From: Xu Yilun <yilun.xu@linux.intel.com>
To: linux-coco@lists.linux.dev, linux-pci@vger.kernel.org,
dan.j.williams@intel.com, x86@kernel.org
Cc: chao.gao@intel.com, dave.jiang@intel.com,
baolu.lu@linux.intel.com, yilun.xu@linux.intel.com,
yilun.xu@intel.com, zhenzhong.duan@intel.com,
kvm@vger.kernel.org, rick.p.edgecombe@intel.com,
dave.hansen@linux.intel.com, kas@kernel.org,
xiaoyao.li@intel.com, vishal.l.verma@intel.com,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 25/31] x86/virt/tdx: Add SEAMCALL wrappers for SPDM management
Date: Sat, 28 Mar 2026 00:01:26 +0800 [thread overview]
Message-ID: <20260327160132.2946114-26-yilun.xu@linux.intel.com> (raw)
In-Reply-To: <20260327160132.2946114-1-yilun.xu@linux.intel.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Add several SEAMCALL wrappers for SPDM management. TDX Module requires
HPA_ARRAY_T structure as input/output parameters for these SEAMCALLs.
So use tdx_page_array for these wrappers.
- TDH.SPDM.CREATE creates SPDM session metadata buffers for TDX Module.
- TDH.SPDM.DELETE destroys SPDM session metadata and returns these
buffers to host, after checking no reference attached to the metadata.
- TDH.SPDM.CONNECT establishes a new SPDM session with the device.
- TDH.SPDM.DISCONNECT tears down the SPDM session with the device.
- TDH.SPDM.MNG supports three SPDM runtime operations: HEARTBEAT,
KEY_UPDATE and DEV_INFO_RECOLLECTION.
Co-developed-by: Xu Yilun <yilun.xu@linux.intel.com>
Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
arch/x86/include/asm/tdx.h | 13 ++++
arch/x86/virt/vmx/tdx/tdx.h | 5 ++
arch/x86/virt/vmx/tdx/tdx.c | 114 +++++++++++++++++++++++++++++++++++-
3 files changed, 130 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index a59e0e43e465..8abdad084972 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -247,6 +247,19 @@ u64 tdh_phymem_page_wbinvd_tdr(struct tdx_td *td);
u64 tdh_phymem_page_wbinvd_hkid(u64 hkid, struct page *page);
u64 tdh_iommu_setup(u64 vtbar, struct tdx_page_array *iommu_mt, u64 *iommu_id);
u64 tdh_iommu_clear(u64 iommu_id, struct tdx_page_array *iommu_mt);
+u64 tdh_spdm_create(u64 func_id, struct tdx_page_array *spdm_mt, u64 *spdm_id);
+u64 tdh_spdm_delete(u64 spdm_id, struct tdx_page_array *spdm_mt,
+ unsigned int *nr_released, u64 *released_hpa);
+u64 tdh_exec_spdm_connect(u64 spdm_id, struct page *spdm_conf,
+ struct page *spdm_rsp, struct page *spdm_req,
+ struct tdx_page_array *spdm_out,
+ u64 *spdm_req_or_out_len);
+u64 tdh_exec_spdm_disconnect(u64 spdm_id, struct page *spdm_rsp,
+ struct page *spdm_req, u64 *spdm_req_len);
+u64 tdh_exec_spdm_mng(u64 spdm_id, u64 spdm_op, struct page *spdm_param,
+ struct page *spdm_rsp, struct page *spdm_req,
+ struct tdx_page_array *spdm_out,
+ u64 *spdm_req_or_out_len);
#else
static inline void tdx_init(void) { }
static inline int tdx_cpu_enable(void) { return -ENODEV; }
diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h
index b25c418f6e61..4784db2d1d92 100644
