tdx.rst - OpenGrok cross reference for /linux/Documentation/arch/x86/tdx.rst

Lines Matching +full:dma +full:- +full:shared +full:- +full:all
1 .. SPDX-License-Identifier: GPL-2.0
18 CPU-attested software module called 'the TDX module' runs inside the new
22 TDX also leverages Intel Multi-Key Total Memory Encryption (MKTME) to
23 provide crypto-protection to the VMs.  TDX reserves part of MKTME KeyIDs
32 TDX boot-time detection
33 -----------------------
41 ---------------------------------------
59 Besides initializing the TDX module, a per-cpu initialization SEAMCALL
73 hotplug; 2) do VMXON and tdx_enable_cpu() on all online cpus; 3) call
103 ------------------------------------------
110 of memory regions (out of CMRs) as "TDX-usable" memory and pass those
111 regions to the TDX module.  Once this is done, those "TDX-usable" memory
114 To keep things simple, currently the kernel simply guarantees all pages
115 in the page allocator are TDX memory.  Specifically, the kernel uses all
116 system memory in the core-mm "at the time of TDX module initialization"
117 as TDX memory, and in the meantime, refuses to online any non-TDX-memory
124 machine's runtime.  A non-buggy BIOS should never support hot-removal of
131 TDX module requires the per-cpu initialization SEAMCALL must be done on
137 TDX verifies all boot-time present logical CPUs are TDX compatible before
138 enabling TDX.  A non-buggy BIOS should never support hot-add/removal of
162 non-temporal write instructions (like MOVNTI), or through UC/WC memory
163 mappings.  Devices can also do partial writes via DMA.
168 software-triggered issue.  But in the end, this issue is hard to trigger.
181 The kernel uses S3 for suspend-to-ram, and use S4 and deeper states for
204 TDX includes new hypercall-like mechanisms for communicating from the
208 ------------------
210 TDX guests behave differently from bare-metal and traditional VMX guests.
217 Instruction-based #VE
220 - Port I/O (INS, OUTS, IN, OUT)
221 - HLT
222 - MONITOR, MWAIT
223 - WBINVD, INVD
224 - VMCALL
225 - RDMSR*,WRMSR*
226 - CPUID*
228 Instruction-based #GP
231 - All VMX instructions: INVEPT, INVVPID, VMCLEAR, VMFUNC, VMLAUNCH,
233 - ENCLS, ENCLU
234 - GETSEC
235 - RSM
236 - ENQCMD
237 - RDMSR*,WRMSR*
244 - #GP generated
245 - #VE generated
246 - "Just works"
263 For some CPUID leaves and sub-leaves, the virtualized bit fields of CPUID
268 - Bit fields for which the hypervisor controls the value seen by the guest
271 - Bit fields for which the hypervisor configures the value such that the
276 A #VE is generated for CPUID leaves and sub-leaves that the TDX module does
281 ----------------------
283 There are essentially two classes of TDX memory: private and shared.
285 against access from the hypervisor.  Shared memory is expected to be
286 shared between guest and hypervisor and does not receive full TDX
290 private or shared.  It selects the behavior with a bit in its page table
292 information in shared memory, exposing it to the untrusted hypervisor.
294 #VE on Shared Memory
297 Access to shared mappings can cause a #VE.  The hypervisor ultimately
298 controls whether a shared memory access causes a #VE, so the guest must be
299 careful to only reference shared pages it can safely handle a #VE.  For
300 instance, the guest should be careful not to access shared memory in the
303 Shared mapping content is entirely controlled by the hypervisor. The guest
304 should only use shared mappings for communicating with the hypervisor.
305 Shared mappings must never be used for sensitive memory content like kernel
306 stacks.  A good rule of thumb is that hypervisor-shared memory should be
310 MMIO for virtual devices is implemented as shared memory.  The guest must
317 An access to private mappings can also cause a #VE.  Since all kernel
320 TDX guests ensure that all guest memory has been "accepted" before memory
323 A modest amount of memory (typically 512M) is pre-accepted by the firmware
333 -----------------
344 During #VE handling, the TDX module ensures that all interrupts (including
350 #VE-triggering actions (discussed above) while this block is in place.
355 -------------
357 In non-TDX VMs, MMIO is usually implemented by giving a guest access to a
376 Shared Memory Conversions
377 -------------------------
379 All TDX guest memory starts out as private at boot.  This memory can not
382 memory must be converted between shared and private.  This can be
385  * set_memory_decrypted() converts a range of pages to shared.
388 Device drivers are the primary user of shared memory, but there's no need
389 to touch every driver. DMA buffers and ioremap() do the conversions
392 TDX uses SWIOTLB for most DMA allocations. The SWIOTLB buffer is
393 converted to shared on boot.
395 For coherent DMA allocation, the DMA buffer gets converted on the
422 from the TDX module. TDREPORT is a fixed-size data structure generated by
423 the TDX module which contains guest-specific information (such as build
425 the integrity of the TDREPORT. A user-provided 64-Byte REPORTDATA is used
446 https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.…