Cover Letter Detail
Show a cover letter.
GET /api/covers/2217060/?format=api
{ "id": 2217060, "url": "http://patchwork.ozlabs.org/api/covers/2217060/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/cover/20260327160132.2946114-1-yilun.xu@linux.intel.com/", "project": { "id": 28, "url": "http://patchwork.ozlabs.org/api/projects/28/?format=api", "name": "Linux PCI development", "link_name": "linux-pci", "list_id": "linux-pci.vger.kernel.org", "list_email": "linux-pci@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "list_archive_url": null, "date": "2026-03-27T16:01:01", "name": "[v2,00/31] PCI/TSM: PCIe Link Encryption Establishment via TDX platform services", "submitter": { "id": 87470, "url": "http://patchwork.ozlabs.org/api/people/87470/?format=api", "name": "Xu Yilun", "email": "yilun.xu@linux.intel.com" }, "mbox": "http://patchwork.ozlabs.org/project/linux-pci/cover/20260327160132.2946114-1-yilun.xu@linux.intel.com/mbox/", "series": [ { "id": 497793, "url": "http://patchwork.ozlabs.org/api/series/497793/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=497793", "date": "2026-03-27T16:01:02", "name": "PCI/TSM: PCIe Link Encryption Establishment via TDX platform services", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/497793/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/2217060/comments/", "headers": { "Return-Path": "\n <linux-pci+bounces-51285-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-pci@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=Lc4VH80t;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=linux-pci+bounces-51285-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=\"Lc4VH80t\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=198.175.65.14", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.intel.com" ], "Received": [ "from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fj5pJ5Qwlz1y1P\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 28 Mar 2026 03:34:48 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 91A0D3004698\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 27 Mar 2026 16:22:37 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 6154830CD82;\n\tFri, 27 Mar 2026 16:22:36 +0000 (UTC)", "from mgamail.intel.com (mgamail.intel.com [198.175.65.14])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 8ABC8347525;\n\tFri, 27 Mar 2026 16:22:34 +0000 (UTC)", "from fmviesa006.fm.intel.com ([10.60.135.146])\n by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 27 Mar 2026 09:22:33 -0700", "from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165])\n by fmviesa006.fm.intel.com with ESMTP; 27 Mar 2026 09:22:30 -0700" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1774628556; cv=none;\n b=BuWhMrKE2acMSkrlzh8Gk5Q2b7A4Baj4Ahgob2ijKjpVY7RpWB4Rf1FBBhyzM2dd2QKh5hsWwUBBU74RP8oideSZX1lkyxJnoCgqSA5sQ7M6MfWOVRP0p/fyyJsWBFGrKYH4m9AQ+xChBiL5fVelXOVxah613mKNmoZLH6u9WUo=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1774628556; c=relaxed/simple;\n\tbh=Dpc5ajG0cpPMRfGSQYtwGoqlsNmZJIl2iPLJGtGNLoE=;\n\th=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type;\n b=aDYm8yKdNfmIOPsgaMd+6qdJXlK0SDEXEs4iNIhBE8OPTeKcVMN3AajGon0wdN8UpIE6RHvoJb7fPKdquwr8fPpUpAeBHFcd90c6mKJK6ZS9W2e3rpKBOjQGjcuyH5GTNfvVbKTTBkqysYn1xE0NyMFC+/gidK5K9aa3rMjV/zM=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n