@@ -765,8 +765,15 @@ void __noreturn stop_this_cpu(void *dummy)
*
* Test the CPUID bit directly because the machine might've cleared
* X86_FEATURE_SME due to cmdline options.
+ *
+ * Similar to SME, if the TDX module is ever initialized, the
+ * cachelines associated with any TDX private KeyID must be
+ * flushed before transiting to the new kernel. The TDX module
+ * is initialized on demand, and it takes the mutex to read it's
+ * status. Just check whether TDX is enabled by BIOS instead to
+ * flush cache.
*/
- if (cpuid_eax(0x8000001f) & BIT(0))
+ if (cpuid_eax(0x8000001f) & BIT(0) || platform_tdx_enabled())
native_wbinvd();
for (;;) {
/*