On 6/4/23 07:27, Kai Huang wrote: > Start to transit out the "multi-steps" to initialize the TDX module. > > TDX provides increased levels of memory confidentiality and integrity. > This requires special hardware support for features like memory > encryption and storage of memory integrity checksums. Not all memory > satisfies these requirements. > > As a result, TDX introduced the concept of a "Convertible Memory Region" > (CMR). During boot, the firmware builds a list of all of the memory > ranges which can provide the TDX security guarantees. > > CMRs tell the kernel which memory is TDX compatible. The kernel takes > CMRs (plus a little more metadata) and constructs "TD Memory Regions" > (TDMRs). TDMRs let the kernel grant TDX protections to some or all of > the CMR areas. > > The TDX module also reports necessary information to let the kernel > build TDMRs and run TDX guests in structure 'tdsysinfo_struct'. The > list of CMRs, along with the TDX module information, is available to > the kernel by querying the TDX module. > > As a preparation to construct TDMRs, get the TDX module information and > the list of CMRs. Print out CMRs to help user to decode which memory > regions are TDX convertible. > > The 'tdsysinfo_struct' is fairly large (1024 bytes) and contains a lot > of info about the TDX module. Fully define the entire structure, but > only use the fields necessary to build the TDMRs and pr_info() some > basics about the module. The rest of the fields will get used by KVM. > > For now both 'tdsysinfo_struct' and CMRs are only used during the module > initialization. But because they are both relatively big, declare them > inside the module initialization function but as static variables. > > Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx> > Reviewed-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> Reviewed-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
