diff mbox series

[v7,15/20] x86/virt/tdx: Reserve TDX module global KeyID

Message ID fec007c0193e5f0509450de78052346da1045b23.1668988357.git.kai.huang@intel.com (mailing list archive)
State New, archived
Headers show
Series TDX host kernel support | expand

Commit Message

Huang, Kai Nov. 21, 2022, 12:26 a.m. UTC
TDX module initialization requires to use one TDX private KeyID as the
global KeyID to protect the TDX module metadata.  The global KeyID is
configured to the TDX module along with TDMRs.

Just reserve the first TDX private KeyID as the global KeyID.  Keep the
global KeyID as a static variable as KVM will need to use it too.

Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
---
 arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++
 1 file changed, 9 insertions(+)

Comments

Dave Hansen Nov. 23, 2022, 11:40 p.m. UTC | #1
On 11/20/22 16:26, Kai Huang wrote:
> @@ -1053,6 +1056,12 @@ static int init_tdx_module(void)
>  	if (ret)
>  		goto out_free_tdmrs;
>  
> +	/*
> +	 * Reserve the first TDX KeyID as global KeyID to protect
> +	 * TDX module metadata.
> +	 */
> +	tdx_global_keyid = tdx_keyid_start;

This doesn't "reserve" squat.

You could argue that it "picks", "chooses", or "designates" the
'tdx_global_keyid', but where is the "reservation"?
Huang, Kai Nov. 24, 2022, 10:39 p.m. UTC | #2
On Wed, 2022-11-23 at 15:40 -0800, Dave Hansen wrote:
> On 11/20/22 16:26, Kai Huang wrote:
> > @@ -1053,6 +1056,12 @@ static int init_tdx_module(void)
> >  	if (ret)
> >  		goto out_free_tdmrs;
> >  
> > +	/*
> > +	 * Reserve the first TDX KeyID as global KeyID to protect
> > +	 * TDX module metadata.
> > +	 */
> > +	tdx_global_keyid = tdx_keyid_start;
> 
> This doesn't "reserve" squat.
> 
> You could argue that it "picks", "chooses", or "designates" the
> 'tdx_global_keyid', but where is the "reservation"?

Right.  I'll change to use "choose".
diff mbox series

Patch

diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 1fbf33f2f210..e2cbeeb7f0dc 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -62,6 +62,9 @@  static int tdx_cmr_num;
 /* All TDX-usable memory regions */
 static LIST_HEAD(tdx_memlist);
 
+/* TDX module global KeyID.  Used in TDH.SYS.CONFIG ABI. */
+static u32 tdx_global_keyid;
+
 /*
  * Detect TDX private KeyIDs to see whether TDX has been enabled by the
  * BIOS.  Both initializing the TDX module and running TDX guest require
@@ -1053,6 +1056,12 @@  static int init_tdx_module(void)
 	if (ret)
 		goto out_free_tdmrs;
 
+	/*
+	 * Reserve the first TDX KeyID as global KeyID to protect
+	 * TDX module metadata.
+	 */
+	tdx_global_keyid = tdx_keyid_start;
+
 	/*
 	 * Return -EINVAL until all steps of TDX module initialization
 	 * process are done.