Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217117/?format=api
{ "id": 2217117, "url": "http://patchwork.ozlabs.org/api/patches/2217117/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-16-yilun.xu@linux.intel.com/", "project": { "id": 28, "url": "http://patchwork.ozlabs.org/api/projects/28/?format=api", "name": "Linux PCI development", "link_name": "linux-pci", "list_id": "linux-pci.vger.kernel.org", "list_email": "linux-pci@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260327160132.2946114-16-yilun.xu@linux.intel.com>", "list_archive_url": null, "date": "2026-03-27T16:01:16", "name": "[v2,15/31] coco/tdx-host: Introduce a \"tdx_host\" device", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "58ec9785e2dbe6e04368b97a990f12179bd779e6", "submitter": { "id": 87470, "url": "http://patchwork.ozlabs.org/api/people/87470/?format=api", "name": "Xu Yilun", "email": "yilun.xu@linux.intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-16-yilun.xu@linux.intel.com/mbox/", "series": [ { "id": 497793, "url": "http://patchwork.ozlabs.org/api/series/497793/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=497793", "date": "2026-03-27T16:01:02", "name": "PCI/TSM: PCIe Link Encryption Establishment via TDX platform services", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/497793/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217117/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217117/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linux-pci+bounces-51301-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-pci@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=au9iuZTM;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=linux-pci+bounces-51301-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=\"au9iuZTM\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=198.175.65.14", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.intel.com" ], "Received": [ "from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fj6HN38DWz1y1x\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 28 Mar 2026 03:56:32 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 523BE304A101\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 27 Mar 2026 16:26:59 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id C61043CF677;\n\tFri, 27 Mar 2026 16:23:31 +0000 (UTC)", "from mgamail.intel.com (mgamail.intel.com [198.175.65.14])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 108803C4566;\n\tFri, 27 Mar 2026 16:23:29 +0000 (UTC)", "from fmviesa006.fm.intel.com ([10.60.135.146])\n by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 27 Mar 2026 09:23:28 -0700", "from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165])\n by fmviesa006.fm.intel.com with ESMTP; 27 Mar 2026 09:23:25 -0700" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1774628611; cv=none;\n b=MB/JkG5hsy4b+GqWmkxWDNYnG+oy17m5XhNObkGUtJFh6t7Uoxzu3yPCngvD8Dg/LG2qKSzN9BZuq6eL9dfxArE2XzuNYKWMtAA7VBCd2GZh9CM4Eq9RHYQ3eITKpqKqT9Ellij0nKJ8y0EVJT65h5lCuPXQyGgrlcMLgtYq4Z8=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1774628611; c=relaxed/simple;\n\tbh=NiScli6lde2atwZcei95350RL54jHBrh2mruHTpKuTw=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=q9z+qBTs4BqsCfVUvgf7O+3V+fN/BPleHEzRTm7MPcVGAZQ0nomV5RVjYpUm5ZmsdD6kOmHQy+26va25wXFDy8Ow/lXRRkhA/r0X9huHbRVnjYWDc4rRy8s8v23sTNRwDuryzSnbd0G/ISZ5AjS7SlHrWxa1lrbxVzUtxeD6teQ=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n spf=pass smtp.mailfrom=linux.intel.com;\n dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=au9iuZTM; arc=none smtp.client-ip=198.175.65.14", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1774628608; x=1806164608;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=NiScli6lde2atwZcei95350RL54jHBrh2mruHTpKuTw=;\n b=au9iuZTMWb1yeYoP3YdC0NmppGUjR9p4+3OE3jngRjKQBk4D9snPs8iV\n 