On Wed, 2022-08-03 at 11:40 +0800, Binbin Wu wrote: > host kernel is also not in TDX's TCB either, what would happen if kernel > doesn't > do anything in case of buggy BIOS? How does TDX handle the case to > enforce the > secure of TDs? TDX doesn't support hot-add or hot-removal CPU from TDX' security perimeter at runtime. Even BIOS/kernel can ever bring up new CPUs at runtime, the new CPUs cannot run within TDX's security domain, in which case TDX's security isn't compromised. If kernel schedules a TD to a new added CPU, then AFAICT the behaviour is TDX module implementation specific but not architectural. A reasonable behaviour would be the TDENTER should refuse to run when the CPU isn't verified by TDX during boot. If any CPU is hot-removed, then the security's TDX isn't compromised, but TDX is not guaranteed to functionally work anymore. -- Thanks, -Kai