--- a/arch/x86/virt/vmx/tdx/tdx.h
+++ b/arch/x86/virt/vmx/tdx/tdx.h
@@ -64,6 +64,11 @@
#define TDH_EXT_MEM_ADD 61
#define TDH_IOMMU_SETUP 128
#define TDH_IOMMU_CLEAR 129
+#define TDH_SPDM_CREATE 130
+#define TDH_SPDM_DELETE 131
+#define TDH_SPDM_CONNECT 142
+#define TDH_SPDM_DISCONNECT 143
+#define TDH_SPDM_MNG 144
/* TDX page types */
#define PT_NDA 0x0
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 790713881f1f..02882c2ad177 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -654,7 +654,7 @@ static u64 hpa_list_info_assign_raw(struct tdx_page_array *array)
#define HPA_ARRAY_T_PFN GENMASK_U64(51, 12)
#define HPA_ARRAY_T_SIZE GENMASK_U64(63, 55)
-static u64 __maybe_unused hpa_array_t_assign_raw(struct tdx_page_array *array)
+static u64 hpa_array_t_assign_raw(struct tdx_page_array *array)
{
unsigned long pfn;
@@ -667,7 +667,7 @@ static u64 __maybe_unused hpa_array_t_assign_raw(struct tdx_page_array *array)
FIELD_PREP(HPA_ARRAY_T_SIZE, array->nents - 1);
}
-static u64 __maybe_unused hpa_array_t_release_raw(struct tdx_page_array *array)
+static u64 hpa_array_t_release_raw(struct tdx_page_array *array)
{
if (array->nents == 1)
return 0;
@@ -2107,6 +2107,15 @@ static u64 __seamcall_ir_resched(sc_func_t sc_func, u64 fn,
#define seamcall_ret_ir_resched(fn, args) \
__seamcall_ir_resched(__seamcall_ret, fn, args)
+/*
+ * seamcall_ret_ir_exec() aliases seamcall_ret_ir_resched() for
+ * documentation purposes. It documents the TDX Module extension
+ * seamcalls that are long running / hard-irq preemptible flows that
+ * generate events. The calls using seamcall_ret_ir_resched() are long
+ * running flows, that periodically yield.
+ */
+#define seamcall_ret_ir_exec seamcall_ret_ir_resched
+
noinstr u64 tdh_vp_enter(struct tdx_vp *td, struct tdx_module_args *args)
{
args->rcx = td->tdvpr_pa;
@@ -2506,3 +2515,104 @@ u64 tdh_iommu_clear(u64 iommu_id, struct tdx_page_array *iommu_mt)
return seamcall_ret_ir_resched(TDH_IOMMU_CLEAR, &args);
}
EXPORT_SYMBOL_FOR_MODULES(tdh_iommu_clear, "tdx-host");
+
+u64 tdh_spdm_create(u64 func_id, struct tdx_page_array *spdm_mt, u64 *spdm_id)
+{
+ struct tdx_module_args args = {
+ .rcx = func_id,
+ .rdx = hpa_array_t_assign_raw(spdm_mt)
+ };
+ u64 r;
+
+ tdx_clflush_page_array(spdm_mt);
+
+ r = seamcall_ret(TDH_SPDM_CREATE, &args);
+
+ *spdm_id = args.rcx;
+
+ return r;
+}
+EXPORT_SYMBOL_FOR_MODULES(tdh_spdm_create, "tdx-host");
+
+u64 tdh_spdm_delete(u64 spdm_id, struct tdx_page_array *spdm_mt,
+ unsigned int *nr_released, u64 *released_hpa)
+{
+ struct tdx_module_args args = {
+ .rcx = spdm_id,
+ .rdx = hpa_array_t_release_raw(spdm_mt),
+ };
+ u64 r;
+
+ r = seamcall_ret(TDH_SPDM_DELETE, &args);
+ if (r != TDX_SUCCESS)
+ return r;
+
+ *nr_released = FIELD_GET(HPA_ARRAY_T_SIZE, args.rcx) + 1;
+ *released_hpa = FIELD_GET(HPA_ARRAY_T_PFN, args.rcx) << PAGE_SHIFT;
+
+ return r;
+}
+EXPORT_SYMBOL_FOR_MODULES(tdh_spdm_delete, "tdx-host");
+