01Jb0QZwTP5ILrpBfaWEz+roBmCYuQi4NOr8whFBVhRLWJkQZmlsG0DtY\n Mw5UwEajQMhjKn2vct9ArKT8nkY5a8b7gBefWZP+3+RS/p2L3p2cndBV9\n a1Ifwi+Tf2v8LyPKfHFI63fyio+a4MNfdgsyuGRbd9egNxRzrKItZmEmJ\n PrzZ/+IcDKaeo+6CFraeSgk2M3m+FKYPXhEwewCJjYUcebRF/7tWBZ+9T\n nB6MUDCi4RI/Z+0KkW18OiBKuzvoHT2sX7WLMUOVguehXAeoZxDrg4AYI\n w==;", "X-CSE-ConnectionGUID": [ "O0idgr8YQOqx1uPGiTlRyg==", "AK1zgE10TFqPPfFrpL7DHw==" ], "X-CSE-MsgGUID": [ "/t1P57YhS7OM5qjIT049HQ==", "xu8ZxhJWR82dJe2kkh/nCg==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11741\"; a=\"79565591\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"79565591\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"220516243\"" ], "X-ExtLoop1": "1", "From": "Xu Yilun <yilun.xu@linux.intel.com>", "To": "linux-coco@lists.linux.dev,\n\tlinux-pci@vger.kernel.org,\n\tdan.j.williams@intel.com,\n\tx86@kernel.org", "Cc": "chao.gao@intel.com,\n\tdave.jiang@intel.com,\n\tbaolu.lu@linux.intel.com,\n\tyilun.xu@linux.intel.com,\n\tyilun.xu@intel.com,\n\tzhenzhong.duan@intel.com,\n\tkvm@vger.kernel.org,\n\trick.p.edgecombe@intel.com,\n\tdave.hansen@linux.intel.com,\n\tkas@kernel.org,\n\txiaoyao.li@intel.com,\n\tvishal.l.verma@intel.com,\n\tlinux-kernel@vger.kernel.org", "Subject": "[PATCH v2 15/31] coco/tdx-host: Introduce a \"tdx_host\" device", "Date": "Sat, 28 Mar 2026 00:01:16 +0800", "Message-Id": "<20260327160132.2946114-16-yilun.xu@linux.intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "References": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "Precedence": "bulk", "X-Mailing-List": "linux-pci@vger.kernel.org", "List-Id": "<linux-pci.vger.kernel.org>", "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "From: Chao Gao <chao.gao@intel.com>\n\nTDX depends on a platform firmware module that is invoked via instructions\nsimilar to vmenter (i.e. enter into a new privileged \"root-mode\" context to\nmanage private memory and private device mechanisms). It is a software\nconstruct that depends on the CPU vmxon state to enable invocation of\nTDX module ABIs. Unlike other Trusted Execution Environment (TEE) platform\nimplementations that employ a firmware module running on a PCI device with\nan MMIO mailbox for communication, TDX has no hardware device to point to\nas the TEE Secure Manager (TSM).\n\nCreate a virtual device not only to align with other implementations but\nalso to make it easier to\n\n - expose metadata (e.g., TDX module version, seamldr version etc) to\n the userspace as device attributes\n\n - implement firmware uploader APIs which are tied to a device. This is\n needed to support TDX module runtime updates\n\n - enable TDX Connect which will share a common infrastructure with other\n platform implementations. In the TDX Connect context, every\n architecture has a TSM, represented by a PCIe or virtual device. The\n new \"tdx_host\" device will serve the TSM role.\n\nA faux device is used for TDX because the TDX module is singular within\nthe system and lacks associated platform resources. Using a faux device\neliminates the need to create a stub bus.\n\nThe call to tdx_get_sysinfo() ensures that the TDX module is ready to\nprovide services.\n\nNote that AMD has a PCI device for the PSP for SEV and ARM CCA will\nlikely have a faux device [1].\n\nCo-developed-by: Xu Yilun <yilun.xu@linux.intel.com>\nSigned-off-by: Dan Williams <dan.j.williams@intel.com>\nSigned-off-by: Chao Gao <chao.gao@intel.com>\nReviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>\nReviewed-by: Tony Lindgren <tony.lindgren@linux.intel.com>\nReviewed-by: Xu Yilun <yilun.xu@linux.intel.com>\nReviewed-by: Kai Huang <kai.huang@intel.com>\nReviewed-by: Kiryl Shutsemau (Meta) <kas@kernel.org>\nLink: https://lore.kernel.org/all/2025073035-bulginess-rematch-b92e@gregkh/ # [1]\nSigned-off-by: Xu Yilun <yilun.xu@linux.intel.com>\n---\n drivers/virt/coco/Kconfig | 2 ++\n