arch/x86/tdx.rst

1 .. SPDX-License-Identifier: GPL-2.0
19 TDX includes new hypercall-like mechanisms for communicating from the
25 TDX guests behave differently from bare-metal and traditional VMX guests.
32 Instruction-based #VE
33 ---------------------
35 - Port I/O (INS, OUTS, IN, OUT)
36 - HLT
37 - MONITOR, MWAIT
38 - WBINVD, INVD
39 - VMCALL
40 - RDMSR*,WRMSR*
41 - CPUID*
43 Instruction-based #GP
44 ---------------------
46 - All VMX instructions: INVEPT, INVVPID, VMCLEAR, VMFUNC, VMLAUNCH,
48 - ENCLS, ENCLU
49 - GETSEC
50 - RSM
51 - ENQCMD
52 - RDMSR*,WRMSR*
55 --------------------
59 - #GP generated
60 - #VE generated
61 - "Just works"
76 --------------
78 For some CPUID leaves and sub-leaves, the virtualized bit fields of CPUID
83 - Bit fields for which the hypervisor controls the value seen by the guest
86 - Bit fields for which the hypervisor configures the value such that the
91 A #VE is generated for CPUID leaves and sub-leaves that the TDX module does
110 --------------------
121 stacks.  A good rule of thumb is that hypervisor-shared memory should be
130 --------------------
138 A modest amount of memory (typically 512M) is pre-accepted by the firmware
165 #VE-triggering actions (discussed above) while this block is in place.
172 In non-TDX VMs, MMIO is usually implemented by giving a guest access to a
237 from the TDX module. TDREPORT is a fixed-size data structure generated by
238 the TDX module which contains guest-specific information (such as build
240 the integrity of the TDREPORT. A user-provided 64-Byte REPORTDATA is used
242 provided by attestation service so the TDREPORT can be verified uniquely.
248 by design can only be verified on the local platform as the MAC key is
261 https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.…