Important code restructuring to the Intel Trust Domain Extensions (TDX) code is landing for the Linux 6.14 kernel to make it more robust moving forward and preparing for future features around this confidential computing / trusted execution environment (TEE) functionality built into the newest Xeon processors.
Intel TDX is one of the nifty features of recent Xeon processors for providing hardware isolation for virtual machines from the host’s VMM/hypervisor and other software on the host server. There has been a lot of Linux adaptations for enabling Intel TDX and supporting its features in the upstream kernel while for Linux 6.14 some important restructuring is taking place.
The x86/tdx pull request form Intel engineer Dave Hansen explains of the changes:
“The existing TDX code needs a _bit_ of metadata from the TDX module. But KVM is going to need a bunch more very shortly. Rework the interface with the TDX module to be more consistent and handle the new higher volume.
The TDX module has added a few new features. The first is a promise not to clobber RBP under any circumstances. Basically the kernel now will refuse to use any modules that don’t have this promise. Second, enable the new “REDUCE_VE” feature. This ensures that the TDX module will not send some silly virtualization exceptions that the guest had no good way to handle anyway.”
Being curious about the increased Intel TDX metadata usage moving forward especially by KVM, I was digging into the change being made to use auto-generated code for reading global metadata. That patch by Red Hat engineer and KVM expert Paolo Bonzini adds in more detail:
“The TDX module provides a set of “Global Metadata Fields”. Currently the kernel only reads “TD Memory Region” (TDMR) related fields for module initialization. There are needs to read more global metadata fields including TDX module version, supported features and “Convertible Memory Regions” (CMRs) to fix a module initialization failure. Future changes to support KVM TDX and other features like TDX Connect will need to read more.
The current global metadata reading code has limitations (e.g., it only has a primitive helper to read metadata field with 16-bit element size, while TDX supports 8/16/32/64 bits metadata element sizes). It needs tweaks in order to read more metadata fields.
But even with the tweaks, when new code is added to read a new field, the reviewers will still need to review against the spec to make sure the new code doesn’t screw up things like using the wrong metadata field ID (each metadata field is associated with a unique field ID, which is a TDX-defined u64 constant) etc.
TDX documents all global metadata fields in a ‘global_metadata.json’ file as part of TDX spec. JSON format is machine readable. Instead of tweaking the metadata reading code, use a script to generate the code so that:
1) Using the generated C is simple.
2) Adding a field is simple, e.g., the script just pulls the field ID out of the JSON for a given field thus no manual review is needed.”
So more robust and reliable handling of the TDX metadata moving forward as the Linux kernel / KVM expands its features around this Intel TEE.
