX module.
Keep the existing Quote buffer since memory allocation is not permitted
during the update. Compatible TDX module updates must not increase the
Quote buffer size, or an undersized buffer might cause Quote generation
to fail. See [1] for module update details.
[1] Documentation/arch/x86/tdx.rst, Section "TDX module Runtime Update"
Signed-off-by: Peter Fang <peter.fang@xxxxxxxxx>
---
arch/x86/virt/vmx/tdx/tdx.c | 31 ++++++++++++++++++++++++++++---
1 file changed, 28 insertions(+), 3 deletions(-)
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index ac0da4966697..81e7b6b1dacb 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -1353,8 +1353,11 @@ static __init int tdx_quote_create_buf(unsigned int npages,
return -ENOMEM;
}
-/* Initialize quoting extension */
-static __init int tdx_quote_init(void)
+/*
+ * Initialize quoting extension.
+ * It also rekeys the TDX module after a runtime module update.
+ */
+static int tdx_quote_init(void)
{
struct tdx_module_args args = {};
u64 r;
@@ -1539,6 +1542,22 @@ static __init int init_tdx_module_extensions(void)
return 0;
}
+static void update_tdx_quoting_extension(void)
+{
+ int ret;
+
+ if (tdx_addon_feature0 & TDX_FEATURES0_QUOTE) {
+ /*
+ * The TDH.QUOTE.INIT call renews the quoting keys.
+ *
+ * A module update must not increase the quote buffer size, or
+ * quote generation may fail and break attestation.
+ */
+ ret = tdx_quote_init();
+ WARN_ON(ret);
+ }
+}
+
/*
* Mostly the same flow as init_tdx_module_extensions(), but rejects adding
* more memory.
@@ -1561,7 +1580,13 @@ static int update_tdx_module_extensions(void)
if (sysinfo_ext.memory_pool_required_pages)
return -EFAULT;
- return tdx_ext_init();
+ ret = tdx_ext_init();
+ if (ret)
+ return ret;
+
+ update_tdx_quoting_extension();
+
+ return 0;
}
static __init int init_tdx_module(void)
--
2.25.1