From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1013FC433F5 for ; Mon, 11 Oct 2021 18:39:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E25E460F0F for ; Mon, 11 Oct 2021 18:38:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231439AbhJKSk7 (ORCPT ); Mon, 11 Oct 2021 14:40:59 -0400 Received: from mga01.intel.com ([192.55.52.88]:30833 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229542AbhJKSk6 (ORCPT ); Mon, 11 Oct 2021 14:40:58 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10134"; a="250332208" X-IronPort-AV: E=Sophos;i="5.85,365,1624345200"; d="scan'208";a="250332208" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2021 11:38:57 -0700 X-IronPort-AV: E=Sophos;i="5.85,365,1624345200"; d="scan'208";a="440901786" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.255.229.69]) ([10.255.229.69]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2021 11:38:56 -0700 Message-ID: <2c03ae77-640e-fc25-a65b-2416f090281d@linux.intel.com> Date: Mon, 11 Oct 2021 11:38:55 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH v10 02/11] x86/tdx: Introduce INTEL_TDX_GUEST config option Content-Language: en-US To: Josh Poimboeuf , Kuppuswamy Sathyanarayanan Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Paolo Bonzini , David Hildenbrand , Andrea Arcangeli , Juergen Gross , Deep Shah , VMware Inc , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Peter H Anvin , Dave Hansen , Tony Luck , Dan Williams , Kirill Shutemov , Sean Christopherson , Kuppuswamy Sathyanarayanan , linux-kernel@vger.kernel.org References: <20211009053747.1694419-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20211009053747.1694419-3-sathyanarayanan.kuppuswamy@linux.intel.com> <20211011181948.fkt7o2fezmuyynze@treble> From: Andi Kleen In-Reply-To: <20211011181948.fkt7o2fezmuyynze@treble> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/11/2021 11:19 AM, Josh Poimboeuf wrote: > On Fri, Oct 08, 2021 at 10:37:38PM -0700, Kuppuswamy Sathyanarayanan wrote: >> +config INTEL_TDX_GUEST >> + bool "Intel Trusted Domain Extensions (TDX) Guest Support" >> + depends on X86_64 && CPU_SUP_INTEL && PARAVIRT >> + depends on SECURITY >> + depends on X86_X2APIC >> + help >> + Provide support for running in a trusted domain on Intel processors >> + equipped with Trusted Domain Extensions. TDX is a Intel technology >> + that extends VMX and Memory Encryption with a new kind of virtual >> + machine guest called Trust Domain (TD). A TD is designed to run in >> + a CPU mode that protects the confidentiality of TD memory contents >> + and the TD’s CPU state from other software, including VMM. TDX guest >> + uses virtual X2APIC for interrupt management. > Why does it depend on SECURITY? It should at least be explained in the > commit message. It can be dropped, it was only needed in an earlier version that used a LSM. -Andi >