On Wed, 2025-04-16 at 13:54 +0800, Binbin Wu wrote: > Handle TDVMCALL for GetQuote to generate a TD-Quote. > > GetQuote is a doorbell-like interface used by TDX guests to request VMM > to generate a TD-Quote signed by a service hosting TD-Quoting Enclave > operating on the host. A TDX guest passes a TD Report (TDREPORT_STRUCT) in > a shared-memory area as parameter. Host VMM can access it and queue the > operation for a service hosting TD-Quoting enclave. When completed, the > Quote is returned via the same shared-memory area. > > KVM only checks the GPA from the TDX guest has the shared-bit set and drops > the shared-bit before exiting to userspace to avoid bleeding the shared-bit > into KVM's exit ABI. KVM forwards the request to userspace VMM (e.g. QEMU) > and userspace VMM queues the operation asynchronously. KVM sets the return > code according to the 'ret' field set by userspace to notify the TDX guest > whether the request has been queued successfully or not. When the request > has been queued successfully, the TDX guest can poll the status field in > the shared-memory area to check whether the Quote generation is completed > or not. When completed, the generated Quote is returned via the same > buffer. > > Add KVM_EXIT_TDX_GET_QUOTE as a new exit reason to userspace. > > Signed-off-by: Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx> > Tested-by: Mikko Ylinen <mikko.ylinen@xxxxxxxxxxxxxxx> Acked-by: Kai Huang <kai.huang@xxxxxxxxx>
