Re: [PATCH v13 17/22] x86/kexec: Flush cache of TDX private memory

From: Dave Hansen
Date: Fri Sep 15 2023 - 13:51:04 EST

Next message: Denis Glazkov: "Re: [PATCH v2] certs: Add option to disallow non-CA certificates in secondary trusted keying"
Previous message: Liam R. Howlett: "[PATCH v2] kernel/sched: Modify initial boot task idle setup"
In reply to: Edgecombe, Rick P: "Re: [PATCH v13 17/22] x86/kexec: Flush cache of TDX private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/15/23 10:43, Edgecombe, Rick P wrote:
> On Sat, 2023-08-26 at 00:14 +1200, Kai Huang wrote:
>> There are two problems in terms of using kexec() to boot to a new
>> kernel when the old kernel has enabled TDX: 1) Part of the memory
>> pages are still TDX private pages; 2) There might be dirty
>> cachelines associated with TDX private pages.
> Does TDX support hibernate?
No.

There's a whole bunch of volatile state that's generated inside the CPU
and never leaves the CPU, like the ephemeral key that protects TDX
module memory.

SGX, for instance, never even supported suspend, IIRC. Enclaves just
die and have to be rebuilt.

Next message: Denis Glazkov: "Re: [PATCH v2] certs: Add option to disallow non-CA certificates in secondary trusted keying"
Previous message: Liam R. Howlett: "[PATCH v2] kernel/sched: Modify initial boot task idle setup"
In reply to: Edgecombe, Rick P: "Re: [PATCH v13 17/22] x86/kexec: Flush cache of TDX private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]