lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <IA1PR11MB9495BB77A4FAFBD78600416AE7F6A@IA1PR11MB9495.namprd11.prod.outlook.com>
Date: Fri, 17 Oct 2025 10:08:46 +0000
From: "Reshetova, Elena" <elena.reshetova@...el.com>
To: "Annapurve, Vishal" <vannapurve@...gle.com>
CC: "Hansen, Dave" <dave.hansen@...el.com>, "Gao, Chao" <chao.gao@...el.com>,
	"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"x86@...nel.org" <x86@...nel.org>, "Chatre, Reinette"
	<reinette.chatre@...el.com>, "Weiny, Ira" <ira.weiny@...el.com>, "Huang, Kai"
	<kai.huang@...el.com>, "Williams, Dan J" <dan.j.williams@...el.com>,
	"yilun.xu@...ux.intel.com" <yilun.xu@...ux.intel.com>, "sagis@...gle.com"
	<sagis@...gle.com>, "paulmck@...nel.org" <paulmck@...nel.org>,
	"nik.borisov@...e.com" <nik.borisov@...e.com>, Borislav Petkov
	<bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin"
	<hpa@...or.com>, Ingo Molnar <mingo@...hat.com>, "Kirill A. Shutemov"
	<kas@...nel.org>, Paolo Bonzini <pbonzini@...hat.com>, "Edgecombe, Rick P"
	<rick.p.edgecombe@...el.com>, Thomas Gleixner <tglx@...utronix.de>
Subject: RE: [PATCH v2 00/21] Runtime TDX Module update support



> -----Original Message-----
> From: Vishal Annapurve <vannapurve@...gle.com>
> Sent: Thursday, October 16, 2025 8:48 PM
> To: Reshetova, Elena <elena.reshetova@...el.com>
> Cc: Hansen, Dave <dave.hansen@...el.com>; Gao, Chao
> <chao.gao@...el.com>; linux-coco@...ts.linux.dev; linux-
> kernel@...r.kernel.org; x86@...nel.org; Chatre, Reinette
> <reinette.chatre@...el.com>; Weiny, Ira <ira.weiny@...el.com>; Huang, Kai
> <kai.huang@...el.com>; Williams, Dan J <dan.j.williams@...el.com>;
> yilun.xu@...ux.intel.com; sagis@...gle.com; paulmck@...nel.org;
> nik.borisov@...e.com; Borislav Petkov <bp@...en8.de>; Dave Hansen
> <dave.hansen@...ux.intel.com>; H. Peter Anvin <hpa@...or.com>; Ingo Molnar
> <mingo@...hat.com>; Kirill A. Shutemov <kas@...nel.org>; Paolo Bonzini
> <pbonzini@...hat.com>; Edgecombe, Rick P <rick.p.edgecombe@...el.com>;
> Thomas Gleixner <tglx@...utronix.de>
> Subject: Re: [PATCH v2 00/21] Runtime TDX Module update support
> 
> On Wed, Oct 15, 2025 at 11:46 PM Reshetova, Elena
> <elena.reshetova@...el.com> wrote:
> >
> > > ...
> > > > But the situation can be avoided fully, if TD preserving update is not
> > > conducted
> > > > during the TD build time.
> > >
> > > Sure, and the TDX module itself could guarantee this as well as much as
> > > the kernel could. It could decline to allow module updates during TD
> > > builds, or error out the TD build if it collides with an update.
> >
> > TDX module has a functionality to decline going into SHUTDOWN state
> > (pre-requisite for TD preserving update) if TD build or any problematic
> > operation is in progress. It requires VMM to opt-in into this feature.
> 
> Is this opt-in enabled as part of this series? If not, what is the
> mechanism to enable this opt-in?

For the information about how it works on TDX module side, 
please consult the latest ABI spec, definition of TDH.SYS.SHUTDOWN leaf,
page 321:
https://cdrdv2.intel.com/v1/dl/getContent/733579

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