€•Õ      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ*/translations/zh_CN/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/zh_TW/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/it_IT/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/ja_JP/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/ko_KR/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/sp_SP/virt/kvm/x86/intel-tdx”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒD/var/lib/git/docbuild/linux/Documentation/virt/kvm/x86/intel-tdx.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ#Intel Trust Domain Extensions (TDX)”h]”hŒ#Intel Trust Domain Extensions (TDX)”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒOverview”h]”hŒOverview”…””}”(hhÌhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hhÉhžhhŸh³h KubhŒ	paragraph”“”)”}”(hX  Intel's Trust Domain Extensions (TDX) protect confidential guest VMs from the
host and physical attacks.  A CPU-attested software module called 'the TDX
module' runs inside a new CPU isolated range to provide the functionalities to
manage and run protected VMs, a.k.a, TDX guests or TDs.”h]”hX%  Intelâ€™s Trust Domain Extensions (TDX) protect confidential guest VMs from the
host and physical attacks.  A CPU-attested software module called â€˜the TDX
moduleâ€™ runs inside a new CPU isolated range to provide the functionalities to
manage and run protected VMs, a.k.a, TDX guests or TDs.”…””}”(hhÜhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K	hhÉhžhubhÛ)”}”(hŒKPlease refer to [1] for the whitepaper, specifications and other resources.”h]”hŒKPlease refer to [1] for the whitepaper, specifications and other resources.”…””}”(hhêhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubhÛ)”}”(hX  This documentation describes TDX-specific KVM ABIs.  The TDX module needs to be
initialized before it can be used by KVM to run any TDX guests.  The host
core-kernel provides the support of initializing the TDX module, which is
described in the Documentation/arch/x86/tdx.rst.”h]”hX  This documentation describes TDX-specific KVM ABIs.  The TDX module needs to be
initialized before it can be used by KVM to run any TDX guests.  The host
core-kernel provides the support of initializing the TDX module, which is
described in the Documentation/arch/x86/tdx.rst.”…””}”(hhøhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubeh}”(h]”Œoverview”ah ]”h"]”Œoverview”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒAPI description”h]”hŒAPI description”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒKVM_MEMORY_ENCRYPT_OP”h]”hŒKVM_MEMORY_ENCRYPT_OP”…””}”(hj"  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h KubhŒ
field_list”“”)”}”(hhh]”hŒfield”“”)”}”(hhh]”(hŒ
field_name”“”)”}”(hŒType”h]”hŒType”…””}”(hj<  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hj7  hŸh³h K ubhŒ
field_body”“”)”}”(hŒvm ioctl, vcpu ioctl
”h]”hÛ)”}”(hŒvm ioctl, vcpu ioctl”h]”hŒvm ioctl, vcpu ioctl”…””}”(hjP  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhjL  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hj7  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h Khj2  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1j0  hj  hžhhŸh³h KubhÛ)”}”(hŒtFor TDX operations, KVM_MEMORY_ENCRYPT_OP is re-purposed to be generic
ioctl with TDX specific sub-ioctl() commands.”h]”hŒtFor TDX operations, KVM_MEMORY_ENCRYPT_OP is re-purposed to be generic
ioctl with TDX specific sub-ioctl() commands.”…””}”(hjp  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Khj  hžhubhŒliteral_block”“”)”}”(hX,  /* Trust Domain Extensions sub-ioctl() commands. */
enum kvm_tdx_cmd_id {
        KVM_TDX_CAPABILITIES = 0,
        KVM_TDX_INIT_VM,
        KVM_TDX_INIT_VCPU,
        KVM_TDX_INIT_MEM_REGION,
        KVM_TDX_FINALIZE_VM,
        KVM_TDX_GET_CPUID,

