The patchset adjusts a few TD settings on boot for the optimal functioning
of the system:
- Disable EPT violation #VE on private memory if TD can control it
The newer TDX module allows the guest to control whether it wants to
see #VE on EPT violation on private memory. The Linux kernel does not
want such #VEs and needs to disable them.
- Enable virtualization of topology-related CPUID leafs X2APIC_APICID MSR;
The ENUM_TOPOLOGY feature allows the VMM to provide topology
information to the guest. Enabling the feature eliminates
topology-related #VEs: the TDX module virtualizes accesses to the
CPUID leafs and the MSR.
It allows TDX guest to run with non-trivial topology configuration.