€•þ      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ*/translations/zh_CN/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/zh_TW/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/it_IT/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/ja_JP/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/ko_KR/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/pt_BR/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/sp_SP/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1hµhhh²hh³ŒD/var/lib/git/docbuild/linux/Documentation/virt/kvm/x86/intel-tdx.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ#Intel Trust Domain Extensions (TDX)”h]”hŒ#Intel Trust Domain Extensions (TDX)”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒOverview”h]”hŒOverview”…””}”(hhàh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÝh²hh³hÇh´KubhŒ	paragraph”“”)”}”(hX  Intel's Trust Domain Extensions (TDX) protect confidential guest VMs from the
host and physical attacks.  A CPU-attested software module called 'the TDX
module' runs inside a new CPU isolated range to provide the functionalities to
manage and run protected VMs, a.k.a, TDX guests or TDs.”h]”hX%  Intelâ€™s Trust Domain Extensions (TDX) protect confidential guest VMs from the
host and physical attacks.  A CPU-attested software module called â€˜the TDX
moduleâ€™ runs inside a new CPU isolated range to provide the functionalities to
manage and run protected VMs, a.k.a, TDX guests or TDs.”…””}”(hhðh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K	hhÝh²hubhï)”}”(hŒKPlease refer to [1] for the whitepaper, specifications and other resources.”h]”hŒKPlease refer to [1] for the whitepaper, specifications and other resources.”…””}”(hhþh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KhhÝh²hubhï)”}”(hX  This documentation describes TDX-specific KVM ABIs.  The TDX module needs to be
initialized before it can be used by KVM to run any TDX guests.  The host
core-kernel provides the support of initializing the TDX module, which is
described in the Documentation/arch/x86/tdx.rst.”h]”hX  This documentation describes TDX-specific KVM ABIs.  The TDX module needs to be
initialized before it can be used by KVM to run any TDX guests.  The host
core-kernel provides the support of initializing the TDX module, which is
described in the Documentation/arch/x86/tdx.rst.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KhhÝh²hubeh}”(h]”Œoverview”ah ]”h"]”Œoverview”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒAPI description”h]”hŒAPI description”…””}”(hj%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj"  h²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM_MEMORY_ENCRYPT_OP”h]”hŒKVM_MEMORY_ENCRYPT_OP”…””}”(hj6  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj3  h²hh³hÇh´KubhŒ
field_list”“”)”}”(hhh]”hŒfield”“”)”}”(hhh]”(hŒ
field_name”“”)”}”(hŒType”h]”hŒType”…””}”(hjP  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjK  h³hÇh´K ubhŒ
field_body”“”)”}”(hŒvm ioctl, vcpu ioctl
”h]”hï)”}”(hŒvm ioctl, vcpu ioctl”h]”hŒvm ioctl, vcpu ioctl”…””}”(hjd  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Khj`  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjK  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KhjF  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jD  hj3  h²hh³hÇh´Kubhï)”}”(hŒtFor TDX operations, KVM_MEMORY_ENCRYPT_OP is re-purposed to be generic
ioctl with TDX specific sub-ioctl() commands.”h]”hŒtFor TDX operations, KVM_MEMORY_ENCRYPT_OP is re-purposed to be generic
ioctl with TDX specific sub-ioctl() commands.”…””}”(hj„  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Khj3  h²hubhŒliteral_block”“”)”}”(hX,  /* Trust Domain Extensions sub-ioctl() commands. */
enum kvm_tdx_cmd_id {
        KVM_TDX_CAPABILITIES = 0,
        KVM_TDX_INIT_VM,
        KVM_TDX_INIT_VCPU,
        KVM_TDX_INIT_MEM_REGION,
        KVM_TDX_FINALIZE_VM,
        KVM_TDX_GET_CPUID,

