| Message ID | 20250402001557.173586-1-binbin.wu@linux.intel.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | TDX attestation support | expand |
On Wed, 2025-04-02 at 08:15 +0800, Binbin Wu wrote: > Opens > ===== > Linux TDX guests don't use SetupEventNotifyInterrupt for TD attestation > currently. If no other TDX guests use it, the support for > SetupEventNotifyInterrupt could be dropped. But it would require an opt-in > if the support is added later. I think we shouldn't be afraid of opt-ins. We will need one sooner or later. Better to not add the second exit with no users. > > In this patch series, KVM does sanity checks for the TDVMCALLs so that > different userspace VMMs can save the code for sanity checks. But it could > be dropped if it's preferred to keep KVM code simpler and let the userspace > VMMs take the responsibility. I say we push it to userspace to keep KVM as small as possible.
On 4/2/2025 8:20 AM, Edgecombe, Rick P wrote: > On Wed, 2025-04-02 at 08:15 +0800, Binbin Wu wrote: >> Opens >> ===== >> Linux TDX guests don't use SetupEventNotifyInterrupt for TD attestation >> currently. If no other TDX guests use it, the support for >> SetupEventNotifyInterrupt could be dropped. But it would require an opt-in >> if the support is added later. > I think we shouldn't be afraid of opt-ins. We will need one sooner or later. > Better to not add the second exit with no users. > OK, will drop it in the next version.
Hi, TDX Guest-Host Communication Interface (GHCI) [0] spec defines two TDVMCALLs for TDX attestation mechanism. Paolo mentioned possibly wanting to include attestation in the initial TDX support. Please consider it with that as the tentative plan. If it is not included in the initial support, it would require an opt-in when the support is added. - TDG.VP.VMCALL<GetQuote> GetQuote is a doorbell-like interface used by TDX guests to request VMM to generate a TD-Quote signed by a service hosting TD-Quoting Enclave operating on the host. - TDG.VP.VMCALL<SetupEventNotifyInterrupt> SetupEventNotifyInterrupt can be used by TDX guests to specify an interrupt vector as an event-notify vector for GetQuote operation, which may take several seconds. If a TDX guest has setup the event-notify vector, the host VMM injects an interrupt with the specified vector to the TDX guest on completion of the operation. This patch series adds the support for TDX attestation on KVM side. KVM forwards the requests to userspace VMM after sanity checks. Instead of using a single KVM_EXIT_TDX, it's preferred that each TDVMCALL that KVM wants to forward needs a dedicated KVM_EXIT_<reason> and associated struct in the exit union [1]. The TDVMCALLs supported in [2] reuse the existing KVM exit reasons. For TDX attestation support, add two TDX specific KVM exit reasons based on the discussion in the PUCK meeting on 2025.02.19 [3]. After returning from userspace, KVM sets the return code specified by userspace before resuming the vCPU. Note that AMD has taken 40 for KVM_EXIT_SNP_REQ_CERTS in the patch [4] under review, to avoid conflict, use number 41 for KVM_EXIT_TDX_GET_QUOTE and number 42 for KVM_EXIT_TDX_SETUP_EVENT_NOTIFY. Opens ===== Linux TDX guests don't use SetupEventNotifyInterrupt for TD attestation currently. If no other TDX guests use it, the support for SetupEventNotifyInterrupt could be dropped. But it would require an opt-in if the support is added later. In this patch series, KVM does sanity checks for the TDVMCALLs so that different userspace VMMs can save the code for sanity checks. But it could be dropped if it's preferred to keep KVM code simpler and let the userspace VMMs take the responsibility. Base of this series =================== This series is based on kvm-coco-queue with the commit: - 'b7f073baa6ad' ("KVM: SVM: Enable Secure TSC for SNP guests") Notable changes since v19 [5] ============================= The KVM exit reason to userspace for the two TDVMCALLs was KVM_EXIT_TDX in v19 and Sean suggested to use a dedicated KVM_EXIT_<reason> for each TDVMCALL that exits to userspace [1]. The attestation support was dropped in the TDX userspace exit series [6]. Now, it's changed to use two new TDX specific KVM exit reasons KVM_EXIT_TDX_GET_QUOTE and KVM_EXIT_TDX_SETUP_EVENT_NOTIFY. Repos ===== The full KVM branch is here: https://github.com/intel/tdx/tree/tdx_kvm_dev-2025-04-01 A matching QEMU is here: https://github.com/intel-staging/qemu-tdx/tree/tdx-qemu-wip-2025-03-19 It requires TDX module 1.5.06.00.0744 [7], or later. A working edk2 commit is 95d8a1c ("UnitTestFrameworkPkg: Use TianoCore mirror of subhook submodule"). Testing ======= This patch series has been tested as part of the development branch for the TDX base series. The testing consisted of TDX kvm-unit-tests and booting a Linux TD, and TDX enhanced KVM selftests. It also passed the TDX related test cases defined in the LKVS test suite as described in: https://github.com/intel/lkvs/blob/main/KVM/docs/lkvs_on_avocado.md The functionality of GetQuote has been tested with the Quote Generation Service deployed on the host, thanks to Mikko Ylinen. Two KVM selftests patches below were used to test the flows of GetQuote and SetupEventNotifyInterrupt as well: https://github.com/intel/tdx/commit/9f059b6b40d957364aeeefbbf743d080feaed501 https://github.com/intel/tdx/commit/4dd797afe5bccb7a36475aae9df8f71eabb7676a [0] https://cdrdv2.intel.com/v1/dl/getContent/726792 [1] https://lore.kernel.org/kvm/Zg18ul8Q4PGQMWam@google.com [2] https://lore.kernel.org/kvm/20250222014225.897298-1-binbin.wu@linux.intel.com [3] https://drive.google.com/file/d/1fk957DWsyqWk-K-FqhBxdUtgrQYcZrqH/view?usp=drive_link&resourcekey=0-JFJuzmaZIux6_D6lhcxT7Q [4] https://lore.kernel.org/kvm/20250219151505.3538323-2-michael.roth@amd.com [5] https://lore.kernel.org/kvm/b9fbb0844fc6505f8fb1e9a783615b299a5a5bb3.1708933498.git.isaku.yamahata@intel.com/ [6] https://lore.kernel.org/kvm/20250222014225.897298-1-binbin.wu@linux.intel.com [7] https://github.com/intel/tdx-module/releases/tag/TDX_1.5.06 Binbin Wu (2): KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> KVM: TDX: Handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> Documentation/virt/kvm/api.rst | 39 +++++++++++++++++++++ arch/x86/include/asm/shared/tdx.h | 1 + arch/x86/kvm/vmx/tdx.c | 56 +++++++++++++++++++++++++++++++ include/uapi/linux/kvm.h | 13 +++++++ 4 files changed, 109 insertions(+)