+u64 tdh_exec_spdm_connect(u64 spdm_id, struct page *spdm_conf,
+ struct page *spdm_rsp, struct page *spdm_req,
+ struct tdx_page_array *spdm_out,
+ u64 *spdm_req_or_out_len)
+{
+ struct tdx_module_args args = {
+ .rcx = spdm_id,
+ .rdx = page_to_phys(spdm_conf),
+ .r8 = page_to_phys(spdm_rsp),
+ .r9 = page_to_phys(spdm_req),
+ .r10 = hpa_array_t_assign_raw(spdm_out),
+ };
+ u64 r;
+
+ r = seamcall_ret_ir_exec(TDH_SPDM_CONNECT, &args);
+
+ *spdm_req_or_out_len = args.rcx;
+
+ return r;
+}
+EXPORT_SYMBOL_FOR_MODULES(tdh_exec_spdm_connect, "tdx-host");
+
+u64 tdh_exec_spdm_disconnect(u64 spdm_id, struct page *spdm_rsp,
+ struct page *spdm_req, u64 *spdm_req_len)
+{
+ struct tdx_module_args args = {
+ .rcx = spdm_id,
+ .rdx = page_to_phys(spdm_rsp),
+ .r8 = page_to_phys(spdm_req),
+ };
+ u64 r;
+
+ r = seamcall_ret_ir_exec(TDH_SPDM_DISCONNECT, &args);
+
+ *spdm_req_len = args.rcx;
+
+ return r;
+}
+EXPORT_SYMBOL_FOR_MODULES(tdh_exec_spdm_disconnect, "tdx-host");
+
+u64 tdh_exec_spdm_mng(u64 spdm_id, u64 spdm_op, struct page *spdm_param,
+ struct page *spdm_rsp, struct page *spdm_req,
+ struct tdx_page_array *spdm_out,
+ u64 *spdm_req_or_out_len)
+{
+ struct tdx_module_args args = {
+ .rcx = spdm_id,
+ .rdx = spdm_op,
+ .r8 = spdm_param ? page_to_phys(spdm_param) : -1,
+ .r9 = page_to_phys(spdm_rsp),
+ .r10 = page_to_phys(spdm_req),
+ .r11 = spdm_out ? hpa_array_t_assign_raw(spdm_out) : -1,
+ };
+ u64 r;
+
+ r = seamcall_ret_ir_exec(TDH_SPDM_MNG, &args);
+
+ *spdm_req_or_out_len = args.rcx;
+
+ return r;
+}
+EXPORT_SYMBOL_FOR_MODULES(tdh_exec_spdm_mng, "tdx-host");
--
2.25.1
next prev parent reply other threads:[~2026-03-27 16:24 UTC|newest]
Thread overview: 142+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-27 16:01 [PATCH v2 00/31] PCI/TSM: PCIe Link Encryption Establishment via TDX platform services Xu Yilun
2026-03-27 16:01 ` [PATCH v2 01/31] x86/tdx: Move all TDX error defines into <asm/shared/tdx_errno.h> Xu Yilun
2026-03-27 23:37 ` Edgecombe, Rick P
2026-03-28 1:16 ` Dan Williams
2026-03-30 7:07 ` Xu Yilun
2026-03-30 7:10 ` Xu Yilun
2026-03-31 0:01 ` Dave Hansen
2026-03-27 16:01 ` [PATCH v2 02/31] x86/virt/tdx: Move bit definitions of TDX_FEATURES0 to public header Xu Yilun
2026-03-27 23:45 ` Edgecombe, Rick P
2026-03-30 8:07 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 03/31] x86/virt/tdx: Add tdx_page_array helpers for new TDX Module objects Xu Yilun
2026-03-28 1:35 ` Edgecombe, Rick P
2026-03-30 10:25 ` Xu Yilun
2026-03-30 23:25 ` Edgecombe, Rick P
2026-03-31 6:25 ` Tony Lindgren
2026-04-01 7:25 ` Tony Lindgren
2026-03-30 15:47 ` Xu Yilun
2026-03-30 23:57 ` Edgecombe, Rick P
2026-03-31 10:11 ` Xu Yilun
2026-03-30 13:31 ` Nikolay Borisov
2026-03-31 13:31 ` Xu Yilun
2026-04-12 2:53 ` Dan Williams
2026-04-16 9:05 ` Xu Yilun
2026-04-17 23:36 ` Dan Williams
2026-04-19 9:20 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 04/31] x86/virt/tdx: Support allocating contiguous pages for tdx_page_array Xu Yilun