        KVM_TDX_CMD_NR_MAX,
};

struct kvm_tdx_cmd {
      /* enum kvm_tdx_cmd_id */
      __u32 id;
      /* flags for sub-command. If sub-command doesn't use this, set zero. */
      __u32 flags;
      /*
       * data for each sub-command. An immediate or a pointer to the actual
       * data in process virtual address.  If sub-command doesn't use it,
       * set zero.
       */
      __u64 data;
      /*
       * Auxiliary error code.  The sub-command may return TDX SEAMCALL
       * status code in addition to -Exxx.
       */
      __u64 hw_error;
};”h]”hX,  /* Trust Domain Extensions sub-ioctl() commands. */
enum kvm_tdx_cmd_id {
        KVM_TDX_CAPABILITIES = 0,
        KVM_TDX_INIT_VM,
        KVM_TDX_INIT_VCPU,
        KVM_TDX_INIT_MEM_REGION,
        KVM_TDX_FINALIZE_VM,
        KVM_TDX_GET_CPUID,

        KVM_TDX_CMD_NR_MAX,
};

struct kvm_tdx_cmd {
      /* enum kvm_tdx_cmd_id */
      __u32 id;
      /* flags for sub-command. If sub-command doesn't use this, set zero. */
      __u32 flags;
      /*
       * data for each sub-command. An immediate or a pointer to the actual
       * data in process virtual address.  If sub-command doesn't use it,
       * set zero.
       */
      __u64 data;
      /*
       * Auxiliary error code.  The sub-command may return TDX SEAMCALL
       * status code in addition to -Exxx.
       */
      __u64 hw_error;
};”…””}”hj€  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j~  hŸh³h K!hj  hžhubeh}”(h]”Œkvm-memory-encrypt-op”ah ]”h"]”Œkvm_memory_encrypt_op”ah$]”h&]”uh1h´hj  hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒKVM_TDX_CAPABILITIES”h]”hŒKVM_TDX_CAPABILITIES”…””}”(hj™  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj–  hžhhŸh³h K@ubj1  )”}”(hhh]”(j6  )”}”(hhh]”(j;  )”}”(hŒType”h]”hŒType”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjª  hŸh³h K ubjK  )”}”(hŒvm ioctl”h]”hÛ)”}”(hj½  h]”hŒvm ioctl”…””}”(hj¿  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KAhj»  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjª  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h KAhj§  hžhubj6  )”}”(hhh]”(j;  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjÛ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjØ  hŸh³h K ubjK  )”}”(hŒ0 on success, <0 on error
”h]”hÛ)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hjí  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KBhjé  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjØ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h KBhj§  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1j0  hj–  hžhhŸh³h KAubhÛ)”}”(hŒ¾Return the TDX capabilities that current KVM supports with the specific TDX
module loaded in the system.  It reports what features/capabilities are allowed
to be configured to the TDX guest.”h]”hŒ¾Return the TDX capabilities that current KVM supports with the specific TDX
module loaded in the system.  It reports what features/capabilities are allowed
to be configured to the TDX guest.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KDhj–  hžhubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒid: KVM_TDX_CAPABILITIES”h]”hÛ)”}”(hj$  h]”hŒid: KVM_TDX_CAPABILITIES”…””}”(hj&  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KHhj"  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  hžhhŸh³h Nubj!  )”}”(hŒflags: must be 0”h]”hÛ)”}”(hj;  h]”hŒflags: must be 0”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KIhj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  hžhhŸh³h Nubj!  )”}”(hŒ,data: pointer to struct kvm_tdx_capabilities”h]”hÛ)”}”(hjR  h]”hŒ,data: pointer to struct kvm_tdx_capabilities”…””}”(hjT  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KJhjP  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  hžhhŸh³h Nubj!  )”}”(hŒhw_error: must be 0
”h]”hÛ)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hjk  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KKhjg  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j  hŸh³h KHhj–  hžhubj  )”}”(hX\  struct kvm_tdx_capabilities {
      __u64 supported_attrs;
      __u64 supported_xfam;

      /* TDG.VP.VMCALL hypercalls executed in kernel and forwarded to
       * userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r11;
      __u64 user_tdvmcallinfo_1_r11;

      /* TDG.VP.VMCALL instruction executions subfunctions executed in kernel
       * and forwarded to userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r12;
      __u64 user_tdvmcallinfo_1_r12;

