Re: [PATCH v2 00/21] Runtime TDX Module update support

Next message: Prabhakar: "[PATCH] arm64: dts: renesas: rzt2h-n2h-evk: Add VCC supply for EEPROM"
Previous message: Gabriele Monaco: "Re: [RFC PATCH] sched/deadline: Avoid dl_server boosting with expired deadline"
Next in thread: Reshetova, Elena: "RE: [PATCH v2 00/21] Runtime TDX Module update support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Vishal Annapurve

Date: Tue Oct 14 2025 - 11:32:55 EST

On Tue, Sep 30, 2025 at 7:54 PM Chao Gao <chao.gao@xxxxxxxxx> wrote:
>
> === TDX Module Distribution Model ===
>
> At a high level, Intel publishes all TDX Modules on the github [2], along
> with a mapping_file.json which documents the compatibility information
> about each TDX Module and a userspace tool to install the TDX Module. OS

[2] mentions about a limitation of doing runtime TDX module update:

"Performing TD Preserving during a TD Build operation might result in
a corrupted TD hash in the TD attestation report. Until fixed in a
future Intel TDX module update, a host VMM can avoid the problem by
not conducting a TD Preserving Update while TD Build operation is in
progress."

Do you know if this issue is fixed already? If so, what version of TDX
module fixes this issue?

> vendors can package these modules and distribute them. Administrators
> install the package and use the tool to select the appropriate TDX Module
> and install it via the interfaces exposed by this series.
>
> [1]: https://cdrdv2.intel.com/v1/dl/getContent/733584
> [2]: https://github.com/intel/tdx-module-binaries
> [3]: https://lore.kernel.org/all/665c5ae0-4b7c-4852-8995-255adf7b3a2f@xxxxxxxxxx/
> [4]: https://lore.kernel.org/all/5d1da767-491b-4077-b472-2cc3d73246d6@xxxxxxxxxx/
> [5]: https://lore.kernel.org/all/94d6047e-3b7c-4bc1-819c-85c16ff85abf@xxxxxxxxx/
>