Important Changes To Intel TDX Coming With Linux 6.14

Written by Michael Larabel in Intel on 22 January 2025 at 06:14 AM EST. Add A Comment
INTEL
Important code restructuring to the Intel Trust Domain Extensions (TDX) code is landing for the Linux 6.14 kernel to make it more robust moving forward and preparing for future features around this confidential computing / trusted execution environment (TEE) functionality built into the newest Xeon processors.

Intel TDX is one of the nifty features of recent Xeon processors for providing hardware isolation for virtual machines from the host's VMM/hypervisor and other software on the host server. There has been a lot of Linux adaptations for enabling Intel TDX and supporting its features in the upstream kernel while for Linux 6.14 some important restructuring is taking place.

Intel TDX diagram


The x86/tdx pull request form Intel engineer Dave Hansen explains of the changes:
"The existing TDX code needs a _bit_ of metadata from the TDX module. But KVM is going to need a bunch more very shortly. Rework the interface with the TDX module to be more consistent and handle the new higher volume.

The TDX module has added a few new features. The first is a promise not to clobber RBP under any circumstances. Basically the kernel now will refuse to use any modules that don't have this promise. Second, enable the new "REDUCE_VE" feature. This ensures that the TDX module will not send some silly virtualization exceptions that the guest had no good way to handle anyway."

Being curious about the increased Intel TDX metadata usage moving forward especially by KVM, I was digging into the change being made to use auto-generated code for reading global metadata. That patch by Red Hat engineer and KVM expert Paolo Bonzini adds in more detail:
"The TDX module provides a set of "Global Metadata Fields". Currently the kernel only reads "TD Memory Region" (TDMR) related fields for module initialization. There are needs to read more global metadata fields including TDX module version, supported features and "Convertible Memory Regions" (CMRs) to fix a module initialization failure. Future changes to support KVM TDX and other features like TDX Connect will need to read more.

The current global metadata reading code has limitations (e.g., it only has a primitive helper to read metadata field with 16-bit element size, while TDX supports 8/16/32/64 bits metadata element sizes). It needs tweaks in order to read more metadata fields.

But even with the tweaks, when new code is added to read a new field, the reviewers will still need to review against the spec to make sure the new code doesn't screw up things like using the wrong metadata field ID (each metadata field is associated with a unique field ID, which is a TDX-defined u64 constant) etc.

TDX documents all global metadata fields in a 'global_metadata.json' file as part of TDX spec. JSON format is machine readable. Instead of tweaking the metadata reading code, use a script to generate the code so that:

1) Using the generated C is simple.
2) Adding a field is simple, e.g., the script just pulls the field ID out of the JSON for a given field thus no manual review is needed."

So more robust and reliable handling of the TDX metadata moving forward as the Linux kernel / KVM expands its features around this Intel TEE.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week