        KVM_TDX_CMD_NR_MAX,
};

struct kvm_tdx_cmd {
      /* enum kvm_tdx_cmd_id */
      __u32 id;
      /* flags for sub-command. If sub-command doesn't use this, set zero. */
      __u32 flags;
      /*
       * data for each sub-command. An immediate or a pointer to the actual
       * data in process virtual address.  If sub-command doesn't use it,
       * set zero.
       */
      __u64 data;
      /*
       * Auxiliary error code.  The sub-command may return TDX SEAMCALL
       * status code in addition to -Exxx.
       */
      __u64 hw_error;
};”h]”hX,  /* Trust Domain Extensions sub-ioctl() commands. */
enum kvm_tdx_cmd_id {
        KVM_TDX_CAPABILITIES = 0,
        KVM_TDX_INIT_VM,
        KVM_TDX_INIT_VCPU,
        KVM_TDX_INIT_MEM_REGION,
        KVM_TDX_FINALIZE_VM,
        KVM_TDX_GET_CPUID,

        KVM_TDX_CMD_NR_MAX,
};

struct kvm_tdx_cmd {
      /* enum kvm_tdx_cmd_id */
      __u32 id;
      /* flags for sub-command. If sub-command doesn't use this, set zero. */
      __u32 flags;
      /*
       * data for each sub-command. An immediate or a pointer to the actual
       * data in process virtual address.  If sub-command doesn't use it,
       * set zero.
       */
      __u64 data;
      /*
       * Auxiliary error code.  The sub-command may return TDX SEAMCALL
       * status code in addition to -Exxx.
       */
      __u64 hw_error;
};”…””}”hj”  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j’  h³hÇh´K!hj3  h²hubeh}”(h]”Œkvm-memory-encrypt-op”ah ]”h"]”Œkvm_memory_encrypt_op”ah$]”h&]”uh1hÈhj"  h²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM_TDX_CAPABILITIES”h]”hŒKVM_TDX_CAPABILITIES”…””}”(hj­  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjª  h²hh³hÇh´K@ubjE  )”}”(hhh]”(jJ  )”}”(hhh]”(jO  )”}”(hŒType”h]”hŒType”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj¾  h³hÇh´K ubj_  )”}”(hŒvm ioctl”h]”hï)”}”(hjÑ  h]”hŒvm ioctl”…””}”(hjÓ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KAhjÏ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hj¾  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KAhj»  h²hubjJ  )”}”(hhh]”(jO  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjï  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjì  h³hÇh´K ubj_  )”}”(hŒ0 on success, <0 on error
”h]”hï)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KBhjý  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjì  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KBhj»  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1jD  hjª  h²hh³hÇh´KAubhï)”}”(hŒ¾Return the TDX capabilities that current KVM supports with the specific TDX
module loaded in the system.  It reports what features/capabilities are allowed
to be configured to the TDX guest.”h]”hŒ¾Return the TDX capabilities that current KVM supports with the specific TDX
module loaded in the system.  It reports what features/capabilities are allowed
to be configured to the TDX guest.”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KDhjª  h²hubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒid: KVM_TDX_CAPABILITIES”h]”hï)”}”(hj8  h]”hŒid: KVM_TDX_CAPABILITIES”…””}”(hj:  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KHhj6  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj1  h²hh³hÇh´Nubj5  )”}”(hŒflags: must be 0”h]”hï)”}”(hjO  h]”hŒflags: must be 0”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KIhjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj1  h²hh³hÇh´Nubj5  )”}”(hŒ,data: pointer to struct kvm_tdx_capabilities”h]”hï)”}”(hjf  h]”hŒ,data: pointer to struct kvm_tdx_capabilities”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KJhjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj1  h²hh³hÇh´Nubj5  )”}”(hŒhw_error: must be 0
”h]”hï)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KKhj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj1  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j/  h³hÇh´KHhjª  h²hubj“  )”}”(hX\  struct kvm_tdx_capabilities {
      __u64 supported_attrs;
      __u64 supported_xfam;

      /* TDG.VP.VMCALL hypercalls executed in kernel and forwarded to
       * userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r11;
      __u64 user_tdvmcallinfo_1_r11;

      /* TDG.VP.VMCALL instruction executions subfunctions executed in kernel
       * and forwarded to userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r12;
      __u64 user_tdvmcallinfo_1_r12;

      __u64 reserved[250];

      /* Configurable CPUID bits for userspace */
      struct kvm_cpuid2 cpuid;
};”h]”hX\  struct kvm_tdx_capabilities {
      __u64 supported_attrs;
      __u64 supported_xfam;

      /* TDG.VP.VMCALL hypercalls executed in kernel and forwarded to
       * userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r11;
      __u64 user_tdvmcallinfo_1_r11;