2026-03-30 13:48 ` Nikolay Borisov
2026-03-31 13:37 ` Xu Yilun
2026-04-18 0:05 ` Dan Williams
2026-03-27 16:01 ` [PATCH v2 05/31] x86/virt/tdx: Extend tdx_page_array to support IOMMU_MT Xu Yilun
2026-03-30 23:54 ` Edgecombe, Rick P
2026-03-31 14:19 ` Xu Yilun
2026-04-01 0:17 ` Edgecombe, Rick P
2026-04-08 4:29 ` Xu Yilun
2026-04-14 9:57 ` Xu Yilun
2026-04-16 5:07 ` Xu Yilun
2026-04-17 23:58 ` Dan Williams
2026-04-19 8:33 ` Xu Yilun
2026-04-21 21:51 ` Dan Williams
2026-04-23 11:15 ` Xu Yilun
2026-04-02 0:05 ` Huang, Kai
2026-04-08 6:16 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 06/31] x86/virt/tdx: Read global metadata for TDX Module Extensions/Connect Xu Yilun
2026-03-30 14:23 ` Nikolay Borisov
2026-03-31 14:23 ` Xu Yilun
2026-04-01 21:36 ` Huang, Kai
2026-04-08 6:17 ` Xu Yilun
2026-04-21 22:19 ` Dan Williams
2026-04-23 11:58 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 07/31] x86/virt/tdx: Embed version info in SEAMCALL leaf function definitions Xu Yilun
2026-03-27 16:01 ` [PATCH v2 08/31] x86/virt/tdx: Configure TDX Module with optional TDX Connect feature Xu Yilun
2026-03-31 10:38 ` Nikolay Borisov
2026-04-08 7:21 ` Xu Yilun
2026-04-01 10:13 ` Huang, Kai
2026-04-08 7:12 ` Xu Yilun
2026-04-08 8:33 ` Huang, Kai
2026-04-01 23:42 ` Huang, Kai
2026-04-01 23:53 ` Edgecombe, Rick P
2026-04-02 0:40 ` Huang, Kai
2026-04-02 0:48 ` Dave Hansen
2026-04-02 1:06 ` Huang, Kai
2026-04-22 1:19 ` Dan Williams
2026-04-23 15:49 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 09/31] x86/virt/tdx: Move tdx_clflush_page() up in the file Xu Yilun
2026-03-27 16:01 ` [PATCH v2 10/31] x86/virt/tdx: Add extra memory to TDX Module for Extensions Xu Yilun
2026-03-30 23:36 ` Edgecombe, Rick P
2026-03-31 11:00 ` Nikolay Borisov
2026-04-08 7:28 ` Xu Yilun
2026-04-23 0:59 ` Huang, Kai
2026-04-23 16:41 ` Xu Yilun
2026-04-23 21:55 ` Huang, Kai
2026-04-23 17:05 ` Edgecombe, Rick P
2026-04-23 22:29 ` Huang, Kai
2026-04-24 3:07 ` Xu Yilun
2026-04-24 8:09 ` Huang, Kai
2026-04-24 9:10 ` Huang, Kai
2026-04-24 10:41 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 11/31] x86/virt/tdx: Make TDX Module initialize Extensions Xu Yilun
2026-03-30 23:25 ` Edgecombe, Rick P
2026-03-31 14:58 ` Xu Yilun
2026-04-01 11:42 ` Huang, Kai
2026-04-08 8:24 ` Xu Yilun
2026-04-08 21:24 ` Huang, Kai
2026-04-09 0:49 ` Edgecombe, Rick P
2026-04-09 1:29 ` Huang, Kai
2026-03-27 16:01 ` [PATCH v2 12/31] x86/virt/tdx: Enable the Extensions after basic TDX Module init Xu Yilun
2026-03-27 16:01 ` [PATCH v2 13/31] x86/virt/tdx: Extend tdx_clflush_page() to handle compound pages Xu Yilun
2026-03-27 16:01 ` [PATCH v2 14/31] PCI/TSM: Report active IDE streams per host bridge Xu Yilun
2026-04-02 22:48 ` Dan Williams
2026-04-07 16:08 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 15/31] coco/tdx-host: Introduce a "tdx_host" device Xu Yilun
2026-03-27 16:01 ` [PATCH v2 16/31] coco/tdx-host: Support Link TSM for TDX host Xu Yilun