spf=pass smtp.mailfrom=linux.intel.com;\n dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=Lc4VH80t; arc=none smtp.client-ip=198.175.65.14", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1774628554; x=1806164554;\n h=from:to:cc:subject:date:message-id:mime-version:\n content-transfer-encoding;\n bh=Dpc5ajG0cpPMRfGSQYtwGoqlsNmZJIl2iPLJGtGNLoE=;\n b=Lc4VH80tRTef8mGmrlv/Lp9GHUDoc08LReuDTE/o/SALoxvxyq1ufUEZ\n sCUWCSIYrbhkNAcKyaeA2VzqChF40kznTF1YqnxNGlnUyazBwTxa9tWCC\n yEdMKahVyISCIelAa463+re2H1CilukniF5DbLzJy2/Odh5fhvQCHbzr5\n /7ChRUfws1CCSuLm/FIziVfTtnrSJdkyJwzLt6cEWqPUkAkWhC2qBY6C2\n AVLyAt3X0gY2jwHe6tWyjCmHn1HWoH/2LFDcxMKEKGCQR9T+rBuwe72ce\n g/3Sw35bEzhU1x56AivmgNRZ3mLWAljJ36IVAF02u64EHhS11cumcABtE\n A==;", "X-CSE-ConnectionGUID": [ "kdZgef1YS/q/cV4RmqMcgA==", "tR+Io45vSYuS88IP1jfBmA==" ], "X-CSE-MsgGUID": [ "P5RYNBDURWCPaxhzMz3diA==", "KaNlKWGERvGU+ZdObMcuzw==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11741\"; a=\"79565483\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"79565483\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"220516105\"" ], "X-ExtLoop1": "1", "From": "Xu Yilun <yilun.xu@linux.intel.com>", "To": "linux-coco@lists.linux.dev,\n\tlinux-pci@vger.kernel.org,\n\tdan.j.williams@intel.com,\n\tx86@kernel.org", "Cc": "chao.gao@intel.com,\n\tdave.jiang@intel.com,\n\tbaolu.lu@linux.intel.com,\n\tyilun.xu@linux.intel.com,\n\tyilun.xu@intel.com,\n\tzhenzhong.duan@intel.com,\n\tkvm@vger.kernel.org,\n\trick.p.edgecombe@intel.com,\n\tdave.hansen@linux.intel.com,\n\tkas@kernel.org,\n\txiaoyao.li@intel.com,\n\tvishal.l.verma@intel.com,\n\tlinux-kernel@vger.kernel.org", "Subject": "[PATCH v2 00/31] PCI/TSM: PCIe Link Encryption Establishment via TDX\n platform services", "Date": "Sat, 28 Mar 2026 00:01:01 +0800", "Message-Id": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "X-Mailer": "git-send-email 2.25.1", "Precedence": "bulk", "X-Mailing-List": "linux-pci@vger.kernel.org", "List-Id": "<linux-pci.vger.kernel.org>", "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=UTF-8", "Content-Transfer-Encoding": "8bit" }, "content": "This series is based on mainline v7.0-rc2 and targets v7.1 (quite\naggressive though). The merge path will be through tsm.git with tip.git\nacks where needed. I know there are several parallel series on the fly,\nso Dave you can wait for Dan to review, or ack/nak as you have time,\nthanks. No KVM change, no acks from kvm.git is needed.\n\n== Overview ==\n\nThis series adds a PCI/TSM low-level driver implementation for TDX\nConnect (the TEE I/O architecture for Intel platforms). PCI/TSM is the\nLinux PCI core subsystem [1][2] that supports Link Encryption & trust\nestablishment between CoCo-VM and assigned devices, allowing CoCo-VM to\naccept devices for private memory access (private DMA). This series\nonly implements Link Encryption. It is a pre-requisite for trusted\ndevice assignment in TDX system.\n\nTwo protocols, SPDM (Security Protocol and Data Model) and PCI\nIDE (Integrity and Data Encryption) work together to establish the Link\nEncryption. SPDM creates trust on untrusted transit for key exchanging.\nIDE performs the actual real-time encryption for data traffic. In TSM\nworld, they are managed by secure firmwares, e.g. TDX Module.