Re: [PATCH v2 16/17] KVM: TDX: Add in-kernel Quote generation

Next message: Lorenzo Stoakes: "Re: [PATCH] docs/mm: Fix brackets"
Previous message: Michael Reeves via B4 Relay: "[PATCH] arm64: dts: apple: t8122: Fix I2C resources"
In reply to: Sean Christopherson: "Re: [PATCH v2 16/17] KVM: TDX: Add in-kernel Quote generation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Fang

Date: Mon Jun 29 2026 - 06:05:16 EST

On Thu, Jun 25, 2026 at 11:01:58AM -0700, Sean Christopherson wrote:
> On Thu, Jun 18, 2026, Xu Yilun wrote:
> > From: Peter Fang <peter.fang@xxxxxxxxx>
> >
> > Provide an in-kernel path for Quote generation when handling
> > TDG.VP.VMCALL<GetQuote>, without requiring an exit to userspace.
>
> Why?
>

Hi Sean,

This is mainly to avoid a round trip to userspace for the GetQuote flow.

New TDX modules can now get a Quote directly via an "extension SEAMCALL"
instead of exiting to userspace and using an SGX enclave. Exiting to
userspace for GetQuote no longer seems worth the overhead/complexity.

The first half of the series enables extension SEAMCALLs. They implement
simple APIs for higher-order security protocols that would otherwise need
to be broken into smaller routines. For Quoting, this allows KVM to get
a Quote directly through TDH.QUOTE.GET. The TDX module needs only the
input data from TDG.VP.VMCALL<GetQuote> for that call.

Thanks,
Peter