Bug#1032437: linux: Enable TDX Guest Support driver

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1032437: linux: Enable TDX Guest Support driver
From: Miguel Bernal Marin <miguel.bernal.marin@gmail.com>
Date: Mon, 6 Mar 2023 13:40:49 -0600
Message-id: <[🔎] ZAZBwf5mXjOOU3mr@ce>
Reply-to: Miguel Bernal Marin <miguel.bernal.marin@gmail.com>, 1032437@bugs.debian.org

Source: linux
Version: 6.1.12-1
Severity: wishlist
Tags: patch, sid
X-Debbugs-Cc: miguel.bernal.marin@linux.intel.com, jair.de.jesus.gonzalez.plascencia@linux.intel.com

Dear Maintainer,

Please enable the Intel's Trust Domain Extensions (TDX) Guest driver.

Intel’s Trust Domain Extensions (TDX) protect confidential guest VMs from
the host and physical attacks by isolating the guest register state and by
encrypting the guest memory. In TDX, a special module running in a special
mode sits between the host and the guest and manages the guest/host
separation [2].

Since the host cannot directly access guest registers or memory, much normal
functionality of a hypervisor must be moved into the guest. This is
implemented using a Virtualization Exception (#VE) that is handled by the
guest kernel. A #VE is handled entirely inside the guest kernel, but some
require the hypervisor to be consulted.

TDX includes new hypercall-like mechanisms for communicating from the guest
to the hypervisor or the TDX module.

Intel® Trust Domain Extensions (Intel® TDX) is introducing new, architectural
elements to help deploy hardware-isolated, virtual machines (VMs) called trust
domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine
manager (VMM)/hypervisor and any other non-TD software on the platform to
protect TDs from a broad range of software [1]. These hardware-isolated TDs
include:

* Secure-Arbitration Mode (SEAM) – a new mode of the CPU designed to host
an Intel-provided, digitally-signed, security-services module called the
Intel TDX module.

* Shared bit in GPA to help allow TD to access shared memory.

* Secure EPT to help translate private GPA to provide address-translation
integrity and to prevent TD-code fetches from shared memory. Encryption
and integrity protection of private-memory access using a TD-private key
is the goal.

* Physical-address-metadata table (PAMT) to help track page allocation, page
initialization, and TLB consistency.

* Multi-key, total-memory-encryption (MKTME) engine designed to provide
memory encryption using AES-128- XTS and integrity using 28-bit MAC and a
TD-ownership bit.

* Remote attestation designed to provide evidence of TD executing on a
genuine, Intel TDX system and its TCB version.

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
[2] https://docs.kernel.org/x86/tdx.html

A MR was created at:

https://salsa.debian.org/kernel-team/linux/-/merge_requests/671

Thanks,
Miguel

Reply to:

Prev by Date: linux-signed-i386_6.1.15+1_source.changes is NEW
Next by Date: Processed: limit source to linux, tagging 1032362
Previous by thread: linux-signed-i386_6.1.15+1_source.changes is NEW
Next by thread: Processed: limit source to linux, tagging 1032362
Index(es):
- Date
- Thread