drivers/virt/coco/tdx-host/Kconfig | 10 +++++++\n drivers/virt/coco/Makefile | 1 +\n drivers/virt/coco/tdx-host/Makefile | 1 +\n arch/x86/virt/vmx/tdx/tdx.c | 2 +-\n drivers/virt/coco/tdx-host/tdx-host.c | 43 +++++++++++++++++++++++++++\n 6 files changed, 58 insertions(+), 1 deletion(-)\n create mode 100644 drivers/virt/coco/tdx-host/Kconfig\n create mode 100644 drivers/virt/coco/tdx-host/Makefile\n create mode 100644 drivers/virt/coco/tdx-host/tdx-host.c", "diff": "diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig\nindex df1cfaf26c65..f7691f64fbe3 100644\n--- a/drivers/virt/coco/Kconfig\n+++ b/drivers/virt/coco/Kconfig\n@@ -17,5 +17,7 @@ source \"drivers/virt/coco/arm-cca-guest/Kconfig\"\n source \"drivers/virt/coco/guest/Kconfig\"\n endif\n \n+source \"drivers/virt/coco/tdx-host/Kconfig\"\n+\n config TSM\n \tbool\ndiff --git a/drivers/virt/coco/tdx-host/Kconfig b/drivers/virt/coco/tdx-host/Kconfig\nnew file mode 100644\nindex 000000000000..d35d85ef91c0\n--- /dev/null\n+++ b/drivers/virt/coco/tdx-host/Kconfig\n@@ -0,0 +1,10 @@\n+config TDX_HOST_SERVICES\n+\ttristate \"TDX Host Services Driver\"\n+\tdepends on INTEL_TDX_HOST\n+\tdefault m\n+\thelp\n+\t Enable access to TDX host services like module update and\n+\t extensions (e.g. TDX Connect).\n+\n+\t Say y or m if enabling support for confidential virtual machine\n+\t support (CONFIG_INTEL_TDX_HOST). The module is called tdx_host.ko.\ndiff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile\nindex cb52021912b3..b323b0ae4f82 100644\n--- a/drivers/virt/coco/Makefile\n+++ b/drivers/virt/coco/Makefile\n@@ -6,6 +6,7 @@ obj-$(CONFIG_EFI_SECRET)\t+= efi_secret/\n obj-$(CONFIG_ARM_PKVM_GUEST)\t+= pkvm-guest/\n obj-$(CONFIG_SEV_GUEST)\t\t+= sev-guest/\n obj-$(CONFIG_INTEL_TDX_GUEST)\t+= tdx-guest/\n+obj-$(CONFIG_INTEL_TDX_HOST)\t+= tdx-host/\n obj-$(CONFIG_ARM_CCA_GUEST)\t+= arm-cca-guest/\n obj-$(CONFIG_TSM) \t\t+= tsm-core.o\n obj-$(CONFIG_TSM_GUEST)\t\t+= guest/\ndiff --git a/drivers/virt/coco/tdx-host/Makefile b/drivers/virt/coco/tdx-host/Makefile\nnew file mode 100644\nindex 000000000000..e61e749a8dff\n--- /dev/null\n+++ b/drivers/virt/coco/tdx-host/Makefile\n@@ -0,0 +1 @@\n+obj-$(CONFIG_TDX_HOST_SERVICES) += tdx-host.o\ndiff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c\nindex e7d47fbe7057..cd0948794b6c 100644\n--- a/arch/x86/virt/vmx/tdx/tdx.c\n+++ b/arch/x86/virt/vmx/tdx/tdx.c\n@@ -2057,7 +2057,7 @@ const struct tdx_sys_info *tdx_get_sysinfo(void)\n \n \treturn p;\n }\n-EXPORT_SYMBOL_FOR_KVM(tdx_get_sysinfo);\n+EXPORT_SYMBOL_FOR_MODULES(tdx_get_sysinfo, \"kvm-intel,tdx-host\");\n \n u32 tdx_get_nr_guest_keyids(void)\n {\ndiff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c\nnew file mode 100644\nindex 000000000000..c77885392b09\n--- /dev/null\n+++ b/drivers/virt/coco/tdx-host/tdx-host.c\n@@ -0,0 +1,43 @@\n+// SPDX-License-Identifier: GPL-2.0\n+/*\n+ * TDX host user interface driver\n+ *\n+ * Copyright (C) 2025 Intel Corporation\n+ */\n+\n+#include <linux/device/faux.h>\n+#include <linux/module.h>\n+#include <linux/mod_devicetable.h>\n+\n+#include <asm/cpu_device_id.h>\n+#include <asm/tdx.h>\n+\n+static const struct x86_cpu_id tdx_host_ids[] = {\n+\tX86_MATCH_FEATURE(X86_FEATURE_TDX_HOST_PLATFORM, NULL),\n+\t{}\n+};\n+MODULE_DEVICE_TABLE(x86cpu, tdx_host_ids);\n+\n+static struct faux_device *fdev;\n+\n+static int __init tdx_host_init(void)\n+{\n+\tif (!x86_match_cpu(tdx_host_ids) || !tdx_get_sysinfo())\n+\t\treturn -ENODEV;\n+\n+\tfdev = faux_device_create(KBUILD_MODNAME, NULL, NULL);\n+\tif (!fdev)\n+\t\treturn -ENODEV;\n+\n+\treturn 0;\n+}\n+module_init(tdx_host_init);\n+\n+static void __exit tdx_host_exit(void)\n+{\n+\tfaux_device_destroy(fdev);\n+}\n+module_exit(tdx_host_exit);\n+\n+MODULE_DESCRIPTION(\"TDX Host Services\");\n+MODULE_LICENSE(\"GPL\");\n", "prefixes": [ "v2", "15/31" ] }