From: Sean Christopherson <seanjc@google.com>
To: Xu Yilun <yilun.xu@linux.intel.com>
Cc: dan.j.williams@intel.com, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, Kiryl Shutsemau <kas@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev,
kvm@vger.kernel.org, Chao Gao <chao.gao@intel.com>
Subject: Re: [PATCH v2 2/7] KVM: x86: Extract VMXON and EFER.SVME enablement to kernel
Date: Tue, 30 Dec 2025 14:59:50 -0800 [thread overview]
Message-ID: <aVRZZkAgmdLfudJc@google.com> (raw)
In-Reply-To: <aUvJWmZP5wLpvhnw@yilunxu-OptiPlex-7050>
On Wed, Dec 24, 2025, Xu Yilun wrote:
> On Wed, Dec 10, 2025 at 06:20:17AM -0800, Sean Christopherson wrote:
> > On Wed, Dec 10, 2025, dan.j.williams@intel.com wrote:
> > > Sean Christopherson wrote:
> > > > On Sat, Dec 06, 2025, dan.j.williams@intel.com wrote:
> > > > I don't think we need anything at this time. INTEL_TDX_HOST depends on KVM_INTEL,
> > > > and so without a user that needs VMXON without KVM_INTEL, I think we're good as-is.
> > > >
> > > > config INTEL_TDX_HOST
> > > > bool "Intel Trust Domain Extensions (TDX) host support"
> > > > depends on CPU_SUP_INTEL
> > > > depends on X86_64
> > > > depends on KVM_INTEL
> > >
> > > ...but INTEL_TDX_HOST, it turns out, does not have any functional
> > > dependencies on KVM_INTEL. At least, not since I last checked. Yes, it
> > > would be silly and result in dead code today to do a build with:
> > >
> > > CONFIG_INTEL_TDX_HOST=y
> > > CONFIG_KVM_INTEL=n
> > >
> > > However, when the TDX Connect support arrives you could have:
> > >
> > > CONFIG_INTEL_TDX_HOST=y
> > > CONFIG_KVM_INTEL=n
> > > CONFIG_TDX_HOST_SERVICES=y
> > >
> > > Where "TDX Host Services" is a driver for PCIe Link Encryption and TDX
> > > Module update. Whether such configuration freedom has any practical
> > > value is a separate question.
> > >
> > > I am ok if the answer is, "wait until someone shows up who really wants
> > > PCIe Link Encryption without KVM".
> >
> > Ya, that's my answer. At the very least, wait until TDX_HOST_SERVICES comes
> > along.
>
> I've tested the PCIe Link Encryption without KVM, with the kernel
> config:
>
> CONFIG_INTEL_TDX_HOST=y
> CONFIG_KVM_INTEL=n
> CONFIG_TDX_HOST_SERVICES=y
>
> and
>
> --- /dev/null
> +++ b/drivers/virt/coco/tdx-host/Kconfig
> @@ -0,0 +1,10 @@
> +config TDX_HOST_SERVICES
> + tristate "TDX Host Services Driver"
> + depends on INTEL_TDX_HOST
> + default m
>
> Finally I enabled the combination successfully with a patch below, do we
> need the change when TDX_HOST_SERVICES comes?
Ya, we'll need something along those lines. What exactly we want the Kconfig
soup to look like is TBD though, e.g. it may or may not make sense to have a
common config that says "I want virtualization!"?
next prev parent reply other threads:[~2025-12-30 22:59 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-06 1:10 [PATCH v2 0/7] KVM: x86/tdx: Have TDX handle VMXON during bringup Sean Christopherson
2025-12-06 1:10 ` [PATCH v2 1/7] KVM: x86: Move kvm_rebooting to x86 Sean Christopherson
2025-12-09 7:46 ` Chao Gao
2026-01-05 17:48 ` Dave Hansen
2025-12-06 1:10 ` [PATCH v2 2/7] KVM: x86: Extract VMXON and EFER.SVME enablement to kernel Sean Christopherson
2025-12-07 7:22 ` dan.j.williams
2025-12-09 20:01 ` Sean Christopherson
2025-12-10 7:41 ` dan.j.williams
2025-12-10 14:20 ` Sean Christopherson
2025-12-24 11:07 ` Xu Yilun
2025-12-30 22:59 ` Sean Christopherson [this message]
2025-12-09 5:48 ` Chao Gao
2025-12-17 6:57 ` Xu Yilun
2025-12-17 19:01 ` Sean Christopherson
2025-12-19 2:14 ` Xu Yilun
2025-12-19 15:40 ` Sean Christopherson
2025-12-19 17:30 ` Dave Hansen
2025-12-19 21:12 ` Huang, Kai
2026-01-27 2:46 ` Binbin Wu
2025-12-19 17:45 ` Dave Hansen
2025-12-19 18:35 ` Sean Christopherson
2025-12-19 18:48 ` Dave Hansen
2025-12-06 1:10 ` [PATCH v2 3/7] KVM: x86/tdx: Do VMXON and TDX-Module initialization during subsys init Sean Christopherson
2025-12-07 7:25 ` dan.j.williams
2025-12-08 23:17 ` Sean Christopherson
2025-12-09 1:34 ` dan.j.williams
2025-12-09 7:06 ` Chao Gao
2025-12-12 18:56 ` Sean Christopherson
2025-12-06 1:10 ` [PATCH v2 4/7] x86/virt/tdx: Tag a pile of functions as __init, and globals as __ro_after_init Sean Christopherson
2025-12-09 4:17 ` dan.j.williams
2025-12-09 7:26 ` Chao Gao
2025-12-06 1:10 ` [PATCH v2 5/7] x86/virt/tdx: KVM: Consolidate TDX CPU hotplug handling Sean Christopherson
2025-12-09 4:19 ` dan.j.williams
2025-12-06 1:10 ` [PATCH v2 6/7] x86/virt/tdx: Use ida_is_empty() to detect if any TDs may be running Sean Christopherson
2025-12-09 4:19 ` dan.j.williams
2025-12-09 7:33 ` Chao Gao
2025-12-06 1:10 ` [PATCH v2 7/7] KVM: Bury kvm_{en,dis}able_virtualization() in kvm_main.c once more Sean Christopherson
2025-12-09 4:20 ` dan.j.williams
2025-12-09 7:37 ` Chao Gao
2025-12-08 2:49 ` [PATCH v2 0/7] KVM: x86/tdx: Have TDX handle VMXON during bringup Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aVRZZkAgmdLfudJc@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox