Re: [PATCH v2 16/17] KVM: TDX: Add in-kernel Quote generation

From: Edgecombe, Rick P

Date: Tue Jun 30 2026 - 19:33:23 EST


On Mon, 2026-06-29 at 17:42 -0700, Sean Christopherson wrote:
> Answering my own question (though probably poorly), IIUC the answer is that
> DICE-based quoting is done through the TDX Module, whereas existing quoting is
> done through an SGX enclave and so was routed through userspace.
>
> If that's all there is too this, then why is KVM involved?  I.e. why doesn't the
> TDX Module provide the quote directly to the guest?

That is a good question. The answer is partly historical reasons, but I think
the pros/cons don’t really move the needle too much.

The main benefit of doing it with the host in the loop is that the guest side
TDVMCALL quoting interface can stay the same. There is also a wrinkle in that
there is a limited HW resource involved in the quoting, so we want to do these
operations one at a time. Having a mutex on the host is the KISS way of
accomplishing some level of fairness for DOS prevention.

We should've explained this more, but TBH this solution is *way* simpler than
the initial one that never saw the light of day. So this extra host work seemed
quite small compared to what we have been staring at and we kinda overlooked it.

The other relevant tidbit is that the TDX module folks have some problems to
solve before they can support TDG calls to TDX module extensions. I think we can
get them to though. The question is probably really: do we want the guest
trying/selecting multiple interfaces, or the host.