      /* TDG.VP.VMCALL instruction executions subfunctions executed in kernel
       * and forwarded to userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r12;
      __u64 user_tdvmcallinfo_1_r12;

      __u64 reserved[250];

      /* Configurable CPUID bits for userspace */
      struct kvm_cpuid2 cpuid;
};”…””}”hj›  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j’  h³hÇh´KOhjª  h²hubeh}”(h]”Œkvm-tdx-capabilities”ah ]”h"]”Œkvm_tdx_capabilities”ah$]”h&]”uh1hÈhj"  h²hh³hÇh´K@ubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM_TDX_INIT_VM”h]”hŒKVM_TDX_INIT_VM”…””}”(hj´  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj±  h²hh³hÇh´KgubjE  )”}”(hhh]”(jJ  )”}”(hhh]”(jO  )”}”(hŒType”h]”hŒType”…””}”(hjÈ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjÅ  h³hÇh´K ubj_  )”}”(hŒvm ioctl”h]”hï)”}”(hjØ  h]”hŒvm ioctl”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KhhjÖ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjÅ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KhhjÂ  h²hubjJ  )”}”(hhh]”(jO  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjö  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjó  h³hÇh´K ubj_  )”}”(hŒ0 on success, <0 on error
”h]”hï)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kihj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjó  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KihjÂ  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1jD  hj±  h²hh³hÇh´Khubhï)”}”(hŒsPerform TDX specific VM initialization.  This needs to be called after
KVM_CREATE_VM and before creating any VCPUs.”h]”hŒsPerform TDX specific VM initialization.  This needs to be called after
KVM_CREATE_VM and before creating any VCPUs.”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kkhj±  h²hubj0  )”}”(hhh]”(j5  )”}”(hŒid: KVM_TDX_INIT_VM”h]”hï)”}”(hj;  h]”hŒid: KVM_TDX_INIT_VM”…””}”(hj=  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Knhj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj6  h²hh³hÇh´Nubj5  )”}”(hŒflags: must be 0”h]”hï)”}”(hjR  h]”hŒflags: must be 0”…””}”(hjT  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KohjP  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj6  h²hh³hÇh´Nubj5  )”}”(hŒ'data: pointer to struct kvm_tdx_init_vm”h]”hï)”}”(hji  h]”hŒ'data: pointer to struct kvm_tdx_init_vm”…””}”(hjk  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kphjg  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj6  h²hh³hÇh´Nubj5  )”}”(hŒhw_error: must be 0
”h]”hï)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hj‚  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kqhj~  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj6  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j™  jš  uh1j/  h³hÇh´Knhj±  h²hubj“  )”}”(hXŽ  struct kvm_tdx_init_vm {
        __u64 attributes;
        __u64 xfam;
        __u64 mrconfigid[6];          /* sha384 digest */
        __u64 mrowner[6];             /* sha384 digest */
        __u64 mrownerconfig[6];       /* sha384 digest */

        /* The total space for TD_PARAMS before the CPUIDs is 256 bytes */
        __u64 reserved[12];

      /*
       * Call KVM_TDX_INIT_VM before vcpu creation, thus before
       * KVM_SET_CPUID2.
       * This configuration supersedes KVM_SET_CPUID2s for VCPUs because the
       * TDX module directly virtualizes those CPUIDs without VMM.  The user
       * space VMM, e.g. qemu, should make KVM_SET_CPUID2 consistent with
       * those values.  If it doesn't, KVM may have wrong idea of vCPUIDs of
       * the guest, and KVM may wrongly emulate CPUIDs or MSRs that the TDX
       * module doesn't virtualize.
       */
        struct kvm_cpuid2 cpuid;
};”h]”hXŽ  struct kvm_tdx_init_vm {
        __u64 attributes;
        __u64 xfam;
        __u64 mrconfigid[6];          /* sha384 digest */
        __u64 mrowner[6];             /* sha384 digest */
        __u64 mrownerconfig[6];       /* sha384 digest */

        /* The total space for TD_PARAMS before the CPUIDs is 256 bytes */
        __u64 reserved[12];