      __u64 reserved[250];

      /* Configurable CPUID bits for userspace */
      struct kvm_cpuid2 cpuid;
};”h]”hX\  struct kvm_tdx_capabilities {
      __u64 supported_attrs;
      __u64 supported_xfam;

      /* TDG.VP.VMCALL hypercalls executed in kernel and forwarded to
       * userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r11;
      __u64 user_tdvmcallinfo_1_r11;

      /* TDG.VP.VMCALL instruction executions subfunctions executed in kernel
       * and forwarded to userspace, respectively
       */
      __u64 kernel_tdvmcallinfo_1_r12;
      __u64 user_tdvmcallinfo_1_r12;

      __u64 reserved[250];

      /* Configurable CPUID bits for userspace */
      struct kvm_cpuid2 cpuid;
};”…””}”hj‡  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j~  hŸh³h KOhj–  hžhubeh}”(h]”Œkvm-tdx-capabilities”ah ]”h"]”Œkvm_tdx_capabilities”ah$]”h&]”uh1h´hj  hžhhŸh³h K@ubhµ)”}”(hhh]”(hº)”}”(hŒKVM_TDX_INIT_VM”h]”hŒKVM_TDX_INIT_VM”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h Kgubj1  )”}”(hhh]”(j6  )”}”(hhh]”(j;  )”}”(hŒType”h]”hŒType”…””}”(hj´  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hj±  hŸh³h K ubjK  )”}”(hŒvm ioctl”h]”hÛ)”}”(hjÄ  h]”hŒvm ioctl”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhjÂ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hj±  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h Khhj®  hžhubj6  )”}”(hhh]”(j;  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjß  hŸh³h K ubjK  )”}”(hŒ0 on success, <0 on error
”h]”hÛ)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hjô  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kihjð  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjß  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h Kihj®  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1j0  hj  hžhhŸh³h KhubhÛ)”}”(hŒsPerform TDX specific VM initialization.  This needs to be called after
KVM_CREATE_VM and before creating any VCPUs.”h]”hŒsPerform TDX specific VM initialization.  This needs to be called after
KVM_CREATE_VM and before creating any VCPUs.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kkhj  hžhubj  )”}”(hhh]”(j!  )”}”(hŒid: KVM_TDX_INIT_VM”h]”hÛ)”}”(hj'  h]”hŒid: KVM_TDX_INIT_VM”…””}”(hj)  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Knhj%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj"  hžhhŸh³h Nubj!  )”}”(hŒflags: must be 0”h]”hÛ)”}”(hj>  h]”hŒflags: must be 0”…””}”(hj@  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kohj<  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj"  hžhhŸh³h Nubj!  )”}”(hŒ'data: pointer to struct kvm_tdx_init_vm”h]”hÛ)”}”(hjU  h]”hŒ'data: pointer to struct kvm_tdx_init_vm”…””}”(hjW  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KphjS  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj"  hžhhŸh³h Nubj!  )”}”(hŒhw_error: must be 0
”h]”hÛ)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hjn  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kqhjj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj"  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”j…  j†  uh1j  hŸh³h Knhj  hžhubj  )”}”(hXŽ  struct kvm_tdx_init_vm {
        __u64 attributes;
        __u64 xfam;
        __u64 mrconfigid[6];          /* sha384 digest */
        __u64 mrowner[6];             /* sha384 digest */
        __u64 mrownerconfig[6];       /* sha384 digest */

        /* The total space for TD_PARAMS before the CPUIDs is 256 bytes */
        __u64 reserved[12];

      /*
       * Call KVM_TDX_INIT_VM before vcpu creation, thus before
       * KVM_SET_CPUID2.
       * This configuration supersedes KVM_SET_CPUID2s for VCPUs because the
       * TDX module directly virtualizes those CPUIDs without VMM.  The user
       * space VMM, e.g. qemu, should make KVM_SET_CPUID2 consistent with
       * those values.  If it doesn't, KVM may have wrong idea of vCPUIDs of
       * the guest, and KVM may wrongly emulate CPUIDs or MSRs that the TDX
       * module doesn't virtualize.
       */
        struct kvm_cpuid2 cpuid;
};”h]”hXŽ  struct kvm_tdx_init_vm {
        __u64 attributes;
        __u64 xfam;
        __u64 mrconfigid[6];          /* sha384 digest */
        __u64 mrowner[6];             /* sha384 digest */
        __u64 mrownerconfig[6];       /* sha384 digest */

