Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting

[Xu Yilun]

On Mon, Jun 15, 2026 at 08:57:09AM -0700, Dave Hansen wrote:
> On 6/15/26 08:22, Xu Yilun wrote:
> >> The TDX "Extension SEAMCALL" capability is akin to ARM CCA's "Stateful
> >> RMI Operations (SRO)", and achieves similar externalized complexity
> >> relief as a dedicated hardware coprocessor like AMD SEV-SNP. The
> > I may not include the ARM/AMD examples, not sure I can explain them
> > well.
> 
> I actually think they're pretty important proof points. One of the big

OK, I can include this section that Dan provides.

> challenges as a maintainer evaluating these things is judging the
> solution itself.
> 
> Is this architecture a good one? Is it overly complex? Are the avenues
> for simplification?
> 
> If five vendors pop up all with similar problems and solutions, then
> it's a pretty good bet that they're all on the right track. But, if
> there are four going one direction and one going off by itself, it's a
> sign that the errant one might need a course correction.
> 
> It would honestly be worth your time to go *talk* to the AMD and ARM
> folks and ensure that you are all on the same page. Last I checked, they

Yes, I queried ARM/AMD TDISP folks offline and CCed them in this thread.
Correct me if anything wrong:

AFAIK, AMD firmware run on an external physical core (PSP), firmware call
execution won't occupy host CPU, and the two partners communicate
asynchronously, so no worry about interruptibility and preemptibility.

>From Alexey:

  "The AMD CPU puts a request in a queue, writes to doorbell, and wait for
   an interrupt. The PSP (a separate physical core) will see this, handle,
   put the data in the CPU memory (if needed), trigger the interrupt. Done.
   The host CPU can be rescheduled while waiting"


ARM SRO is something I don't familiar with. ARM has no co-processor for
CC, host invokes RMI and trap into RMM for secure execution, stateless
RMI blocks interrupt so should be short lived. This is very similar to
Intel SEAMCALL.

Stateful RMI, however, from their RMM 2.0bet1 SPEC [1] B4.3.2 Stateful
RMI operations, could be used "When an RMI operation cannot be completed
within an IMPLEMENTATION DEFINED time limit". It is "guaranteed to yield
within an IMPLEMENTATION DEFINED time limit from the point at which an
interrupt becomes pending." I see it tries to solve the same problem as
extension SEAMCALLs.

I see SRO is WIP in [2], and is used for TDISP [3].

[1] https://developer.arm.com/documentation/den0137/2-0bet1/
[2] https://lore.kernel.org/all/20260318155413.793430-49-steven.price@xxxxxxx/
[3] https://lore.kernel.org/all/20260427065121.916615-3-aneesh.kumar@xxxxxxxxxx/