| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aW3uHllXbIs2SVcL@intel.com> Date: Mon, 19 Jan 2026 16:41:02 +0800 From: Chao Gao <chao.gao@...el.com> To: Binbin Wu <binbin.wu@...ux.intel.com> CC: <linux-coco@...ts.linux.dev>, <linux-kernel@...r.kernel.org>, <x86@...nel.org>, <reinette.chatre@...el.com>, <ira.weiny@...el.com>, <kai.huang@...el.com>, <dan.j.williams@...el.com>, <yilun.xu@...ux.intel.com>, <sagis@...gle.com>, <vannapurve@...gle.com>, <paulmck@...nel.org>, <nik.borisov@...e.com>, Farrah Chen <farrah.chen@...el.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, "Kirill A. Shutemov" <kas@...nel.org>, Paolo Bonzini <pbonzini@...hat.com>, "Rick Edgecombe" <rick.p.edgecombe@...el.com> Subject: Re: [PATCH v2 14/21] x86/virt/seamldr: Shut down the current TDX module On Wed, Dec 03, 2025 at 10:24:58AM +0800, Binbin Wu wrote: > > >On 10/1/2025 10:52 AM, Chao Gao wrote: >> TDX Module updates request shutting down the existing TDX module. >> During this shutdown, the module generates hand-off data, which captures >> the module's states essential for preserving running TDs. The new TDX >> Module can utilize this hand-off data to establish its states. >> >> Invoke the TDH_SYS_SHUTDOWN SEAMCALL on one CPU to perform the shutdown. >> This SEAMCALL requires a hand-off module version. Use the module's own >> hand-off version, as it is the highest version the module can produce and >> is more likely to be compatible with new modules as new modules likely have >> higher hand-off version. > >According to the TDX module base spec (348549006), each TDX module is built with >TDX Module Handoff Constants, including No-Downgrade Flag. If the current TDX >module is built with NO_DOWNGRADE=1, the hand-off module version must be the >current TDX module's HV. > >This patch series doesn't seems to handle No-Downgrade Flag, IIUC it needs >to use the current TDX module's HV to avoid failures. Note: this patch always uses the current TDX module's HV. So, it won't fail regardlss of No-Downgrade flag. > >About "hand-off version" and "No-Downgrade Flag", I still have some questions. >Is it possible that two TDX module versions have the same hand-off version? Yes. >If the newer TDX module built with NO_DOWNGRADE=1, is it possible to downgrade >to the older TDX module when they are using the same hand-off version? AFAIK, this is possible in TDX architecture as long as the SEAMSVN (TDX module's SVN) doesn't downgrade. But for now, there is no plan to support downgrade (or roll-back) in any case as it may result in lost features and cause compatibility issues. so, the userspace tool [1] now rejects any downgrade attempts [1]: https://github.com/intel/confidential-computing.tdx.tdx-module.binaries/blob/28a4baabc268b1998ec553ab9009f4fd3efd309d/version_select_and_load.py#L301
Powered by blists - more mailing lists