Linux 6.13 Enhances Interactions Between Intel TDX Guests & VMMs

Written by Michael Larabel in Intel on 22 November 2024 at 12:47 PM EST. Add A Comment
INTEL
There are some new improvements in Linux 6.13 for the Intel TDX code for Trust Domain Extensions in providing hardware-based security protections for virtual machines on recent Xeon processors.

The Intel TDX updates for Linux 6.13 refine interactions between TDX guests and the hypervisor / virtual machine monitor (VMM). There are two nice improvements with the Intel TDX code now expressed via new infrastructure for handling TDX metadata. Unfortunately the changes can't be exposed by default due to the behavior of some "pesky other OSes", which is presumably about Microsoft Windows, and thus needs to be communicated via metadata.

Intel TDX diagram


The x86/tdx pull request explains:
"These essentially refine some interactions between TDX guests and VMMs.

The first leverages a new TDX module feature to runtime disable the ability for a VM to inject #VE exceptions. Before this feature, there was only a static on/off switch and the guest had to panic if it was configured in a bad state.

The second lets the guest opt in to be able to access the topology CPUID leaves. Before this, accesses to those leaves would #VE.

For both of these, it would have been nicest to just change the default behavior, but some pesky "other" OSes evidently need to retain the legacy behavior."

Look for these Intel TDX improvements in Linux 6.13.
Add A Comment
Related News
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
Intel Compute Runtime 24.45.31740.9 Released Ahead Of The Arc B580 "Battlemage" Launch
Intel ANV Driver Improves Vulkan Image Compression Going Back To Tigerlake
Intel CEO Pat Gelsinger Retires
Turbostat Utility Lands New Features With Linux 6.13
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features