      /*
       * Call KVM_TDX_INIT_VM before vcpu creation, thus before
       * KVM_SET_CPUID2.
       * This configuration supersedes KVM_SET_CPUID2s for VCPUs because the
       * TDX module directly virtualizes those CPUIDs without VMM.  The user
       * space VMM, e.g. qemu, should make KVM_SET_CPUID2 consistent with
       * those values.  If it doesn't, KVM may have wrong idea of vCPUIDs of
       * the guest, and KVM may wrongly emulate CPUIDs or MSRs that the TDX
       * module doesn't virtualize.
       */
        struct kvm_cpuid2 cpuid;
};”…””}”hjœ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j’  h³hÇh´Kuhj±  h²hubeh}”(h]”Œkvm-tdx-init-vm”ah ]”h"]”Œkvm_tdx_init_vm”ah$]”h&]”uh1hÈhj"  h²hh³hÇh´KgubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM_TDX_INIT_VCPU”h]”hŒKVM_TDX_INIT_VCPU”…””}”(hjµ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj²  h²hh³hÇh´KŽubjE  )”}”(hhh]”(jJ  )”}”(hhh]”(jO  )”}”(hŒType”h]”hŒType”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjÆ  h³hÇh´K ubj_  )”}”(hŒ
vcpu ioctl”h]”hï)”}”(hjÙ  h]”hŒ
vcpu ioctl”…””}”(hjÛ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Khj×  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjÆ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KhjÃ  h²hubjJ  )”}”(hhh]”(jO  )”}”(hŒReturns”h]”hŒReturns”…””}”(hj÷  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjô  h³hÇh´K ubj_  )”}”(hŒ0 on success, <0 on error
”h]”hï)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjô  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KhjÃ  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1jD  hj²  h²hh³hÇh´Kubhï)”}”(hŒ)Perform TDX specific VCPU initialization.”h]”hŒ)Perform TDX specific VCPU initialization.”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K’hj²  h²hubj0  )”}”(hhh]”(j5  )”}”(hŒid: KVM_TDX_INIT_VCPU”h]”hï)”}”(hj<  h]”hŒid: KVM_TDX_INIT_VCPU”…””}”(hj>  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K”hj:  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj7  h²hh³hÇh´Nubj5  )”}”(hŒflags: must be 0”h]”hï)”}”(hjS  h]”hŒflags: must be 0”…””}”(hjU  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K•hjQ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj7  h²hh³hÇh´Nubj5  )”}”(hŒ,data: initial value of the guest TD VCPU RCX”h]”hï)”}”(hjj  h]”hŒ,data: initial value of the guest TD VCPU RCX”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K–hjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj7  h²hh³hÇh´Nubj5  )”}”(hŒhw_error: must be 0
”h]”hï)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K—hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj7  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j™  jš  uh1j/  h³hÇh´K”hj²  h²hubeh}”(h]”Œkvm-tdx-init-vcpu”ah ]”h"]”Œkvm_tdx_init_vcpu”ah$]”h&]”uh1hÈhj"  h²hh³hÇh´KŽubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM_TDX_INIT_MEM_REGION”h]”hŒKVM_TDX_INIT_MEM_REGION”…””}”(hj¨  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj¥  h²hh³hÇh´KšubjE  )”}”(hhh]”(jJ  )”}”(hhh]”(jO  )”}”(hŒType”h]”hŒType”…””}”(hj¼  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj¹  h³hÇh´K ubj_  )”}”(hŒ
vcpu ioctl”h]”hï)”}”(hjÌ  h]”hŒ
vcpu ioctl”…””}”(hjÎ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K›hjÊ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hj¹  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´K›hj¶  h²hubjJ  )”}”(hhh]”(jO  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjê  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjç  h³hÇh´K ubj_  )”}”(hŒ0 on success, <0 on error
”h]”hï)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hjü  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kœhjø  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjç  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´Kœhj¶  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1jD  hj¥  h²hh³hÇh´K›ubhï)”}”(hŒ˜Initialize @nr_pages TDX guest private memory starting from @gpa with userspace
provided data from @source_addr. @source_addr must be PAGE_SIZE-aligned.”h]”hŒ˜Initialize @nr_pages TDX guest private memory starting from @gpa with userspace
provided data from @source_addr. @source_addr must be PAGE_SIZE-aligned.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kžhj¥  h²hubhï)”}”(hŒ²Note, before calling this sub command, memory attribute of the range
[gpa, gpa + nr_pages] needs to be private.  Userspace can use
KVM_SET_MEMORY_ATTRIBUTES to set the attribute.”h]”hŒ²Note, before calling this sub command, memory attribute of the range
[gpa, gpa + nr_pages] needs to be private.  Userspace can use
KVM_SET_MEMORY_ATTRIBUTES to set the attribute.”…””}”(hj*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K¡hj¥  h²hubhï)”}”(hŒPIf KVM_TDX_MEASURE_MEMORY_REGION flag is specified, it also extends measurement.”h]”hŒPIf KVM_TDX_MEASURE_MEMORY_REGION flag is specified, it also extends measurement.”…””}”(hj8  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K¥hj¥  h²hubj0  )”}”(hhh]”(j5  )”}”(hŒid: KVM_TDX_INIT_MEM_REGION”h]”hï)”}”(hjK  h]”hŒid: KVM_TDX_INIT_MEM_REGION”…””}”(hjM  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K§hjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjF  h²hh³hÇh´Nubj5  )”}”(hŒ>flags: currently only KVM_TDX_MEASURE_MEMORY_REGION is defined”h]”hï)”}”(hjb  h]”hŒ>flags: currently only KVM_TDX_MEASURE_MEMORY_REGION is defined”…””}”(hjd  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K¨hj`  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjF  h²hh³hÇh´Nubj5  )”}”(hŒ/data: pointer to struct kvm_tdx_init_mem_region”h]”hï)”}”(hjy  h]”hŒ/data: pointer to struct kvm_tdx_init_mem_region”…””}”(hj{  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K©hjw  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjF  h²hh³hÇh´Nubj5  )”}”(hŒhw_error: must be 0
”h]”hï)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KªhjŽ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjF  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j™  jš  uh1j/  h³hÇh´K§hj¥  h²hubj“  )”}”(hŒ#define KVM_TDX_MEASURE_MEMORY_REGION   (1UL << 0)

