From: <dan.j.williams@intel.com>
To: Jonathan Cameron <jonathan.cameron@huawei.com>,
Dan Williams <dan.j.williams@intel.com>
Cc: <linux-coco@lists.linux.dev>, <linux-pci@vger.kernel.org>,
<xin@zytor.com>, <chao.gao@intel.com>,
Xu Yilun <yilun.xu@linux.intel.com>
Subject: Re: [RFC PATCH 01/27] coco/tdx-host: Introduce a "tdx_host" device
Date: Mon, 3 Nov 2025 15:01:48 -0800 [thread overview]
Message-ID: <6909345c25061_74f59100c6@dwillia2-mobl4.notmuch> (raw)
In-Reply-To: <20251030101618.00005011@huawei.com>
Jonathan Cameron wrote:
> On Fri, 19 Sep 2025 07:22:10 -0700
> Dan Williams <dan.j.williams@intel.com> wrote:
>
> > From: Chao Gao <chao.gao@intel.com>
> >
> > TDX depends on a platform firmware module that is invoked via instructions
> > similar to vmenter (i.e. enter into a new privileged "root-mode" context to
> > manage private memory and private device mechanisms). It is a software
> > construct that depends on the CPU vmxon state to enable invocation of
> > TDX-module ABIs. Unlike other Trusted Execution Environment (TEE) platform
> > implementations that employ a firmware module running on a PCI device with
> > an MMIO mailbox for communication, TDX has no hardware device to point to
> > as the TEE Secure Manager (TSM).
> >
> > Create a virtual device not only to align with other implementations but
> > also to make it easier to
> >
> > - expose metadata (e.g., TDX module version, seamldr version etc) to
> > the userspace as device attributes
> >
> > - implement firmware uploader APIs which are tied to a device. This is
> > needed to support TDX module runtime updates
> >
> > - enable TDX Connect which will share a common infrastructure with other
> > platform implementations. In the TDX Connect context, every
> > architecture has a TSM, represented by a PCIe or virtual device. The
> > new "tdx_host" device will serve the TSM role.
> >
> > A faux device is used as for TDX because the TDX module is singular within
> > the system and lacks associated platform resources. Using a faux device
> > eliminates the need to create a stub bus.
> >
> > The call to tdx_enable() makes the new module independent of kvm_intel.ko.
> > For example, TDX Connect may be used to established to PCIe link encryption
> > even if a TVM is never launched. For now, just create the common loading
> > infrastructure.
> >
> > Co-developed-by: Xu Yilun <yilun.xu@linux.intel.com>
> > Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
> > Signed-off-by: Chao Gao <chao.gao@intel.com>
> > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
>
> I'm only taking a look to see a second example of how the core
> code is used as I care mostly about the ARM one. Anyhow, a
> few passing comments inline.
Thanks for taking a look at a cross-arch RFC.
>
> > diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c
> > new file mode 100644
> > index 000000000000..49c205913ef6
> > --- /dev/null
> > +++ b/drivers/virt/coco/tdx-host/tdx-host.c
> > @@ -0,0 +1,52 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * TDX host user interface driver
> > + *
> > + * Copyright (C) 2025 Intel Corporation
> > + */
> > +
> > +#include <linux/kernel.h>
>
> There is general rework ongoing to stop including kernel.h except
> where strictly necessary. Please check exactly what you need and
> see if one or more more specific headers is appropriate.
Sure, easy enough to clean up.
> > +#include <linux/module.h>
> > +#include <linux/mod_devicetable.h>
> > +#include <linux/sysfs.h>
>
> Bring headers in with the patch that first uses them. I'm not immediately
> spotting anything from this one in this patch. Doing that just makes
> it easier to see if there are excess headers included at the end of
> building up the driver across a series.
>
> > +#include <linux/device/faux.h>
> > +#include <asm/cpu_device_id.h>
> > +#include <asm/tdx.h>
> > +#include <asm/tdx_global_metadata.h>
> > +
> > +static const struct x86_cpu_id tdx_host_ids[] = {
> > + X86_MATCH_FEATURE(X86_FEATURE_TDX_HOST_PLATFORM, NULL),
> > + {}
> > +};
> > +MODULE_DEVICE_TABLE(x86cpu, tdx_host_ids);
> > +
> > +static struct faux_device *fdev;
> > +
> > +static int __init tdx_host_init(void)
> > +{
> > + int r;
> > +
> > + if (!x86_match_cpu(tdx_host_ids))
> > + return -ENODEV;
> > +
> > + /* Enable the usage of SEAMCALLs */
>
> What's the logic behind doing that here rather than in probe
> for the faux device? Perhaps add something to this comment.
For this specific case of tdx_enable() it will be obviated by the fact
that the new direction is to always enable TDX early [1].
[1]: http://lore.kernel.org/20251010220403.987927-1-seanjc@google.com
Otherwise there are cases where we might create the device without a
driver. E.g. sysfs ABI only for updates, vs also enabling PCI/TSM
services via a driver attached to this device.
