From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 418313750BC for ; Thu, 26 Mar 2026 08:45:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774514735; cv=none; b=X3acF+qoY6W/6KHz9R6CNZkD24ZMJ/jE0y3avO5noVWJuoYL/89DSruTLkK3+um9lof0XCOqQ8KSD7s/SAaTeFQKRHnWWSSVQnf7rVGr9lE7ZSgylhIx1ojC1hPyTf9sz9+C+GBGeO5KUyEhI8KN/yeZb31VIR6K2yqbCVPxEH4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774514735; c=relaxed/simple; bh=G72kTcqpnl7WfTdyhI4K38HJ1Nbxt3EiBMFBCG0WH8w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=I0Ml7Ny0/Ri7FV0IED8QBhjCmAKdi4Tky9+PkM2vk1gKxOstsbsJaEAIU3PSpX2bTu1mwl1/QNQis07eKKJ0Z6LLsJe0CzGUpIGsAK6Xqx9XQ5v2pD43vGxUNMqDbM01KX/MqXFAF81nBytaGLKKc2m+lPXnP0P3gOs3fp/Wq5o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=IVR4ensW; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="IVR4ensW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1774514733; x=1806050733; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=G72kTcqpnl7WfTdyhI4K38HJ1Nbxt3EiBMFBCG0WH8w=; b=IVR4ensWhu8Rd4XyDNPXfSzw9m70dxRP6ZzHRqWwLAc/QRw2FBQIr52X dFmRoEPVLmB4LjgP5Zh/JxBDis7p/hmBpeYmykttBBAYcy1fuksJ2hbWf eWGjPXJ4eNqkiuZ7Qdc3ipCKXfw0zGKcYLSXVD1o8gt2ikifaDnnlORiE bU71UgD2Q/0ivjtDRavOs57zA91Dii9SFAVFBC5hcR9FBMc7ajOxABFXz WjCBUiNFSeflf8deCBYrS5je85YUnBIZhQ6pUsGFaIw+TkMr4Id3tLIbj jreXM1dlf69UNU+rGwA4MkS9ELnwX8MayWB+zVZIeZFZ/MY+em0k/iM/4 g==; X-CSE-ConnectionGUID: UzFzg+nJSnOwAdKc4KJYdg== X-CSE-MsgGUID: VfCz0DaOQwit0/x+qkCkCA== X-IronPort-AV: E=McAfee;i="6800,10657,11740"; a="86644613" X-IronPort-AV: E=Sophos;i="6.23,141,1770624000"; d="scan'208";a="86644613" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2026 01:45:20 -0700 X-CSE-ConnectionGUID: 92/XMJZGSG+WRIU2Vt9g9g== X-CSE-MsgGUID: KNKUeBl4TKa/bCaGjtFcBA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,141,1770624000"; d="scan'208";a="224967115" Received: from 984fee019967.jf.intel.com ([10.23.153.244]) by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2026 01:45:17 -0700 From: Chao Gao To: x86@kernel.org, linux-coco@lists.linux.dev, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, dan.j.williams@intel.com, dave.hansen@linux.intel.com, ira.weiny@intel.com, kai.huang@intel.com, kas@kernel.org, nik.borisov@suse.com, paulmck@kernel.org, pbonzini@redhat.com, reinette.chatre@intel.com, rick.p.edgecombe@intel.com, sagis@google.com, seanjc@google.com, tony.lindgren@linux.intel.com, vannapurve@google.com, vishal.l.verma@intel.com, yilun.xu@linux.intel.com, xiaoyao.li@intel.com, yan.y.zhao@intel.com, Chao Gao Subject: [PATCH v6 03/22] coco/tdx-host: Expose TDX module version Date: Thu, 26 Mar 2026 01:43:54 -0700 Message-ID: <20260326084448.29947-4-chao.gao@intel.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260326084448.29947-1-chao.gao@intel.com> References: <20260326084448.29947-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit For TDX module updates, userspace needs to select compatible update versions based on the current module version. This design delegates module selection complexity to userspace because TDX module update policies are complex and version series are platform-specific. For example, the 1.5.x series is for certain platform generations, while the 2.0.x series is intended for others. And TDX module 1.5.x may be updated to 1.5.y but not to 1.5.y+1. Expose the TDX module version to userspace via sysfs to aid module selection. Since the TDX faux device will drive module updates, expose the version as its attribute. One bonus of exposing TDX module version via sysfs is: TDX module version information remains available even after dmesg logs are cleared. == Background == The "faux device + device attribute" approach compares to other update mechanisms as follows: 1. AMD SEV leverages an existing PCI device for the PSP to expose metadata. TDX uses a faux device as it doesn't have PCI device in its architecture. 