struct kvm_tdx_init_mem_region {
        __u64 source_addr;
        __u64 gpa;
        __u64 nr_pages;
};”h]”hŒ#define KVM_TDX_MEASURE_MEMORY_REGION   (1UL << 0)

struct kvm_tdx_init_mem_region {
        __u64 source_addr;
        __u64 gpa;
        __u64 nr_pages;
};”…””}”hj¬  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j’  h³hÇh´K®hj¥  h²hubeh}”(h]”Œkvm-tdx-init-mem-region”ah ]”h"]”Œkvm_tdx_init_mem_region”ah$]”h&]”uh1hÈhj"  h²hh³hÇh´KšubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM_TDX_FINALIZE_VM”h]”hŒKVM_TDX_FINALIZE_VM”…””}”(hjÅ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjÂ  h²hh³hÇh´K¸ubjE  )”}”(hhh]”(jJ  )”}”(hhh]”(jO  )”}”(hŒType”h]”hŒType”…””}”(hjÙ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjÖ  h³hÇh´K ubj_  )”}”(hŒvm ioctl”h]”hï)”}”(hjé  h]”hŒvm ioctl”…””}”(hjë  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K¹hjç  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjÖ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´K¹hjÓ  h²hubjJ  )”}”(hhh]”(jO  )”}”(hŒReturns”h]”hŒReturns”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj  h³hÇh´K ubj_  )”}”(hŒ0 on success, <0 on error
”h]”hï)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kºhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KºhjÓ  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1jD  hjÂ  h²hh³hÇh´K¹ubhï)”}”(hŒIComplete measurement of the initial TD contents and mark it ready to run.”h]”hŒIComplete measurement of the initial TD contents and mark it ready to run.”…””}”(hj9  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K¼hjÂ  h²hubj0  )”}”(hhh]”(j5  )”}”(hŒid: KVM_TDX_FINALIZE_VM”h]”hï)”}”(hjL  h]”hŒid: KVM_TDX_FINALIZE_VM”…””}”(hjN  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K¾hjJ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjG  h²hh³hÇh´Nubj5  )”}”(hŒflags: must be 0”h]”hï)”}”(hjc  h]”hŒflags: must be 0”…””}”(hje  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K¿hja  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjG  h²hh³hÇh´Nubj5  )”}”(hŒdata: must be 0”h]”hï)”}”(hjz  h]”hŒdata: must be 0”…””}”(hj|  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÀhjx  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjG  h²hh³hÇh´Nubj5  )”}”(hŒhw_error: must be 0