next prev parent reply other threads:[~2025-11-03 23:01 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-19 14:22 [RFC PATCH 00/27] PCI/TSM: TDX Connect: SPDM Session and IDE Establishment Dan Williams
2025-09-19 14:22 ` [RFC PATCH 01/27] coco/tdx-host: Introduce a "tdx_host" device Dan Williams
2025-10-30 10:16 ` Jonathan Cameron
2025-11-03 23:01 ` dan.j.williams [this message]
2025-09-19 14:22 ` [RFC PATCH 02/27] x86/virt/tdx: Move bit definitions of TDX_FEATURES0 to public header Dan Williams
2025-09-19 14:22 ` [RFC PATCH 03/27] coco/tdx-host: Support Link TSM for TDX host Dan Williams
2025-10-30 10:31 ` Jonathan Cameron
2025-11-03 23:04 ` dan.j.williams
2025-09-19 14:22 ` [RFC PATCH 04/27] x86/virt/tdx: Move tdx_errno.h from KVM to public place Dan Williams
2025-09-22 11:47 ` Huang, Kai
2025-09-19 14:22 ` [RFC PATCH 05/27] x86/virt/tdx: Add tdx_page_array helpers for new TDX Module objects Dan Williams
2025-10-30 10:49 ` Jonathan Cameron
2025-11-03 23:17 ` dan.j.williams
2025-09-19 14:22 ` [RFC PATCH 06/27] x86/virt/tdx: Add SEAMCALL wrappers for TDH.EXT.MEM.ADD and TDH.EXT.INIT Dan Williams
2025-09-19 14:22 ` [RFC PATCH 07/27] TODO: x86/virt/tdx: Read TDX global metadata for TDX Module Extensions Dan Williams
2025-09-19 14:22 ` [RFC PATCH 08/27] x86/virt/tdx: Add tdx_enable_ext() to enable of " Dan Williams
2025-10-30 10:55 ` Jonathan Cameron
2025-11-05 9:14 ` Xu Yilun
2025-09-19 14:22 ` [RFC PATCH 09/27] ACPICA: Add KEYP table definitions Dan Williams
2025-10-06 14:41 ` Samuel Ortiz
2025-10-10 7:35 ` Xu Yilun
2025-09-19 14:22 ` [RFC PATCH 10/27] acpi: Add KEYP support to fw_table parsing Dan Williams
2025-09-19 14:22 ` [RFC PATCH 11/27] acpi: Add KEYP Key Configuration Unit parsing Dan Williams
2025-10-30 11:02 ` Jonathan Cameron
2025-11-05 10:18 ` Xu Yilun
2025-09-19 14:22 ` [RFC PATCH 12/27] iommu/vt-d: Cache max domain ID to avoid redundant calculation Dan Williams
2025-09-19 14:22 ` [RFC PATCH 13/27] iommu/vt-d: Reserve the MSB domain ID bit for the TDX module Dan Williams
2025-09-19 14:22 ` [RFC PATCH 14/27] TODO: x86/virt/tdx: Read TDX Connect global metadata for TDX Connect Dan Williams
2025-09-19 14:22 ` [RFC PATCH 15/27] x86/virt/tdx: Extend tdx_page_array to support IOMMU_MT Dan Williams
2025-10-30 11:07 ` Jonathan Cameron
2025-09-19 14:22 ` [RFC PATCH 16/27] x86/virt/tdx: Add SEAMCALL wrappers for trusted IOMMU setup and clear Dan Williams
2025-09-19 14:22 ` [RFC PATCH 17/27] iommu/vt-d: Export a helper to do function for each dmar_drhd_unit Dan Williams
2025-09-19 14:22 ` [RFC PATCH 18/27] coco/tdx-host: Setup all trusted IOMMUs on TDX Connect init Dan Williams
2025-10-30 11:09 ` Jonathan Cameron
2025-09-19 14:22 ` [RFC PATCH 19/27] coco/tdx-host: Add a helper to exchange SPDM messages through DOE Dan Williams
2025-10-30 11:15 ` Jonathan Cameron
2025-09-19 14:22 ` [RFC PATCH 20/27] coco/tdx-host: Add connect()/disconnect() handlers prototype Dan Williams
2025-10-30 11:20 ` Jonathan Cameron
2025-11-03 23:34 ` dan.j.williams
2025-11-06 5:18 ` Xu Yilun
2025-11-10 11:45 ` Jonathan Cameron
2025-11-11 0:51 ` dan.j.williams
2025-11-13 2:51 ` Xu Yilun
2025-11-14 20:19 ` dan.j.williams
2025-11-17 4:56 ` Xu Yilun
2025-09-19 14:22 ` [RFC PATCH 21/27] x86/virt/tdx: Add SEAMCALL wrappers for SPDM management Dan Williams
2025-10-30 11:24 ` Jonathan Cameron
2025-11-03 23:38 ` dan.j.williams
2025-09-19 14:22 ` [RFC PATCH 22/27] coco/tdx-host: Implement SPDM session setup Dan Williams
2025-10-30 11:36 ` Jonathan Cameron
2025-11-06 7:35 ` Xu Yilun
2025-09-19 14:22 ` [RFC PATCH 23/27] PCI: iov: Export pci_iov_virtfn_bus() Dan Williams
2025-09-19 14:22 ` [RFC PATCH 24/27] PCI/IDE: Add helpers for RID/Addr Association Registers setup Dan Williams
2025-09-19 14:22 ` [RFC PATCH 25/27] PCI/IDE: Export pci_ide_domain() Dan Williams
2025-09-19 14:22 ` [RFC PATCH 26/27] x86/virt/tdx: Add SEAMCALL wrappers for IDE stream management Dan Williams
2025-10-30 11:37 ` Jonathan Cameron
2025-09-19 14:22 ` [RFC PATCH 27/27] coco/tdx-host: Implement IDE stream setup/teardown Dan Williams
2025-10-30 11:43 ` Jonathan Cameron
2025-11-04 0:13 ` dan.j.williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6909345c25061_74f59100c6@dwillia2-mobl4.notmuch \
--to=dan.j.williams@intel.com \
--cc=chao.gao@intel.com \
--cc=jonathan.cameron@huawei.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=xin@zytor.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).