From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D03B3344DA4 for ; Mon, 27 Apr 2026 15:30:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.20 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777303803; cv=none; b=axC8QPn3fftfgSKekLKW34OrHX+wjRvA/G1D3xgMdwfiwP3IyelthJS1+MCcKg54JoOgNKzSqUDhgk7+JWkzrP2nM02wWJ/o2w4YnaYr5FUBL79SlFy0FkvMlSPHMjfKDQ6GkBosryQ+pC/eLZR9IyG91AemVmwSZcGIq/iQxeY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777303803; c=relaxed/simple; bh=Gwa1uyokNnXKuFhBVIEC2hgq4rbiGARvt36W+dszJRw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=V8BZpxxScwMMRB+mQOqpFI3OCF0LEe72kkv2u11vUOC/QoFGn5NjBfDqAxePpXcokFSSiog0psr5p9wyONK+ksFH3C976c6/FlxcsqhrCHaJc8T3wGE7xiREp0XiLXk7k5jnrJVDLzTr4YO64yaKgqZx31Phr0+d1x+jMuvWoQQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=YkrorEQf; arc=none smtp.client-ip=198.175.65.20 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="YkrorEQf" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1777303801; x=1808839801; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Gwa1uyokNnXKuFhBVIEC2hgq4rbiGARvt36W+dszJRw=; b=YkrorEQfxAD5fsOwH4UIMjomqw8VMnUIhGjk2o87nNuFu+8glBNVT7eB hvP40PV9Fw8n8MleOdWJ8M97IsS3nLZRTRgyrMEDUf4AYGCQw/CO8I3NI oli6lOlG1JrVegIycDrmM7ULIAxe9CV2AXATvVieqwbVPt24veRtdqbmK MAc3Ll6QeLgVucPw4Vow40eGjzs87Ke6sEhQ6K7Ueoi4zZXBDs418oPyW HGYyoPe/WMi4ge6I/NiI2cVR35t3H2fj3KXUyrg8K1DJEW75kW/hQpV3I 3J3eqIDQ4LxeIH3k7FBoaH4kikg9m5KRrNbVSoLyy66oV/xRJONPAIRgh A==; X-CSE-ConnectionGUID: B91AzsqeT3mdx8deiZgh3g== X-CSE-MsgGUID: dvcfUcPYSsKhHJaEkYnC5w== X-IronPort-AV: E=McAfee;i="6800,10657,11769"; a="77900688" X-IronPort-AV: E=Sophos;i="6.23,202,1770624000"; d="scan'208";a="77900688" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa112.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2026 08:29:58 -0700 X-CSE-ConnectionGUID: DEGylgPtRbGMI5SZoB5Yaw== X-CSE-MsgGUID: SMGQ9gHNTm+QUC66+DErrQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,202,1770624000"; d="scan'208";a="232673231" Received: from 984fee019967.jf.intel.com ([10.23.153.244]) by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2026 08:29:58 -0700 From: Chao Gao To: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, x86@kernel.org Cc: binbin.wu@linux.intel.com, dave.hansen@linux.intel.com, djbw@kernel.org, ira.weiny@intel.com, kai.huang@intel.com, kas@kernel.org, nik.borisov@suse.com, paulmck@kernel.org, pbonzini@redhat.com, reinette.chatre@intel.com, rick.p.edgecombe@intel.com, sagis@google.com, seanjc@google.com, tony.lindgren@linux.intel.com, vannapurve@google.com, vishal.l.verma@intel.com, yilun.xu@linux.intel.com, xiaoyao.li@intel.com, yan.y.zhao@intel.com, Chao Gao , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" Subject: [PATCH v8 06/21] coco/tdx-host: Expose P-SEAMLDR information via sysfs Date: Mon, 27 Apr 2026 08:28:00 -0700 Message-ID: <20260427152854.101171-7-chao.gao@intel.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260427152854.101171-1-chao.gao@intel.com> References: <20260427152854.101171-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TDX module updates require userspace to select the appropriate module to load. Expose necessary information to facilitate this decision. Two values are needed: - P-SEAMLDR version: for compatibility checks between TDX module and P-SEAMLDR - num_remaining_updates: indicates how many updates can be performed Expose them as tdx-host device attributes. Make seamldr attributes visible only when the update feature is supported, as that's their sole purpose. Note that the underlying P-SEAMLDR attributes are available regardless of update support; this only restricts their visibility in Linux. Signed-off-by: Chao Gao Reviewed-by: Kiryl Shutsemau (Meta) --- v8: - explain when the two attributes are available and how they relate to TDX module update support [Rick] - drop erratum stuff [Rick, Dave] - drop the separate directory for p-seamldr attributes [Dave] - s/SEAM loader/P-SEAMLDR - don't use DEFINE_SIMPLE_SYSFS_GROUP_VISIBLE() as it doesn't work on an unnamed group. --- .../ABI/testing/sysfs-devices-faux-tdx-host | 22 +++++++ arch/x86/include/asm/tdx.h | 6 ++ drivers/virt/coco/tdx-host/tdx-host.c | 65 ++++++++++++++++++- 3 files changed, 92 insertions(+), 1 deletion(-) diff --git a/Documentation/ABI/testing/sysfs-devices-faux-tdx-host b/Documentation/ABI/testing/sysfs-devices-faux-tdx-host index 2cf682b65acf..65897fe6abc0 100644 --- a/Documentation/ABI/testing/sysfs-devices-faux-tdx-host +++ b/Documentation/ABI/testing/sysfs-devices-faux-tdx-host @@ -4,3 +4,25 @@ Description: (RO) Report the version of the loaded TDX module. The TDX module version is formatted as x.y.z, where "x" is the major version, "y" is the minor version and "z" is the update version. Versions are used for bug reporting, TDX module updates etc. + +What: /sys/devices/faux/tdx_host/seamldr_version +Contact: linux-coco@lists.linux.dev +Description: (RO) Report the version of the loaded P-SEAMLDR. The P-SEAMLDR + version is formatted as x.y.z, where "x" is the major version, + "y" is the minor version and "z" is the update version. Versions + are used for bug reporting and compatibility checks. + +What: /sys/devices/faux/tdx_host/num_remaining_updates +Contact: linux-coco@lists.linux.dev +Description: (RO) Report the number of remaining updates. TDX maintains a + log about each TDX module that has been loaded. This log has + a finite size, which limits the number of TDX module updates + that can be performed. + + After each successful update, the number reduces by one. Once it + reaches zero, further updates will fail until next reboot. The + number is always zero if the P-SEAMLDR doesn't support updates. + + See IntelĀ® Trust Domain Extensions - SEAM Loader (SEAMLDR) + Interface Specification, Chapter "SEAMLDR_INFO" and Chapter + "SEAMLDR.INSTALL" for more information. diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 2afa8dde72e0..1c5981453ff8 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -107,6 +107,12 @@ void tdx_init(void); const char *tdx_dump_mce_info(struct mce *m); const struct tdx_sys_info *tdx_get_sysinfo(void); +static inline bool tdx_supports_runtime_update(const struct tdx_sys_info *sysinfo) +{ + /* To be enabled when kernel is ready. */ + return false; +} + int tdx_guest_keyid_alloc(void); u32 tdx_get_nr_guest_keyids(void); void tdx_guest_keyid_free(unsigned int keyid); diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c index ef117a836b3a..079913dcc888 100644 --- a/drivers/virt/coco/tdx-host/tdx-host.c +++ b/drivers/virt/coco/tdx-host/tdx-host.c @@ -11,6 +11,7 @@ #include #include +#include #include static const struct x86_cpu_id tdx_host_ids[] = { @@ -40,7 +41,69 @@ static struct attribute *tdx_host_attrs[] = { &dev_attr_version.attr, NULL, }; -ATTRIBUTE_GROUPS(tdx_host); + +static const struct attribute_group tdx_host_group = { + .attrs = tdx_host_attrs, +}; + +static ssize_t seamldr_version_show(struct device *dev, struct device_attribute *attr, + char *buf) +{ + struct seamldr_info info; + int ret; + + ret = seamldr_get_info(&info); + if (ret) + return ret; + + return sysfs_emit(buf, TDX_VERSION_FMT "\n", info.major_version, + info.minor_version, + info.update_version); +} + +static ssize_t num_remaining_updates_show(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + struct seamldr_info info; + int ret; + + ret = seamldr_get_info(&info); + if (ret) + return ret; + + return sysfs_emit(buf, "%u\n", info.num_remaining_updates); +} + +static DEVICE_ATTR_ADMIN_RO(seamldr_version); +static DEVICE_ATTR_ADMIN_RO(num_remaining_updates); + +static struct attribute *seamldr_attrs[] = { + &dev_attr_seamldr_version.attr, + &dev_attr_num_remaining_updates.attr, + NULL, +}; + +static umode_t seamldr_group_visible(struct kobject *kobj, struct attribute *attr, int idx) +{ + const struct tdx_sys_info *sysinfo = tdx_get_sysinfo(); + + if (!sysinfo) + return 0; + + return tdx_supports_runtime_update(sysinfo) ? attr->mode : 0; +} + +static const struct attribute_group seamldr_group = { + .attrs = seamldr_attrs, + .is_visible = seamldr_group_visible, +}; + +static const struct attribute_group *tdx_host_groups[] = { + &tdx_host_group, + &seamldr_group, + NULL, +}; static struct faux_device *fdev; -- 2.47.1