”h]”hï)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÁhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjG  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j™  jš  uh1j/  h³hÇh´K¾hjÂ  h²hubeh}”(h]”Œkvm-tdx-finalize-vm”ah ]”h"]”Œkvm_tdx_finalize_vm”ah$]”h&]”uh1hÈhj"  h²hh³hÇh´K¸ubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM_TDX_GET_CPUID”h]”hŒKVM_TDX_GET_CPUID”…””}”(hj¸  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjµ  h²hh³hÇh´KÅubjE  )”}”(hhh]”(jJ  )”}”(hhh]”(jO  )”}”(hŒType”h]”hŒType”…””}”(hjÌ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjÉ  h³hÇh´K ubj_  )”}”(hŒ
vcpu ioctl”h]”hï)”}”(hjÜ  h]”hŒ
vcpu ioctl”…””}”(hjÞ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÆhjÚ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hjÉ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KÆhjÆ  h²hubjJ  )”}”(hhh]”(jO  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjú  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj÷  h³hÇh´K ubj_  )”}”(hŒ0 on success, <0 on error
”h]”hï)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÇhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j^  hj÷  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jI  h³hÇh´KÇhjÆ  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1jD  hjµ  h²hh³hÇh´KÆubhï)”}”(hŒçGet the CPUID values that the TDX module virtualizes for the TD guest.
When it returns -E2BIG, the user space should allocate a larger buffer and
retry. The minimum buffer size is updated in the nent field of the
struct kvm_cpuid2.”h]”hŒçGet the CPUID values that the TDX module virtualizes for the TD guest.
When it returns -E2BIG, the user space should allocate a larger buffer and
retry. The minimum buffer size is updated in the nent field of the
struct kvm_cpuid2.”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÉhjµ  h²hubj0  )”}”(hhh]”(j5  )”}”(hŒid: KVM_TDX_GET_CPUID”h]”hï)”}”(hj?  h]”hŒid: KVM_TDX_GET_CPUID”…””}”(hjA  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÎhj=  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj:  h²hh³hÇh´Nubj5  )”}”(hŒflags: must be 0”h]”hï)”}”(hjV  h]”hŒflags: must be 0”…””}”(hjX  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÏhjT  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj:  h²hh³hÇh´Nubj5  )”}”(hŒ+data: pointer to struct kvm_cpuid2 (in/out)”h]”hï)”}”(hjm  h]”hŒ+data: pointer to struct kvm_cpuid2 (in/out)”…””}”(hjo  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÐhjk  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj:  h²hh³hÇh´Nubj5  )”}”(hŒhw_error: must be 0 (out)
”h]”hï)”}”(hŒhw_error: must be 0 (out)”h]”hŒhw_error: must be 0 (out)”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KÑhj‚  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj:  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j™  jš  uh1j/  h³hÇh´KÎhjµ  h²hubj“  )”}”(hX3  struct kvm_cpuid2 {
        __u32 nent;
        __u32 padding;
        struct kvm_cpuid_entry2 entries[0];
};

struct kvm_cpuid_entry2 {
        __u32 function;
        __u32 index;
        __u32 flags;
        __u32 eax;
        __u32 ebx;
        __u32 ecx;
        __u32 edx;
        __u32 padding[3];
};”h]”hX3  struct kvm_cpuid2 {
        __u32 nent;
        __u32 padding;
        struct kvm_cpuid_entry2 entries[0];
};

struct kvm_cpuid_entry2 {
        __u32 function;
        __u32 index;
        __u32 flags;
        __u32 eax;
        __u32 ebx;
        __u32 ecx;
        __u32 edx;
        __u32 padding[3];
};”…””}”hj   sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j’  h³hÇh´KÕhjµ  h²hubeh}”(h]”Œkvm-tdx-get-cpuid”ah ]”h"]”Œkvm_tdx_get_cpuid”ah$]”h&]”uh1hÈhj"  h²hh³hÇh´KÅubeh}”(h]”Œapi-description”ah ]”h"]”Œapi description”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒKVM TDX creation flow”h]”hŒKVM TDX creation flow”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj¾  h²hh³hÇh´Kçubhï)”}”(hŒhIn addition to the standard KVM flow, new TDX ioctls need to be called.  The
control flow is as follows:”h]”hŒhIn addition to the standard KVM flow, new TDX ioctls need to be called.  The
control flow is as follows:”…””}”(hjÏ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kèhj¾  h²hubhŒenumerated_list”“”)”}”(hhh]”(j5  )”}”(hŒvCheck system wide capability

* KVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
  is supported.
”h]”(hï)”}”(hŒCheck system wide capability”h]”hŒCheck system wide capability”…””}”(hjæ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Këhjâ  ubj0  )”}”(hhh]”j5  )”}”(hŒTKVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
is supported.
”h]”hï)”}”(hŒSKVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
is supported.”h]”hŒSKVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
is supported.”…””}”(hjû  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kíhj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjô  ubah}”(h]”h ]”h"]”h$]”h&]”j™  Œ*”uh1j/  h³hÇh´Kíhjâ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjß  h²hh³Nh´Nubj5  )”}”(hX”  Create VM

* KVM_CREATE_VM
* KVM_TDX_CAPABILITIES: Query TDX capabilities for creating TDX guests.
* KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
  support at VM level (TDX has its own limitation on this).
* KVM_SET_TSC_KHZ: Configure TD's TSC frequency if a different TSC frequency
  than host is desired.  This is Optional.
* KVM_TDX_INIT_VM: Pass TDX specific VM parameters.
”h]”(hï)”}”(hŒ	Create VM”h]”hŒ	Create VM”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kðhj  ubj0  )”}”(hhh]”(j5  )”}”(hŒKVM_CREATE_VM”h]”hï)”}”(hj3  h]”hŒKVM_CREATE_VM”…””}”(hj5  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kòhj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj.  ubj5  )”}”(hŒEKVM_TDX_CAPABILITIES: Query TDX capabilities for creating TDX guests.”h]”hï)”}”(hjJ  h]”hŒEKVM_TDX_CAPABILITIES: Query TDX capabilities for creating TDX guests.”…””}”(hjL  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KóhjH  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj.  ubj5  )”}”(hŒ€KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
support at VM level (TDX has its own limitation on this).”h]”hï)”}”(hŒ€KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
support at VM level (TDX has its own limitation on this).”h]”hŒ€KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
support at VM level (TDX has its own limitation on this).”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kôhj_  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj.  ubj5  )”}”(hŒsKVM_SET_TSC_KHZ: Configure TD's TSC frequency if a different TSC frequency
than host is desired.  This is Optional.”h]”hï)”}”(hŒsKVM_SET_TSC_KHZ: Configure TD's TSC frequency if a different TSC frequency
than host is desired.  This is Optional.”h]”hŒuKVM_SET_TSC_KHZ: Configure TDâ€™s TSC frequency if a different TSC frequency
than host is desired.  This is Optional.”…””}”(hj{  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Köhjw  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj.  ubj5  )”}”(hŒ2KVM_TDX_INIT_VM: Pass TDX specific VM parameters.
”h]”hï)”}”(hŒ1KVM_TDX_INIT_VM: Pass TDX specific VM parameters.”h]”hŒ1KVM_TDX_INIT_VM: Pass TDX specific VM parameters.”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Køhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj.  ubeh}”(h]”h ]”h"]”h$]”h&]”j™  j  uh1j/  h³hÇh´Kòhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjß  h²hh³Nh´Nubj5  )”}”(hŒ¥Create VCPU

