On Thu, May 12, 2022 at 11:18:03AM +0800, Xiaoyao Li <xiaoyao...@intel.com> wrote:
> Add docs/system/i386/tdx.rst for TDX support, and add tdx in > confidential-guest-support.rst > > Signed-off-by: Xiaoyao Li <xiaoyao...@intel.com> > --- > docs/system/confidential-guest-support.rst | 1 + > docs/system/i386/tdx.rst | 103 +++++++++++++++++++++ > docs/system/target-i386.rst | 1 + > 3 files changed, 105 insertions(+) > create mode 100644 docs/system/i386/tdx.rst > > diff --git a/docs/system/confidential-guest-support.rst > b/docs/system/confidential-guest-support.rst > index 0c490dbda2b7..66129fbab64c 100644 > --- a/docs/system/confidential-guest-support.rst > +++ b/docs/system/confidential-guest-support.rst > @@ -38,6 +38,7 @@ Supported mechanisms > Currently supported confidential guest mechanisms are: > > * AMD Secure Encrypted Virtualization (SEV) (see > :doc:`i386/amd-memory-encryption`) > +* Intel Trust Domain Extension (TDX) (see :doc:`i386/tdx`) > * POWER Protected Execution Facility (PEF) (see > :ref:`power-papr-protected-execution-facility-pef`) > * s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`) > > diff --git a/docs/system/i386/tdx.rst b/docs/system/i386/tdx.rst > new file mode 100644 > index 000000000000..96d91fea5516 > --- /dev/null > +++ b/docs/system/i386/tdx.rst > @@ -0,0 +1,103 @@ > +Intel Trusted Domain eXtension (TDX) > +==================================== > + > +Intel Trusted Domain eXtensions (TDX) refers to an Intel technology that > extends > +Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption > (MKTME) > +with a new kind of virtual machine guest called a Trust Domain (TD). A TD > runs > +in a CPU mode that is designed to protect the confidentiality of its memory > +contents and its CPU state from any other software, including the hosting > +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. > + > +Prerequisites > +------------- > + > +To run TD, the physical machine needs to have TDX module loaded and > initialized > +while KVM hypervisor has TDX support and has TDX enabled. If those > requirements > +are met, the ``KVM_CAP_VM_TYPES`` will report the support of > ``KVM_X86_TDX_VM``. > + > +Trust Domain Virtual Firmware (TDVF) > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +Trust Domain Virtual Firmware (TDVF) is required to provide TD services to > boot > +TD Guest OS. TDVF needs to be copied to guest private memory and measured > before > +a TD boots. > + > +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command > ``KVM_TDX_INIT_MEM_REGION`` > +to copy the TDVF image to TD's private memory space. > + > +Since TDX doesn't support readonly memslot, TDVF cannot be mapped as pflash > +device and it actually works as RAM. "-bios" option is chosen to load TDVF. > + > +OVMF is the opensource firmware that implements the TDVF support. Thus the > +command line to specify and load TDVF is `-bios OVMF.fd` > + > +Feature Control > +--------------- > + > +Unlike non-TDX VM, the CPU features (enumerated by CPU or MSR) of a TD is not > +under full control of VMM. VMM can only configure part of features of a TD on > +``KVM_TDX_INIT_VM`` command of VM scope ``MEMORY_ENCRYPT_OP`` ioctl. > + > +The configurable features have three types: > + > +- Attributes: > + - PKS (bit 30) controls whether Supervisor Protection Keys is exposed to > TD, > + which determines related CPUID bit and CR4 bit; > + - PERFMON (bit 63) controls whether PMU is exposed to TD. > + > +- XSAVE related features (XFAM): > + XFAM is a 64b mask, which has the same format as XCR0 or IA32_XSS MSR. It > + determines the set of extended features available for use by the guest TD. > + > +- CPUID features: > + Only some bits of some CPUID leaves are directly configurable by VMM. > + > +What features can be configured is reported via TDX capabilities. > + > +TDX capabilities > +~~~~~~~~~~~~~~~~ > + > +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command > ``KVM_TDX_CAPABILITIES`` > +to get the TDX capabilities from KVM. It returns a data structure of > +``struct kvm_tdx_capabilites``, which tells the supported configuration of > +attributes, XFAM and CPUIDs. > + > +Launching a TD (TDX VM) > +----------------------- > + > +To launch a TDX guest: > + > +.. parsed-literal:: > + > + |qemu_system_x86| \\ > + -machine ...,confidential-guest-support=tdx0 \\ > + -object tdx-guest,id=tdx0 \\ > + -bios OVMF.fd \\ Don't we need kernel-irqchip=split? Or this patch series set it automatically? Thanks, > + > +Debugging > +--------- > + > +Bit 0 of TD attributes, is DEBUG bit, which decides if the TD runs in off-TD > +debug mode. When in off-TD debug mode, TD's VCPU state and private memory are > +accessible via given SEAMCALLs. This requires KVM to expose APIs to invoke > those > +SEAMCALLs and resonponding QEMU change. > + > +It's targeted as future work. > + > +restrictions > +------------ > + > + - No readonly support for private memory; > + > + - No SMM support: SMM support requires manipulating the guset register > states > + which is not allowed; > + > +Live Migration > +-------------- > + > +TODO > + > +References > +---------- > + > +- `TDX Homepage > <https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html>`__ > diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst > index 96bf54889a82..16dd4f1a8c80 100644 > --- a/docs/system/target-i386.rst > +++ b/docs/system/target-i386.rst > @@ -29,6 +29,7 @@ Architectural features > i386/kvm-pv > i386/sgx > i386/amd-memory-encryption > + i386/tdx > > .. _pcsys_005freq: > > -- > 2.27.0 > > -- Isaku Yamahata <isaku.yamah...@gmail.com>
