Intel Posts Latest 113 Patches For Linux KVM TDX Support

Written by Michael Larabel in Intel on 29 May 2023 at 08:38 AM EDT. Add A Comment
INTEL
One of the new features of Intel Xeon Scalable 4th Gen "Sapphire Rapids" server processors is support for Trust Domain Extensions (TDX) but for this generation is only being activated for CPUs going to select cloud providers. Intel TDX allows better isolating virtual machines from the VMM/hypervisor and other non-TD software on the platform. This limited roll-out of Intel TDX has worked out okay with the Linux support for this security feature still being in flux. Sent out today was the 14th spin of the 113 patches needed for getting KVM TDX support wired up within the Linux kernel.

Intel provided technical details around TDX going back to 2020. For years they've been working on the Linux kernel support for this VM security feature and in Linux 6.2 Intel landed the TDX guest driver that followed the initial Intel TDX support in Linux 5.19. But still missing has been the Intel TDX KVM integration.

Intel TDX graphic


The set of 113 patches for the v14 series provide basic feature enablement for KVM virtual machines with Intel TDX on capable hardware. The new patches re-base against the current upstream Linux 6.4 state, switch to using KVM GMEM, and a number of other internal changes around the TDX handling in the scope of the Kernel-based Virtual Machine.

We'll see now if the v14 patches are good enough for upstreaming or it will drag on longer before all the Intel TDX support is fully mainlined in the Linux kernel. In any event I'm suspecting Intel isn't going to make Intel TDX support widespread until the Granite Rapids generation next year, so there is still time for rolling out the software support upstream to complement the few cloud service providers using TDX via out-of-tree patches. Even if TDX support will be found more widespread with Emerald Rapids later this year, at least by then is also decent changes we'll see mainline support prior to that launch.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week