[Q:linux][PATCH 0/8] Support TDX host in questing

Hector Cao hector.cao at canonical.com
Wed Sep 3 12:21:33 UTC 2025 

Thanks Thibault for working on this,
A question inline.

On Wed, Sep 3, 2025 at 1:06 PM Thibault Ferrante <
thibault.ferrante at canonical.com> wrote:

> BugLink: https://bugs.launchpad.net/bugs/2121873
>
> Since 6.16, TDX host is supported in the kernel but is incompatible with
> kexec. A cache
> flush is required in case TDX has been enabled before doing a kexec to
> avoid silent
> memory corruption in the new kernel.
>
> An upstream submission [0] fix this. The upstream submission is now a v8
> and is likely
> to be merged soon. 4 conditions are required at runtime to enable TDX Host:
> - Hibernation disabled.
> - TDX enabled in the bios.
> - kvm_intel.tdx=1 set in the bootcommand line.
> - Hardware support.
>
> Two limitation are coming with this submission:
> - In specific platforms (SPR/EMR), enabling TDX (all conditions fulfilled)
> will disable kexec due to hardware limitations.
>

Can you elaborate this limitation a little bit more please ? I m not sure
to fully get the point



> - After kexec, TDX can't be used. This error will manifest by having a
> dmesg entry
> similar to:
>
> virt/tdx: SEAMCALL (0x0000000000000021) failed: 0xc000050000000000
>
> This has been applied on top of questing Ubuntu-6.17.0-3.3 and tested on
> supported
> hardware by enabling TDX and using kexec/kdump.
>
> [0] :
> https://lore.kernel.org/all/20250901160930.1785244-1-pbonzini@redhat.com/
>
> Kai Huang (7):
>   UBUNTU: SAUCE: x86/kexec: Consolidate relocate_kernel() function
>     parameters
>   UBUNTU: SAUCE: x86/sme: Use percpu boolean to control WBINVD during
>     kexec
>   UBUNTU: SAUCE: x86/virt/tdx: Mark memory cache state incoherent when
>     making SEAMCALL
>   UBUNTU: SAUCE: x86/kexec: Disable kexec/kdump on platforms with TDX
>     partial write erratum
>   UBUNTU: SAUCE: x86/virt/tdx: Remove the !KEXEC_CORE dependency
>   UBUNTU: SAUCE: x86/virt/tdx: Update the kexec section in the TDX
>     documentation
>   UBUNTU: SAUCE: KVM: TDX: Explicitly do WBINVD when no more TDX
>     SEAMCALLs
>
> Thibault Ferrante (1):
>   UBUNTU: [Config] enable TDX host support
>
>  Documentation/arch/x86/tdx.rst       | 14 ++++-----
>  arch/x86/Kconfig                     |  1 -
>  arch/x86/include/asm/kexec.h         | 12 ++++++--
>  arch/x86/include/asm/processor.h     |  2 ++
>  arch/x86/include/asm/tdx.h           | 31 +++++++++++++++++++-
>  arch/x86/kernel/cpu/amd.c            | 17 +++++++++++
>  arch/x86/kernel/machine_kexec_64.c   | 44 ++++++++++++++++++++++------
>  arch/x86/kernel/process.c            | 24 +++++++--------
>  arch/x86/kernel/relocate_kernel_64.S | 36 +++++++++++++++--------
>  arch/x86/kvm/vmx/tdx.c               | 10 +++++++
>  arch/x86/virt/vmx/tdx/tdx.c          | 23 +++++++++++++--
>  debian.master/config/annotations     |  4 ++-
>  12 files changed, 170 insertions(+), 48 deletions(-)
>
> --
> 2.48.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>


-- 
Hector CAO
Software Engineer – Partner Engineering Team
hector.cao at canonical.com
https://launc <https://launchpad.net/~hectorcao>hpad.net/~hectorcao
<https://launchpad.net/~hectorcao>

<https://launchpad.net/~hectorcao>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250903/0a51f522/attachment.html>

More information about the kernel-team mailing list