2026-03-27 16:01 ` [PATCH v2 17/31] acpi: Add KEYP support to fw_table parsing Xu Yilun
2026-03-27 16:01 ` [PATCH v2 18/31] iommu/vt-d: Cache max domain ID to avoid redundant calculation Xu Yilun
2026-04-09 7:02 ` Tian, Kevin
2026-03-27 16:01 ` [PATCH v2 19/31] iommu/vt-d: Reserve the MSB domain ID bit for the TDX module Xu Yilun
2026-03-28 16:57 ` kernel test robot
2026-03-31 7:20 ` Baolu Lu
2026-04-08 12:07 ` Xu Yilun
2026-04-09 5:48 ` Baolu Lu
2026-03-28 19:58 ` kernel test robot
2026-04-09 7:16 ` Tian, Kevin
2026-04-22 6:00 ` Xu Yilun
2026-04-24 6:49 ` Tian, Kevin
2026-04-27 2:50 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 20/31] x86/virt/tdx: Add a helper to loop on TDX_INTERRUPTED_RESUMABLE Xu Yilun
2026-04-09 7:21 ` Tian, Kevin
2026-04-22 6:04 ` Xu Yilun
2026-04-24 6:57 ` Tian, Kevin
2026-04-23 0:29 ` Huang, Kai
2026-03-27 16:01 ` [PATCH v2 21/31] x86/virt/tdx: Add SEAMCALL wrappers for trusted IOMMU setup and clear Xu Yilun
2026-04-09 7:30 ` Tian, Kevin
2026-04-22 6:32 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 22/31] iommu/vt-d: Export a helper to do function for each dmar_drhd_unit Xu Yilun
2026-04-09 7:49 ` Tian, Kevin
2026-04-22 6:33 ` Xu Yilun
2026-04-24 6:50 ` Tian, Kevin
2026-03-27 16:01 ` [PATCH v2 23/31] coco/tdx-host: Setup all trusted IOMMUs on TDX Connect init Xu Yilun
2026-04-09 7:51 ` Tian, Kevin
2026-04-22 9:27 ` Xu Yilun
2026-04-24 6:54 ` Tian, Kevin
2026-04-27 3:10 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 24/31] coco/tdx-host: Add a helper to exchange SPDM messages through DOE Xu Yilun
2026-04-09 7:56 ` Tian, Kevin
2026-04-22 9:41 ` Xu Yilun
2026-04-24 7:01 ` Tian, Kevin
2026-04-27 3:34 ` Xu Yilun
2026-03-27 16:01 ` Xu Yilun [this message]
2026-04-09 7:59 ` [PATCH v2 25/31] x86/virt/tdx: Add SEAMCALL wrappers for SPDM management Tian, Kevin
2026-04-22 9:46 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 26/31] mm: Add __free() support for __free_page() Xu Yilun
2026-03-27 16:01 ` [PATCH v2 27/31] coco/tdx-host: Implement SPDM session setup Xu Yilun
2026-04-02 11:29 ` Nikolay Borisov
2026-04-22 9:53 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 28/31] coco/tdx-host: Parse ACPI KEYP table to init IDE for PCI host bridges Xu Yilun
2026-03-27 16:01 ` [PATCH v2 29/31] x86/virt/tdx: Add SEAMCALL wrappers for IDE stream management Xu Yilun
2026-03-27 16:01 ` [PATCH v2 30/31] coco/tdx-host: Implement IDE stream setup/teardown Xu Yilun
2026-04-09 8:02 ` Tian, Kevin
2026-04-22 9:57 ` Xu Yilun
2026-04-24 7:05 ` Tian, Kevin
2026-04-27 3:54 ` Xu Yilun
2026-03-27 16:01 ` [PATCH v2 31/31] coco/tdx-host: Finally enable SPDM session and IDE Establishment Xu Yilun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260327160132.2946114-26-yilun.xu@linux.intel.com \
--to=yilun.xu@linux.intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dave.jiang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=rick.p.edgecombe@intel.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.