[Q:linux][PATCH 0/8] Support TDX host in questing

Thibault Ferrante thibault.ferrante at canonical.com
Wed Sep 3 11:05:29 UTC 2025 

BugLink: https://bugs.launchpad.net/bugs/2121873

Since 6.16, TDX host is supported in the kernel but is incompatible with kexec. A cache
flush is required in case TDX has been enabled before doing a kexec to avoid silent
memory corruption in the new kernel.

An upstream submission [0] fix this. The upstream submission is now a v8 and is likely
to be merged soon. 4 conditions are required at runtime to enable TDX Host:
- Hibernation disabled.
- TDX enabled in the bios.
- kvm_intel.tdx=1 set in the bootcommand line.
- Hardware support.

Two limitation are coming with this submission:
- In specific platforms (SPR/EMR), enabling TDX (all conditions fulfilled)
will disable kexec due to hardware limitations.
- After kexec, TDX can't be used. This error will manifest by having a dmesg entry 
similar to:

virt/tdx: SEAMCALL (0x0000000000000021) failed: 0xc000050000000000

This has been applied on top of questing Ubuntu-6.17.0-3.3 and tested on supported
hardware by enabling TDX and using kexec/kdump.

[0] : https://lore.kernel.org/all/20250901160930.1785244-1-pbonzini@redhat.com/

Kai Huang (7):
  UBUNTU: SAUCE: x86/kexec: Consolidate relocate_kernel() function
    parameters
  UBUNTU: SAUCE: x86/sme: Use percpu boolean to control WBINVD during
    kexec
  UBUNTU: SAUCE: x86/virt/tdx: Mark memory cache state incoherent when
    making SEAMCALL
  UBUNTU: SAUCE: x86/kexec: Disable kexec/kdump on platforms with TDX
    partial write erratum
  UBUNTU: SAUCE: x86/virt/tdx: Remove the !KEXEC_CORE dependency
  UBUNTU: SAUCE: x86/virt/tdx: Update the kexec section in the TDX
    documentation
  UBUNTU: SAUCE: KVM: TDX: Explicitly do WBINVD when no more TDX
    SEAMCALLs

Thibault Ferrante (1):
  UBUNTU: [Config] enable TDX host support

 Documentation/arch/x86/tdx.rst       | 14 ++++-----
 arch/x86/Kconfig                     |  1 -
 arch/x86/include/asm/kexec.h         | 12 ++++++--
 arch/x86/include/asm/processor.h     |  2 ++
 arch/x86/include/asm/tdx.h           | 31 +++++++++++++++++++-
 arch/x86/kernel/cpu/amd.c            | 17 +++++++++++
 arch/x86/kernel/machine_kexec_64.c   | 44 ++++++++++++++++++++++------
 arch/x86/kernel/process.c            | 24 +++++++--------
 arch/x86/kernel/relocate_kernel_64.S | 36 +++++++++++++++--------
 arch/x86/kvm/vmx/tdx.c               | 10 +++++++
 arch/x86/virt/vmx/tdx/tdx.c          | 23 +++++++++++++--
 debian.master/config/annotations     |  4 ++-
 12 files changed, 170 insertions(+), 48 deletions(-)

-- 
2.48.1

More information about the kernel-team mailing list