2. Microcode uses per-CPU virtual devices to report microcode revisions because CPUs can have different revisions. But, there is only a single TDX module, so exposing the TDX module version through a global TDX faux device is appropriate 3. ARM's CCA implementation isn't in-tree yet, but will likely follow a similar faux device approach, though it's unclear whether they need to expose firmware version information Signed-off-by: Chao Gao Reviewed-by: Binbin Wu Reviewed-by: Tony Lindgren Reviewed-by: Xu Yilun Reviewed-by: Kai Huang Reviewed-by: Kiryl Shutsemau (Meta) Link: https://lore.kernel.org/all/2025073035-bulginess-rematch-b92e@gregkh/ # [1] --- v4: - collect reviews - Explain other version exposure implementations and why tdx's approach differs from them v3: - Justify the sysfs ABI choice and expand background on other CoCo implementations. --- .../ABI/testing/sysfs-devices-faux-tdx-host | 6 ++++ drivers/virt/coco/tdx-host/tdx-host.c | 32 ++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 Documentation/ABI/testing/sysfs-devices-faux-tdx-host diff --git a/Documentation/ABI/testing/sysfs-devices-faux-tdx-host b/Documentation/ABI/testing/sysfs-devices-faux-tdx-host new file mode 100644 index 000000000000..2cf682b65acf --- /dev/null +++ b/Documentation/ABI/testing/sysfs-devices-faux-tdx-host @@ -0,0 +1,6 @@ +What: /sys/devices/faux/tdx_host/version +Contact: linux-coco@lists.linux.dev +Description: (RO) Report the version of the loaded TDX module. The TDX module + version is formatted as x.y.z, where "x" is the major version, + "y" is the minor version and "z" is the update version. Versions + are used for bug reporting, TDX module updates etc. diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c index c77885392b09..f9b1168d0900 100644 --- a/drivers/virt/coco/tdx-host/tdx-host.c +++ b/drivers/virt/coco/tdx-host/tdx-host.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include @@ -18,6 +19,35 @@ static const struct x86_cpu_id tdx_host_ids[] = { }; MODULE_DEVICE_TABLE(x86cpu, tdx_host_ids); +/* + * TDX module and P-SEAMLDR version convention: "major.minor.update" + * (e.g., "1.5.08") with zero-padded two-digit update field. + */ +#define TDX_VERSION_FMT "%u.%u.%02u" + +static ssize_t version_show(struct device *dev, struct device_attribute *attr, + char *buf) +{ + const struct tdx_sys_info *tdx_sysinfo = tdx_get_sysinfo(); + const struct tdx_sys_info_version *ver; + + if (!tdx_sysinfo) + return -ENXIO; + + ver = &tdx_sysinfo->version; + + return sysfs_emit(buf, TDX_VERSION_FMT"\n", ver->major_version, + ver->minor_version, + ver->update_version); +} +static DEVICE_ATTR_RO(version); + +static struct attribute *tdx_host_attrs[] = { + &dev_attr_version.attr, + NULL, +}; +ATTRIBUTE_GROUPS(tdx_host); + static struct faux_device *fdev; static int __init tdx_host_init(void) @@ -25,7 +55,7 @@ static int __init tdx_host_init(void) if (!x86_match_cpu(tdx_host_ids) || !tdx_get_sysinfo()) return -ENODEV; - fdev = faux_device_create(KBUILD_MODNAME, NULL, NULL); + fdev = faux_device_create_with_groups(KBUILD_MODNAME, NULL, NULL, tdx_host_groups); if (!fdev) return -ENODEV; -- 2.47.3