Re: [PATCH v7 04/20] x86/virt/tdx: Add skeleton to initialize TDX on demand

From: Dave Hansen
Date: Tue Nov 22 2022 - 10:36:13 EST


On 11/22/22 02:31, Thomas Gleixner wrote:
> Nothing in the TDX specs and docs mentions physical hotplug or a
> requirement for invoking seamcall on the world.

The TDX module source is actually out there[1] for us to look at. It's
in a lovely, convenient zip file, but you can read it if sufficiently
motivated.

It has this lovely nugget in it:

WARNING!!! Proprietary License!! Avert your virgin eyes!!!

> if (tdx_global_data_ptr->num_of_init_lps < tdx_global_data_ptr->num_of_lps)
> {
> TDX_ERROR("Num of initialized lps %d is smaller than total num of lps %d\n",
> tdx_global_data_ptr->num_of_init_lps, tdx_global_data_ptr->num_of_lps);
> retval = TDX_SYS_CONFIG_NOT_PENDING;
> goto EXIT;
> }

tdx_global_data_ptr->num_of_init_lps is incremented at TDH.SYS.INIT
time. That if() is called at TDH.SYS.CONFIG time to help bring the
module up.

So, I think you're right. I don't see the docs that actually *explain*
this "you must seamcall all the things" requirement.

1.
https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html