Re: [PATCH v1 2/3] x86/coco: Disable TDX module calls when TD partitioning is active
From: Jeremi Piotrowski
Date: Fri Nov 24 2023 - 05:38:47 EST
On 23/11/2023 15:13, Kirill A. Shutemov wrote:
> On Wed, Nov 22, 2023 at 06:01:05PM +0100, Jeremi Piotrowski wrote:
>> Introduce CC_ATTR_TDX_MODULE_CALLS to allow code to check whether TDX module
>> calls are available. When TD partitioning is enabled, a L1 TD VMM handles most
>> TDX facilities and the kernel running as an L2 TD VM does not have access to
>> TDX module calls. The kernel still has access to TDVMCALL(0) which is forwarded
>> to the VMM for processing, which is the L1 TD VM in this case.
>
Correction: it turns out TDVMCALL(0) is handled by L0 VMM.
> Sounds like a problem introduced by patch 1/3 :/
>
What problem are you referring to? This patch is making the kernel aware of which
subfeatures of TDX are available to it.
This patch is needed once you make the kernel aware of X86_FEATURE_TDX_GUEST, which
is applicable because we're dealing with a TDX guest.