        /* The total space for TD_PARAMS before the CPUIDs is 256 bytes */
        __u64 reserved[12];

      /*
       * Call KVM_TDX_INIT_VM before vcpu creation, thus before
       * KVM_SET_CPUID2.
       * This configuration supersedes KVM_SET_CPUID2s for VCPUs because the
       * TDX module directly virtualizes those CPUIDs without VMM.  The user
       * space VMM, e.g. qemu, should make KVM_SET_CPUID2 consistent with
       * those values.  If it doesn't, KVM may have wrong idea of vCPUIDs of
       * the guest, and KVM may wrongly emulate CPUIDs or MSRs that the TDX
       * module doesn't virtualize.
       */
        struct kvm_cpuid2 cpuid;
};”…””}”hjˆ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j~  hŸh³h Kuhj  hžhubeh}”(h]”Œkvm-tdx-init-vm”ah ]”h"]”Œkvm_tdx_init_vm”ah$]”h&]”uh1h´hj  hžhhŸh³h Kgubhµ)”}”(hhh]”(hº)”}”(hŒKVM_TDX_INIT_VCPU”h]”hŒKVM_TDX_INIT_VCPU”…””}”(hj¡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjž  hžhhŸh³h KŽubj1  )”}”(hhh]”(j6  )”}”(hhh]”(j;  )”}”(hŒType”h]”hŒType”…””}”(hjµ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hj²  hŸh³h K ubjK  )”}”(hŒ
vcpu ioctl”h]”hÛ)”}”(hjÅ  h]”hŒ
vcpu ioctl”…””}”(hjÇ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhjÃ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hj²  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h Khj¯  hžhubj6  )”}”(hhh]”(j;  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjã  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjà  hŸh³h K ubjK  )”}”(hŒ0 on success, <0 on error
”h]”hÛ)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hjõ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Khjñ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjà  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h Khj¯  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1j0  hjž  hžhhŸh³h KubhÛ)”}”(hŒ)Perform TDX specific VCPU initialization.”h]”hŒ)Perform TDX specific VCPU initialization.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K’hjž  hžhubj  )”}”(hhh]”(j!  )”}”(hŒid: KVM_TDX_INIT_VCPU”h]”hÛ)”}”(hj(  h]”hŒid: KVM_TDX_INIT_VCPU”…””}”(hj*  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K”hj&  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj#  hžhhŸh³h Nubj!  )”}”(hŒflags: must be 0”h]”hÛ)”}”(hj?  h]”hŒflags: must be 0”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K•hj=  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj#  hžhhŸh³h Nubj!  )”}”(hŒ,data: initial value of the guest TD VCPU RCX”h]”hÛ)”}”(hjV  h]”hŒ,data: initial value of the guest TD VCPU RCX”…””}”(hjX  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K–hjT  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj#  hžhhŸh³h Nubj!  )”}”(hŒhw_error: must be 0
”h]”hÛ)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K—hjk  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj#  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”j…  j†  uh1j  hŸh³h K”hjž  hžhubeh}”(h]”Œkvm-tdx-init-vcpu”ah ]”h"]”Œkvm_tdx_init_vcpu”ah$]”h&]”uh1h´hj  hžhhŸh³h KŽubhµ)”}”(hhh]”(hº)”}”(hŒKVM_TDX_INIT_MEM_REGION”h]”hŒKVM_TDX_INIT_MEM_REGION”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj‘  hžhhŸh³h Kšubj1  )”}”(hhh]”(j6  )”}”(hhh]”(j;  )”}”(hŒType”h]”hŒType”…””}”(hj¨  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hj¥  hŸh³h K ubjK  )”}”(hŒ
vcpu ioctl”h]”hÛ)”}”(hj¸  h]”hŒ
vcpu ioctl”…””}”(hjº  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K›hj¶  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hj¥  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h K›hj¢  hžhubj6  )”}”(hhh]”(j;  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjÖ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjÓ  hŸh³h K ubjK  )”}”(hŒ0 on success, <0 on error
”h]”hÛ)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hjè  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kœhjä  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjÓ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h Kœhj¢  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1j0  hj‘  hžhhŸh³h K›ubhÛ)”}”(hŒpInitialize @nr_pages TDX guest private memory starting from @gpa with userspace
provided data from @source_addr.”h]”hŒpInitialize @nr_pages TDX guest private memory starting from @gpa with userspace
provided data from @source_addr.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kžhj‘  hžhubhÛ)”}”(hŒ²Note, before calling this sub command, memory attribute of the range
[gpa, gpa + nr_pages] needs to be private.  Userspace can use
KVM_SET_MEMORY_ATTRIBUTES to set the attribute.”h]”hŒ²Note, before calling this sub command, memory attribute of the range
[gpa, gpa + nr_pages] needs to be private.  Userspace can use
KVM_SET_MEMORY_ATTRIBUTES to set the attribute.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K¡hj‘  hžhubhÛ)”}”(hŒPIf KVM_TDX_MEASURE_MEMORY_REGION flag is specified, it also extends measurement.”h]”hŒPIf KVM_TDX_MEASURE_MEMORY_REGION flag is specified, it also extends measurement.”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K¥hj‘  hžhubj  )”}”(hhh]”(j!  )”}”(hŒid: KVM_TDX_INIT_MEM_REGION”h]”hÛ)”}”(hj7  h]”hŒid: KVM_TDX_INIT_MEM_REGION”…””}”(hj9  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K§hj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj2  hžhhŸh³h Nubj!  )”}”(hŒ>flags: currently only KVM_TDX_MEASURE_MEMORY_REGION is defined”h]”hÛ)”}”(hjN  h]”hŒ>flags: currently only KVM_TDX_MEASURE_MEMORY_REGION is defined”…””}”(hjP  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K¨hjL  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj2  hžhhŸh³h Nubj!  )”}”(hŒ/data: pointer to struct kvm_tdx_init_mem_region”h]”hÛ)”}”(hje  h]”hŒ/data: pointer to struct kvm_tdx_init_mem_region”…””}”(hjg  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K©hjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj2  hžhhŸh³h Nubj!  )”}”(hŒhw_error: must be 0
”h]”hÛ)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kªhjz  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj2  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”j…  j†  uh1j  hŸh³h K§hj‘  hžhubj  )”}”(hŒ#define KVM_TDX_MEASURE_MEMORY_REGION   (1UL << 0)

