** Description changed: Since 6.16, TDX host is supported in the kernel but is incompatible with kexec. A cache flush is required in case TDX has been enabled before doing a kexec to avoid silent memory corruption in the new kernel. - An upstream submission [0] fix this. However the second kernel cannot use TDX itself. - The upstream submission is now a v8 and is likely to be merged soon. + An upstream submission [0] fix this. The upstream submission is now a v8 and is likely to be merged soon. + 4 conditions are required at runtime to enable TDX Host: + - Hibernation disabled. + - TDX enabled in the bios. + - kvm_intel.tdx=1 set in the bootcommand line. + - Hardware support. - To enable TDX host, hibernation needs to be disabled, TDX enabled in the bios and a tdx module parameter set to 1. - In specific platforms (SPR/EMR), matching all those conditions will disable kexec due to hardware limitations. + Two limitation are coming with this submission: + - In specific platforms (SPR/EMR), enabling TDX (all conditions fulfilled) will disable kexec due to hardware limitations. + - After kexec, TDX can't be used. This error will manifest by having a dmesg entry similar to: + + virt/tdx: SEAMCALL (0x0000000000000021) failed: 0xc000050000000000 + This has been applied on top of questing Ubuntu-6.17.0-3.3 and tested on - supported hardware by enabling TDX and kexec into a new kernel. + supported hardware by enabling TDX and using kexec into a new kernel. [0] : https://lore.kernel.org/all/[email protected]/
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2121873 Title: Support TDX host in questing Status in linux package in Ubuntu: In Progress Status in linux source package in Questing: In Progress Bug description: Since 6.16, TDX host is supported in the kernel but is incompatible with kexec. A cache flush is required in case TDX has been enabled before doing a kexec to avoid silent memory corruption in the new kernel. An upstream submission [0] fix this. The upstream submission is now a v8 and is likely to be merged soon. 4 conditions are required at runtime to enable TDX Host: - Hibernation disabled. - TDX enabled in the bios. - kvm_intel.tdx=1 set in the bootcommand line. - Hardware support. Two limitation are coming with this submission: - In specific platforms (SPR/EMR), enabling TDX (all conditions fulfilled) will disable kexec due to hardware limitations. - After kexec, TDX can't be used. This error will manifest by having a dmesg entry similar to: virt/tdx: SEAMCALL (0x0000000000000021) failed: 0xc000050000000000 This has been applied on top of questing Ubuntu-6.17.0-3.3 and tested on supported hardware by enabling TDX and using kexec into a new kernel. [0] : https://lore.kernel.org/all/[email protected]/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2121873/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
