A feature that has been worked on for a while now by Intel Linux engineers is for allowing run-time updates of the Trusted Domain Extensions (TDX) module without having to reboot the running server. For Linux 7.2 it looks like that feature will be all-set for allowing the easier roll-out of security updates and the like for this confidential computing capability on modern Intel Xeon servers.

[1]Trust Domain Extensions is a great feature of modern Xeon processors as hardware-based confidential computing tech for VM isolation. But with the TDX module loaded by the BIOS at boot time, up to now if needing to update it has meant rebooting the server. But TDX's P-SEAMLDR can allow for facilitating TDX module updates at run-time.

Te code to allow for TDX module updates under Linux has underwent ten rounds of code review but now looks ready for the mainline kernel. The TDX runtime update support was recently queued into tip/tip.git's [2]x86/tdx branch . With the code now in a prominent TDX Git branch ahead of next month's Linux 7.2 merge window, it looks like it will be submitted for that kernel version barring any last minute issues.



[1] https://www.phoronix.com/search/Trust+Domain+Extensions

[2] https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/log/?h=x86/tdx