\n\nTo manage these protocols, TDX Module introduces Extensions to support\nlong running / hard-irq preemptible flows inside. Host invokes these\nflows via Extension-SEAMCALLs.\n\nThis series has 2 distinct parts:\n\n Patches 1-13: TDX core cleanups and TDX Module Extensions enabling\n Patches 14-31: tdx_host TSM driver for PCIe Link Encryption\n\n[1]: https://lore.kernel.org/linux-coco/20251031212902.2256310-1-dan.j.williams@intel.com/\n[2]: https://lore.kernel.org/linux-coco/20251105040055.2832866-1-dan.j.williams@intel.com/\n\n== Merge notes ==\n\n - Merge conflicts with parallel series:\n Sean's VMXON: https://lore.kernel.org/all/20260214012702.2368778-1-seanjc@google.com/\n Chao's runtime update: https://lore.kernel.org/all/20260326084448.29947-1-chao.gao@intel.com/\n\n - Picked several patches from parallel series:\n Patch 1: https://lore.kernel.org/all/20260323-fuller_tdx_kexec_support-v2-1-87a36409e051@intel.com/\n Patch 14: https://lore.kernel.org/all/20260303000207.1836586-2-dan.j.williams@intel.com/\n Patch 15: https://lore.kernel.org/all/20260326084448.29947-3-chao.gao@intel.com/\n\n== Changelog ==\nv2:\n- Subject change. previously it was:\n \"PCI/TSM: TDX Connect: SPDM Session and IDE Establishment\"\n- Remove __free() for core TDX and refactor all tdx_ext functions\n- Use kzalloc(PAGE_SIZE, ...) instead of alloc_page() in TDX core\n- Check feature0 support before reading optional global metadata\n- Split the TDX Module Extensions enabling into small patches\n- Enable TDX Module Extensions along with Basic TDX enabling\n- Refactor SEAMCALL version handling\n- For tdx_page_array, make page allocation method configurable\n - For TDX Module Extensions, use contiguous page allocation\n - For IOMMU_MT, use a custom page allocation\n- Print TDX Extensions memory usage\n- Various Changelog & comments refine\n\nv1: https://lore.kernel.org/all/20251117022311.2443900-1-yilun.xu@linux.intel.com/\n- No tdx_enable() needed in tdx-host\n- Simplify tdx_page_array kAPI, no singleton mode input\n- Refactor the handling of TDX_INTERRUPTED_RESUMABLE\n- Refine the usage of scope-based cleanup in tdx-host\n- Set nr_stream_id in tdx-host, not in PCI ACPI initialization\n- Use KEYP table + ECAP bit50 to decide Domain ID reservation\n- Refactor IDE Address Association Register setup\n- Remove prototype patches\n- Refactor tdx_enable_ext() locking because of Sean's change\n- Pick ACPICA KEYP patch from ACPICA repo\n- Select TDX Connect feature for TDH.SYS.CONFIG, remove temporary\n solution for TDH.SYS.INIT\n- Use Rick's tdx_errno.h movement patch [6]\n- Factor out scope-based cleanup patches in mm\n- Remove redunant header files, add header files only when first used\n- Use dev_err_probe() when possible\n- keyp_info_match() refactor\n- Use bitfield.h macros for PAGE_LIST_INFO & HPA_ARRAY_T raw value\n- Remove reserved fields for spdm_config_info_t\n- Simplify return for tdh_ide_stream_block()\n- Other small fixes for Jonathan's comments\n\nRFC: https://lore.kernel.org/linux-coco/20250919142237.418648-1-dan.j.williams@intel.com/\n\n\nChao Gao (1):\n coco/tdx-host: Introduce a \"tdx_host\" device\n\nDan Williams (1):\n PCI/TSM: Report active IDE streams per host bridge\n\nDave Jiang (1):\n acpi: Add KEYP support to