* KVM_CREATE_VCPU
* KVM_TDX_INIT_VCPU: Pass TDX specific VCPU parameters.
* KVM_SET_CPUID2: Configure TD's CPUIDs.
* KVM_SET_MSRS: Configure TD's MSRs.
”h]”(hï)”}”(hŒCreate VCPU”h]”hŒCreate VCPU”…””}”(hj·  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kúhj³  ubj0  )”}”(hhh]”(j5  )”}”(hŒKVM_CREATE_VCPU”h]”hï)”}”(hjÊ  h]”hŒKVM_CREATE_VCPU”…””}”(hjÌ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KühjÈ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjÅ  ubj5  )”}”(hŒ5KVM_TDX_INIT_VCPU: Pass TDX specific VCPU parameters.”h]”hï)”}”(hjá  h]”hŒ5KVM_TDX_INIT_VCPU: Pass TDX specific VCPU parameters.”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kýhjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjÅ  ubj5  )”}”(hŒ&KVM_SET_CPUID2: Configure TD's CPUIDs.”h]”hï)”}”(hjø  h]”hŒ(KVM_SET_CPUID2: Configure TDâ€™s CPUIDs.”…””}”(hjú  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kþhjö  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjÅ  ubj5  )”}”(hŒ#KVM_SET_MSRS: Configure TD's MSRs.
”h]”hï)”}”(hŒ"KVM_SET_MSRS: Configure TD's MSRs.”h]”hŒ$KVM_SET_MSRS: Configure TDâ€™s MSRs.”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Kÿhj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjÅ  ubeh}”(h]”h ]”h"]”h$]”h&]”j™  j  uh1j/  h³hÇh´Kühj³  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjß  h²hh³Nh´Nubj5  )”}”(hŒÃInitialize initial guest memory

* Prepare content of initial guest memory.
* KVM_TDX_INIT_MEM_REGION: Add initial guest memory.
* KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.
”h]”(hï)”}”(hŒInitialize initial guest memory”h]”hŒInitialize initial guest memory”…””}”(hj5	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Mhj1	  ubj0  )”}”(hhh]”(j5  )”}”(hŒ(Prepare content of initial guest memory.”h]”hï)”}”(hjH	  h]”hŒ(Prepare content of initial guest memory.”…””}”(hjJ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´MhjF	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjC	  ubj5  )”}”(hŒ2KVM_TDX_INIT_MEM_REGION: Add initial guest memory.”h]”hï)”}”(hj_	  h]”hŒ2KVM_TDX_INIT_MEM_REGION: Add initial guest memory.”…””}”(hja	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Mhj]	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjC	  ubj5  )”}”(hŒ@KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.
”h]”hï)”}”(hŒ?KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.”h]”hŒ?KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.”…””}”(hjx	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Mhjt	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjC	  ubeh}”(h]”h ]”h"]”h$]”h&]”j™  j  uh1j/  h³hÇh´Mhj1	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjß  h²hh³Nh´Nubj5  )”}”(hŒ	Run VCPU
”h]”hï)”}”(hŒRun VCPU”h]”hŒRun VCPU”…””}”(hjœ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´Mhj˜	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjß  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œenumtype”Œarabic”Œprefix”hŒsuffix”Œ.”uh1jÝ  hj¾  h²hh³hÇh´Këubeh}”(h]”Œkvm-tdx-creation-flow”ah ]”h"]”Œkvm tdx creation flow”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KçubhÉ)”}”(hhh]”(hÎ)”}”(hŒ
References”h]”hŒ
References”…””}”(hjÆ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjÃ	  h²hh³hÇh´M
ubhï)”}”(hŒbhttps://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/documentation.html”h]”hŒ	reference”“”)”}”(hjÖ	  h]”hŒbhttps://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/documentation.html”…””}”(hjÚ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jÖ	  uh1jØ	  hjÔ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´MhjÃ	  h²hubeh}”(h]”Œ
references”ah ]”h"]”Œ
references”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´M
ubeh}”(h]”Œ!intel-trust-domain-extensions-tdx”ah ]”h"]”Œ#intel trust domain extensions (tdx)”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j!
  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jû	  jø	  j  j  j»  j¸  j§  j¤  j®  j«  j¯  j¬  j¢  jŸ  j¿  j¼  j²  j¯  j³  j°  jÀ	  j½	  jó	  jð	  uŒ	nametypes”}”(jû	  ‰j  ‰j»  ‰j§  ‰j®  ‰j¯  ‰j¢  ‰j¿  ‰j²  ‰j³  ‰jÀ	  ‰jó	  ‰uh}”(jø	  hÊj  hÝj¸  j"  j¤  j3  j«  jª  j¬  j±  jŸ  j²  j¼  j¥  j¯  jÂ  j°  jµ  j½	  j¾  jð	  jÃ	  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.