struct kvm_tdx_init_mem_region {
        __u64 source_addr;
        __u64 gpa;
        __u64 nr_pages;
};”h]”hŒ#define KVM_TDX_MEASURE_MEMORY_REGION   (1UL << 0)

struct kvm_tdx_init_mem_region {
        __u64 source_addr;
        __u64 gpa;
        __u64 nr_pages;
};”…””}”hj˜  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j~  hŸh³h K®hj‘  hžhubeh}”(h]”Œkvm-tdx-init-mem-region”ah ]”h"]”Œkvm_tdx_init_mem_region”ah$]”h&]”uh1h´hj  hžhhŸh³h Kšubhµ)”}”(hhh]”(hº)”}”(hŒKVM_TDX_FINALIZE_VM”h]”hŒKVM_TDX_FINALIZE_VM”…””}”(hj±  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj®  hžhhŸh³h K¸ubj1  )”}”(hhh]”(j6  )”}”(hhh]”(j;  )”}”(hŒType”h]”hŒType”…””}”(hjÅ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjÂ  hŸh³h K ubjK  )”}”(hŒvm ioctl”h]”hÛ)”}”(hjÕ  h]”hŒvm ioctl”…””}”(hj×  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K¹hjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjÂ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h K¹hj¿  hžhubj6  )”}”(hhh]”(j;  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjó  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjð  hŸh³h K ubjK  )”}”(hŒ0 on success, <0 on error
”h]”hÛ)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kºhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjð  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h Kºhj¿  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1j0  hj®  hžhhŸh³h K¹ubhÛ)”}”(hŒIComplete measurement of the initial TD contents and mark it ready to run.”h]”hŒIComplete measurement of the initial TD contents and mark it ready to run.”…””}”(hj%  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K¼hj®  hžhubj  )”}”(hhh]”(j!  )”}”(hŒid: KVM_TDX_FINALIZE_VM”h]”hÛ)”}”(hj8  h]”hŒid: KVM_TDX_FINALIZE_VM”…””}”(hj:  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K¾hj6  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj3  hžhhŸh³h Nubj!  )”}”(hŒflags: must be 0”h]”hÛ)”}”(hjO  h]”hŒflags: must be 0”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K¿hjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj3  hžhhŸh³h Nubj!  )”}”(hŒdata: must be 0”h]”hÛ)”}”(hjf  h]”hŒdata: must be 0”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÀhjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj3  hžhhŸh³h Nubj!  )”}”(hŒhw_error: must be 0

