While Intel [1]Trust Domain Extensions (TDX) has been around since Sapphire Rapids with select SKUs and with widespread availability since Emerald Rapids in late 2023, only now with the Linux 6.16 kernel debuting in H2'2025 is there going to be mainline kernel support for TDX on the host-side with the Kernel-based Virtual Machine (KVM).

The road to getting all of the Intel TDX bits upstreamed to the mainline Linux kernel and other open-source software has been an excruciatingly long journey. But finally for Linux 6.16 there is the Intel TDX host support now in place.

[2]Merged as part of the initial batch of KVM changes is the TDX host-side support:

"Initial support for TDX in KVM.

This finally makes it possible to use the TDX module to run confidential guests on Intel processors. This is quite a large series, including support for private page tables (managed by the TDX module and mirrored in KVM for efficiency), forwarding some TDVMCALLs to userspace, and handling several special VM exits from the TDX module.

This has been in the works for literally years and it's not really possible to describe everything here, so I'll defer to the various merge commits up to and including commit 7bcf7246c42a ('Merge branch 'kvm-tdx-finish-initial' into HEAD')"

Nice seeing this milestone finally achieved.



[1] https://www.phoronix.com/search/Trust+Domain+Extensions

[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43db1111073049220381944af4a3b8a5400eda71