News: 0001507655

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Linux 6.13 Enhances Interactions Between Intel TDX Guests & VMMs

([Intel] 5 Hours Ago Intel Trust Domain Extensions)


There are some new improvements in Linux 6.13 for the [1]Intel TDX code for [2]Trust Domain Extensions in providing hardware-based security protections for virtual machines on recent Xeon processors.

The Intel TDX updates for Linux 6.13 refine interactions between TDX guests and the hypervisor / virtual machine monitor (VMM). There are two nice improvements with the Intel TDX code now expressed via new infrastructure for handling TDX metadata. Unfortunately the changes can't be exposed by default due to the behavior of some "pesky other OSes", which is presumably about Microsoft Windows, and thus needs to be communicated via metadata.

The [3]x86/tdx pull request explains:

"These essentially refine some interactions between TDX guests and VMMs.

The first leverages a new TDX module feature to runtime disable the ability for a VM to inject #VE exceptions. Before this feature, there was only a static on/off switch and the guest had to panic if it was configured in a bad state.

The second lets the guest opt in to be able to access the topology CPUID leaves. Before this, accesses to those leaves would #VE.

For both of these, it would have been nicest to just change the default behavior, but some pesky "other" OSes evidently need to retain the legacy behavior."

Look for these Intel TDX improvements in Linux 6.13.



[1] https://www.phoronix.com/search/Intel+TDX

[2] https://www.phoronix.com/search/Trust+Domain+Extensions

[3] https://lore.kernel.org/lkml/20241120013243.831531-1-dave.hansen@linux.intel.com/



phoronix

After any salary raise, you will have less money at the end of the
month than you did before.