Re: [PATCH v2 0/3] Expose TDX Module version

[Dave Hansen <dave.hansen@intel.com>]

On 1/5/26 09:04, Kiryl Shutsemau wrote:
>> What are other CPU vendors doing for this? SEV? CCA? S390? How are their
>> firmware versions exposed? What about other things in the Intel world
>> like CPU microcode or the billion other chunks of firmware? How about
>> hypervisors? Do they expose their versions to guests with an explicit
>> ABI? Are those exposed to userspace?
> My first thought was that it should be under /sys/hypervisor/, no?
> 
> So far hypervisor_kobj only used by Xen and S390.

As with everything else around TDX, it's not clear to me. The TDX module
is a new middle ground between the hypervisor and CPU. It's literally
there to arbitrate between the trusted CPU world and the untrusted
hypervisor world.

It's messy because there was (previously) no component there. It's new
space. We could (theoretically) a Linux guest running under Xen the
hypervisor using TDX. So we can't trivially just take over
/sys/hypervisor for TDX.

It's equally valid to sit here and claim that the TDX module is CPU
microcode. Sure, there's source code for it, but only Intel can bless
it, a version of it is loaded by the BIOS and can be updated by the OS.
It's not _super_ different conceptually than SGX XuCode.

The main thing that makes the TDX module _not_ CPU microcode is that
it's managed completely separately and there's almost no connection
between this:

	/sys/devices/system/cpu/cpu*/microcode/version

and the TDX module version.

Since there's a dearth of discussion of this topic in the changelog or
cover letter, my working assumption is that Chao did not consider any of
this before posting.