fw_table parsing\n\nKiryl Shutsemau (1):\n x86/tdx: Move all TDX error defines into <asm/shared/tdx_errno.h>\n\nLu Baolu (2):\n iommu/vt-d: Cache max domain ID to avoid redundant calculation\n iommu/vt-d: Reserve the MSB domain ID bit for the TDX module\n\nXu Yilun (21):\n x86/virt/tdx: Move bit definitions of TDX_FEATURES0 to public header\n x86/virt/tdx: Add tdx_page_array helpers for new TDX Module objects\n x86/virt/tdx: Support allocating contiguous pages for tdx_page_array\n x86/virt/tdx: Extend tdx_page_array to support IOMMU_MT\n x86/virt/tdx: Read global metadata for TDX Module Extensions/Connect\n x86/virt/tdx: Embed version info in SEAMCALL leaf function definitions\n x86/virt/tdx: Configure TDX Module with optional TDX Connect feature\n x86/virt/tdx: Move tdx_clflush_page() up in the file\n x86/virt/tdx: Add extra memory to TDX Module for Extensions\n x86/virt/tdx: Make TDX Module initialize Extensions\n x86/virt/tdx: Enable the Extensions after basic TDX Module init\n x86/virt/tdx: Extend tdx_clflush_page() to handle compound pages\n coco/tdx-host: Support Link TSM for TDX host\n x86/virt/tdx: Add a helper to loop on TDX_INTERRUPTED_RESUMABLE\n iommu/vt-d: Export a helper to do function for each dmar_drhd_unit\n coco/tdx-host: Setup all trusted IOMMUs on TDX Connect init\n mm: Add __free() support for __free_page()\n coco/tdx-host: Parse ACPI KEYP table to init IDE for PCI host bridges\n x86/virt/tdx: Add SEAMCALL wrappers for IDE stream management\n coco/tdx-host: Implement IDE stream setup/teardown\n coco/tdx-host: Finally enable SPDM session and IDE Establishment\n\nZhenzhong Duan (4):\n x86/virt/tdx: Add SEAMCALL wrappers for trusted IOMMU setup and clear\n coco/tdx-host: Add a helper to exchange SPDM messages through DOE\n x86/virt/tdx: Add SEAMCALL wrappers for SPDM management\n coco/tdx-host: Implement SPDM session setup\n\n drivers/virt/coco/Kconfig | 2 +\n drivers/virt/coco/tdx-host/Kconfig | 16 +\n drivers/virt/coco/Makefile | 1 +\n drivers/virt/coco/tdx-host/Makefile | 1 +\n Documentation/ABI/testing/sysfs-class-tsm | 13 +\n arch/x86/include/asm/shared/tdx.h | 1 +\n .../vmx => include/asm/shared}/tdx_errno.h | 30 +-\n arch/x86/include/asm/tdx.h | 95 +-\n arch/x86/include/asm/tdx_global_metadata.h | 14 +\n arch/x86/kvm/vmx/tdx.h | 1 -\n arch/x86/virt/vmx/tdx/tdx.h | 42 +-\n drivers/iommu/intel/iommu.h | 2 +\n include/linux/acpi.h | 3 +\n include/linux/dmar.h | 2 +\n include/linux/fw_table.h | 1 +\n include/linux/gfp.h | 1 +\n include/linux/pci-ide.h | 4 +\n include/linux/tsm.h | 3 +\n arch/x86/virt/vmx/tdx/tdx.c | 839 ++++++++++++++-\n arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 36 +\n drivers/acpi/tables.c | 12 +-\n drivers/iommu/intel/dmar.c | 67 ++\n drivers/iommu/intel/iommu.c | 10 +-\n drivers/pci/ide.c | 9 +-\n drivers/virt/coco/tdx-host/tdx-host.c | 952 ++++++++++++++++++\n drivers/virt/coco/tsm-core.c | 97 ++\n lib/fw_table.c | 9 +\n 27 files changed, 2202 insertions(+), 61 deletions(-)\n create mode 100644 drivers/virt/coco/tdx-host/Kconfig\n create mode 100644 drivers/virt/coco/tdx-host/Makefile\n rename arch/x86/{kvm/vmx => include/asm/shared}/tdx_errno.h (61%)\n create mode 100644 drivers/virt/coco/tdx-host/tdx-host.c\n\n\nbase-commit: 11439c4635edd669ae435eec308f4ab8a0804808" }