lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <IA1PR11MB9495DB84D36A4CE19894DD31E7F2A@IA1PR11MB9495.namprd11.prod.outlook.com>
Date: Tue, 21 Oct 2025 13:42:44 +0000
From: "Reshetova, Elena" <elena.reshetova@...el.com>
To: "Annapurve, Vishal" <vannapurve@...gle.com>
CC: "Hansen, Dave" <dave.hansen@...el.com>, "Gao, Chao" <chao.gao@...el.com>,
	"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"x86@...nel.org" <x86@...nel.org>, "Chatre, Reinette"
	<reinette.chatre@...el.com>, "Weiny, Ira" <ira.weiny@...el.com>, "Huang, Kai"
	<kai.huang@...el.com>, "Williams, Dan J" <dan.j.williams@...el.com>,
	"yilun.xu@...ux.intel.com" <yilun.xu@...ux.intel.com>, "sagis@...gle.com"
	<sagis@...gle.com>, "paulmck@...nel.org" <paulmck@...nel.org>,
	"nik.borisov@...e.com" <nik.borisov@...e.com>, Borislav Petkov
	<bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin"
	<hpa@...or.com>, Ingo Molnar <mingo@...hat.com>, "Kirill A. Shutemov"
	<kas@...nel.org>, Paolo Bonzini <pbonzini@...hat.com>, "Edgecombe, Rick P"
	<rick.p.edgecombe@...el.com>, Thomas Gleixner <tglx@...utronix.de>
Subject: RE: [PATCH v2 00/21] Runtime TDX Module update support



> -----Original Message-----
> From: Vishal Annapurve <vannapurve@...gle.com>
> Sent: Saturday, October 18, 2025 3:02 AM
> To: Reshetova, Elena <elena.reshetova@...el.com>
> Cc: Hansen, Dave <dave.hansen@...el.com>; Gao, Chao
> <chao.gao@...el.com>; linux-coco@...ts.linux.dev; linux-
> kernel@...r.kernel.org; x86@...nel.org; Chatre, Reinette
> <reinette.chatre@...el.com>; Weiny, Ira <ira.weiny@...el.com>; Huang, Kai
> <kai.huang@...el.com>; Williams, Dan J <dan.j.williams@...el.com>;
> yilun.xu@...ux.intel.com; sagis@...gle.com; paulmck@...nel.org;
> nik.borisov@...e.com; Borislav Petkov <bp@...en8.de>; Dave Hansen
> <dave.hansen@...ux.intel.com>; H. Peter Anvin <hpa@...or.com>; Ingo Molnar
> <mingo@...hat.com>; Kirill A. Shutemov <kas@...nel.org>; Paolo Bonzini
> <pbonzini@...hat.com>; Edgecombe, Rick P <rick.p.edgecombe@...el.com>;
> Thomas Gleixner <tglx@...utronix.de>
> Subject: Re: [PATCH v2 00/21] Runtime TDX Module update support
> 
> On Fri, Oct 17, 2025 at 3:08 AM Reshetova, Elena
> <elena.reshetova@...el.com> wrote:
> >
> >
> > > > > ...
> > > > > > But the situation can be avoided fully, if TD preserving update is not
> > > > > conducted
> > > > > > during the TD build time.
> > > > >
> > > > > Sure, and the TDX module itself could guarantee this as well as much as
> > > > > the kernel could. It could decline to allow module updates during TD
> > > > > builds, or error out the TD build if it collides with an update.
> > > >
> > > > TDX module has a functionality to decline going into SHUTDOWN state
> > > > (pre-requisite for TD preserving update) if TD build or any problematic
> > > > operation is in progress. It requires VMM to opt-in into this feature.
> > >
> > > Is this opt-in enabled as part of this series? If not, what is the
> > > mechanism to enable this opt-in?
> >
> > For the information about how it works on TDX module side,
> > please consult the latest ABI spec, definition of TDH.SYS.SHUTDOWN leaf,
> > page 321:
> > https://cdrdv2.intel.com/v1/dl/getContent/733579
> >
> 
> Thanks Elena. Should the patch [1] from this series be modified to
> handle the TDX module shutdown as per:
> "If supported by the TDX Module, the host VMM can set the
> AVOID_COMPAT_SENSITIVE flag to request the TDX Module to fail
> TDH.SYS.UPDATE if any of the TDs are currently in a state that is
> impacted by the update-sensitive cases"
> 
> The documentation below doesn't make sense to me:
> "The compatibility checks done by TDH.SYS.UPDATE do not include the
> following cases:
> * If any TD was initialized by an older TDX Module that did enumerate
> TDX_FEATURES0.UPDATE_COMPATIBLITY as 1, TDH.SYS.SHUTDOWN does not
> check for a TD build in progress condition for that TD.
> * If any TD migration session is in progress, it was initialized by an
> older TDX Module that did enumerate TDX_FEATURES0.UPDATE_COMPATIBLITY
> as 1"
> 
> Was it supposed to say below?
> "If any TD was initialized by an older TDX Module that did enumerate
> TDX_FEATURES0.UPDATE_COMPATIBLITY as 0, TDH.SYS.SHUTDOWN does not

Yes, the spec error, thank you for catching this. Will be fixed. 
The correct text should say:

" If any TD was initialized by an older TDX Module that did *not* enumerate
TDX_FEATURES0.UPDATE_COMPATIBLITY as 1, TDH.SYS.SHUTDOWN does
not check for a TD build in progress condition for that TD.
If any TD migration session is in progress, and it was initialized by an older
TDX Module that did *not* enumerate TDX_FEATURES0.UPDATE_COMPATIBLITY as 1,
TDH.SYS.SHUTDOWN does not check for an interrupted TD migration function
condition for that TD."

Best Regards,
Elena.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