diff options
| author |   Isaku Yamahata <isaku.yamahata@intel.com> | 2024-09-03 20:07:50 -0700 |
|---|---|---|
| committer |   Paolo Bonzini <pbonzini@redhat.com> | 2025-03-14 14:20:53 -0400 |
| commit | 012426d6f59cab21f4e1ab4cc2c919fd26a04ead (patch) | |
| tree | 3bb00bc2bd89e82714bfb93cff50c0dfcde4974b /arch/x86/kvm/vmx/tdx.h | |
| parent | KVM: TDX: Add an ioctl to create initial guest memory (diff) | |
| download | wireguard-linux-012426d6f59cab21f4e1ab4cc2c919fd26a04ead.tar.xz wireguard-linux-012426d6f59cab21f4e1ab4cc2c919fd26a04ead.zip | |
KVM: TDX: Finalize VM initialization
Add a new VM-scoped KVM_MEMORY_ENCRYPT_OP IOCTL subcommand,
KVM_TDX_FINALIZE_VM, to perform TD Measurement Finalization.
Documentation for the API is added in another patch:
"Documentation/virt/kvm: Document on Trust Domain Extensions(TDX)"
For the purpose of attestation, a measurement must be made of the TDX VM
initial state. This is referred to as TD Measurement Finalization, and
uses SEAMCALL TDH.MR.FINALIZE, after which:
1. The VMM adding TD private pages with arbitrary content is no longer
allowed
2. The TDX VM is runnable
Co-developed-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Message-ID: <20240904030751.117579-21-rick.p.edgecombe@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to '')
| -rw-r--r-- | arch/x86/kvm/vmx/tdx.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index b3029e6e5caf..cde3acc805db 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -32,6 +32,9 @@ struct kvm_tdx { u64 tsc_multiplier; struct tdx_td td; + + /* For KVM_TDX_INIT_MEM_REGION. */ + atomic64_t nr_premapped; }; /* TDX module vCPU states */ |