The Intel Trust Domain Extensions (TDX) updates for the Linux 6.18 kernel allow it to work with Kexec for being able to load and boot into a new kernel from another currently running kernel.
Due to the TDX memory encryption hardware not respecting cache coherency, using Kexec in the presence of TDX could lead to writing back old cache lines on top of data in the kernel kernel. TDX and Kexec were thus an unsupported configuration until now in Linux 6.18 with those limitations being worked around.
Kexec is now guaranteed that all dirty cache lines of TDX private memory areas are flushed before jumping to the new kernel. Though early Intel Xeon Sapphire Rapids processors with a known erratum won’t be able to enjoy this support. There is a TDX partial-write erratum where a write transaction of less than one cache line to TDX private memory will poison that memory with any subsequent reads triggering a machine check. So for now the easiest handling of that is to disable Kexec/Kdump support there.
Intel TDX users on Xeon can now Kexec as well as crash Kdump to a new kernel at any time. But if the first kernel to boot has enabled TDX, the second kernel is not using TDX, but may be fixed in the future.
This Intel TDX improvement for Kexec support is merged for Linux 6.18.
