> From: Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx> > Sent: Friday, June 27, 2025 8:35 PM > [...] > From: Yunhong Jiang <yunhong.jiang@xxxxxxxxxxxxxxx> > > The hypervisor is an untrusted entity for TDX guests. It cannot be used > to boot secondary CPUs - neither via hypercalls not the INIT assert, > de-assert plus Start-Up IPI messages. > > Instead, the platform virtual firmware boots the secondary CPUs and > puts them in a state to transfer control to the kernel. This mechanism uses > the wakeup mailbox described in the Multiprocessor Wakeup Structure of the > ACPI specification. The entry point to the kernel is trampoline_start64. > > Allocate and setup the trampoline using the default x86_platform callbacks. > > The platform firmware configures the secondary CPUs in long mode. It is no > longer necessary to locate the trampoline under 1MB memory. After handoff > from firmware, the trampoline code switches briefly to 32-bit addressing > mode, which has an addressing limit of 4GB. Set the upper bound of the > trampoline memory accordingly. > > Reviewed-by: Michael Kelley <mhklinux@xxxxxxxxxxx> > Signed-off-by: Yunhong Jiang <yunhong.jiang@xxxxxxxxxxxxxxx> > Signed-off-by: Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx> > --- LGTM Reviewed-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
