• Kai Huang's avatar
    x86/virt/tdx: Wire up basic SEAMCALL functions · c33621b4
    Kai Huang authored
    Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
    host and certain physical attacks.  A CPU-attested software module
    called 'the TDX module' runs inside a new isolated memory range as a
    trusted hypervisor to manage and run protected VMs.
    
    TDX introduces a new CPU mode: Secure Arbitration Mode (SEAM).  This
    mode runs only the TDX module itself or other code to load the TDX
    module.
    
    The host kernel communicates with SEAM software via a new SEAMCALL
    instruction.  This is conceptually similar to a guest->host hypercall,
    except it is made from the host to SEAM software instead.  The TDX
    module establishes a new SEAMCALL ABI which allows the host to
    initialize the module and to manage VMs.
    
    The SEAMCALL ABI is very similar to the TDCALL ABI and leverages much
    TDCALL infrastructure.  Wire up basic functions to make SEAMCALLs for
    the basic support of running TDX guests: __seamcall(), __seamcall_ret(),
    and __seamcall_saved_ret() for TDH.VP.ENTER.  All SEAMCALLs involved in
    the basic TDX support don't use "callee-saved" registers as input and
    output, except the TDH.VP.ENTER.
    
    To start to support TDX, create a new arch/x86/virt/vmx/tdx/tdx.c for
    TDX host kernel support.  Add a new Kconfig option CONFIG_INTEL_TDX_HOST
    to opt-in TDX host kernel support (to distinguish with TDX guest kernel
    support).  So far only KVM uses TDX.  Make the new config option depend
    on KVM_INTEL.
    Signed-off-by: default avatarKai Huang <kai.huang@intel.com>
    Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
    Reviewed-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
    Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
    Tested-by: default avatarIsaku Yamahata <isaku.yamahata@intel.com>
    Link: https://lore.kernel.org/all/4db7c3fc085e6af12acc2932294254ddb3d320b3.1692096753.git.kai.huang%40intel.com
    c33621b4
Kconfig 97.6 KB