Skip to content

Add TDX support #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jakecorrenti wants to merge 27 commits into from
Closed

Add TDX support #313

jakecorrenti wants to merge 27 commits into from

Conversation

@jakecorrenti
Copy link
Member

@jakecorrenti jakecorrenti commented Apr 9, 2025

No description provided.

@jakecorrenti jakecorrenti mentioned this pull request Apr 9, 2025
Closed
9 tasks
@jakecorrenti
Copy link
Member Author

jakecorrenti commented Apr 10, 2025
edited
Loading

this PR will depend on the following merging first:

@jakecorrenti jakecorrenti force-pushed the tdx branch 11 times, most recently from 7e2dd61 to 6455934 Compare April 14, 2025 13:20
@jakecorrenti
update dependencies
dbd5814 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
update pre-existing CC feature checks
a2d1315 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
for tdx, link with libkrunfw-tdx flavor
46d28d1 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
Use kvm_userspace_memory_region2 and friends
038c6ce 
In `memory_init` we need to use `kvm_userspace_memory_region2`,
`kvm_create_guest_memfd`, and `kvm_memory_attributes` for the TDX
architecture, otherwise it will fail.

Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
Disable register setup for TDX
3efb44d 
Registers are confidential for TDX, so configuring them through the KVM
API is not allowed.

Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
Implement Vm::new() for TDX
c7e9075 
Adds a new `inteltdx` module and implements a feature-flagged `new`
method for `VM to create a VM with the TDX architecure.

Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
adjust params header
0663441 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
change reset vector for TDX
d01a0cd 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
Implement tdx_secure_virt_prepare
ca42642 
Implements the `tdx_secure_virt_prepare` method which
in turn calls the `KVM_TDX_INIT_VM` TDX ioctl which does VM specific
initialization.

Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
Change measured regions for TDX
aae9606 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
update CPUID for vcpu on TDX
741a4a1 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
init tdx vcpu
26b9b08 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
init memory regions for tdx
4777e8e 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
finalize vm for tdx
7269db2 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
introduce support for TDX vCPU exit reason
4908ac3 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
implement TDG_VP_VMCALL_REPORT_FATAL_ERROR handler
a4ea999 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
add TDG_VP_VMCALL_SETUP_EVENT_NOTIFY_INTERRUPT handler
fa92f8f 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
keep track of guest memfd regions in vmm
6a50fe1 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
add Vmm::vm_fd()
47fb082 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
add convert_memory()
0f2ccc9 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
setup thread that when sent a GPA, length, and to_private, will conve…
0a4a1c5 
…rt the memory page accordingly

Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
add TDG_VP_VMCALL_MAP_GPA handler
2271b42 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti
implement VcpuExit::MemoryFault
29d012a 
Signed-off-by: Jake Correnti <[email protected]>
@jakecorrenti jakecorrenti mentioned this pull request Apr 16, 2025
Closed
@slp
Copy link
Collaborator

slp commented Jul 25, 2025

Superseded by #355

@slp slp closed this Jul 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MatiasVara MatiasVara Awaiting requested review from MatiasVara MatiasVara will be requested when the pull request is marked ready for review MatiasVara is a code owner

@mtjhrc mtjhrc Awaiting requested review from mtjhrc mtjhrc will be requested when the pull request is marked ready for review mtjhrc is a code owner

@slp slp Awaiting requested review from slp slp will be requested when the pull request is marked ready for review slp is a code owner

@tylerfanelli tylerfanelli Awaiting requested review from tylerfanelli tylerfanelli will be requested when the pull request is marked ready for review tylerfanelli is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jakecorrenti @slp