”h]”hÛ)”}”(hŒhw_error: must be 0”h]”hŒhw_error: must be 0”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÁhj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj3  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”j…  j†  uh1j  hŸh³h K¾hj®  hžhubeh}”(h]”Œkvm-tdx-finalize-vm”ah ]”h"]”Œkvm_tdx_finalize_vm”ah$]”h&]”uh1h´hj  hžhhŸh³h K¸ubhµ)”}”(hhh]”(hº)”}”(hŒKVM_TDX_GET_CPUID”h]”hŒKVM_TDX_GET_CPUID”…””}”(hj¤  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj¡  hžhhŸh³h KÅubj1  )”}”(hhh]”(j6  )”}”(hhh]”(j;  )”}”(hŒType”h]”hŒType”…””}”(hj¸  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjµ  hŸh³h K ubjK  )”}”(hŒ
vcpu ioctl”h]”hÛ)”}”(hjÈ  h]”hŒ
vcpu ioctl”…””}”(hjÊ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÆhjÆ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjµ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h KÆhj²  hžhubj6  )”}”(hhh]”(j;  )”}”(hŒReturns”h]”hŒReturns”…””}”(hjæ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j:  hjã  hŸh³h K ubjK  )”}”(hŒ0 on success, <0 on error
”h]”hÛ)”}”(hŒ0 on success, <0 on error”h]”hŒ0 on success, <0 on error”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÇhjô  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjã  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j5  hŸh³h KÇhj²  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1j0  hj¡  hžhhŸh³h KÆubhÛ)”}”(hŒçGet the CPUID values that the TDX module virtualizes for the TD guest.
When it returns -E2BIG, the user space should allocate a larger buffer and
retry. The minimum buffer size is updated in the nent field of the
struct kvm_cpuid2.”h]”hŒçGet the CPUID values that the TDX module virtualizes for the TD guest.
When it returns -E2BIG, the user space should allocate a larger buffer and
retry. The minimum buffer size is updated in the nent field of the
struct kvm_cpuid2.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÉhj¡  hžhubj  )”}”(hhh]”(j!  )”}”(hŒid: KVM_TDX_GET_CPUID”h]”hÛ)”}”(hj+  h]”hŒid: KVM_TDX_GET_CPUID”…””}”(hj-  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÎhj)  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj&  hžhhŸh³h Nubj!  )”}”(hŒflags: must be 0”h]”hÛ)”}”(hjB  h]”hŒflags: must be 0”…””}”(hjD  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÏhj@  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj&  hžhhŸh³h Nubj!  )”}”(hŒ+data: pointer to struct kvm_cpuid2 (in/out)”h]”hÛ)”}”(hjY  h]”hŒ+data: pointer to struct kvm_cpuid2 (in/out)”…””}”(hj[  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÐhjW  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj&  hžhhŸh³h Nubj!  )”}”(hŒhw_error: must be 0 (out)
”h]”hÛ)”}”(hŒhw_error: must be 0 (out)”h]”hŒhw_error: must be 0 (out)”…””}”(hjr  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÑhjn  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj&  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”j…  j†  uh1j  hŸh³h KÎhj¡  hžhubj  )”}”(hX3  struct kvm_cpuid2 {
        __u32 nent;
        __u32 padding;
        struct kvm_cpuid_entry2 entries[0];
};

struct kvm_cpuid_entry2 {
        __u32 function;
        __u32 index;
        __u32 flags;
        __u32 eax;
        __u32 ebx;
        __u32 ecx;
        __u32 edx;
        __u32 padding[3];
};”h]”hX3  struct kvm_cpuid2 {
        __u32 nent;
        __u32 padding;
        struct kvm_cpuid_entry2 entries[0];
};

struct kvm_cpuid_entry2 {
        __u32 function;
        __u32 index;
        __u32 flags;
        __u32 eax;
        __u32 ebx;
        __u32 ecx;
        __u32 edx;
        __u32 padding[3];
};”…””}”hjŒ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j~  hŸh³h KÕhj¡  hžhubeh}”(h]”Œkvm-tdx-get-cpuid”ah ]”h"]”Œkvm_tdx_get_cpuid”ah$]”h&]”uh1h´hj  hžhhŸh³h KÅubeh}”(h]”Œapi-description”ah ]”h"]”Œapi description”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒKVM TDX creation flow”h]”hŒKVM TDX creation flow”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjª  hžhhŸh³h KçubhÛ)”}”(hŒhIn addition to the standard KVM flow, new TDX ioctls need to be called.  The
control flow is as follows:”h]”hŒhIn addition to the standard KVM flow, new TDX ioctls need to be called.  The
control flow is as follows:”…””}”(hj»  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kèhjª  hžhubhŒenumerated_list”“”)”}”(hhh]”(j!  )”}”(hŒvCheck system wide capability

* KVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
  is supported.
”h]”(hÛ)”}”(hŒCheck system wide capability”h]”hŒCheck system wide capability”…””}”(hjÒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KëhjÎ  ubj  )”}”(hhh]”j!  )”}”(hŒTKVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
is supported.
”h]”hÛ)”}”(hŒSKVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
is supported.”h]”hŒSKVM_CAP_VM_TYPES: Check if VM type is supported and if KVM_X86_TDX_VM
is supported.”…””}”(hjç  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kíhjã  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjà  ubah}”(h]”h ]”h"]”h$]”h&]”j…  Œ*”uh1j  hŸh³h KíhjÎ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j   hjË  hžhhŸNh Nubj!  )”}”(hX”  Create VM

* KVM_CREATE_VM
* KVM_TDX_CAPABILITIES: Query TDX capabilities for creating TDX guests.
* KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
  support at VM level (TDX has its own limitation on this).
* KVM_SET_TSC_KHZ: Configure TD's TSC frequency if a different TSC frequency
  than host is desired.  This is Optional.
* KVM_TDX_INIT_VM: Pass TDX specific VM parameters.
”h]”(hÛ)”}”(hŒ	Create VM”h]”hŒ	Create VM”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kðhj  ubj  )”}”(hhh]”(j!  )”}”(hŒKVM_CREATE_VM”h]”hÛ)”}”(hj  h]”hŒKVM_CREATE_VM”…””}”(hj!  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kòhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubj!  )”}”(hŒEKVM_TDX_CAPABILITIES: Query TDX capabilities for creating TDX guests.”h]”hÛ)”}”(hj6  h]”hŒEKVM_TDX_CAPABILITIES: Query TDX capabilities for creating TDX guests.”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kóhj4  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubj!  )”}”(hŒ€KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
support at VM level (TDX has its own limitation on this).”h]”hÛ)”}”(hŒ€KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
support at VM level (TDX has its own limitation on this).”h]”hŒ€KVM_CHECK_EXTENSION(KVM_CAP_MAX_VCPUS): Query maximum VCPUs the TD can
support at VM level (TDX has its own limitation on this).”…””}”(hjO  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KôhjK  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubj!  )”}”(hŒsKVM_SET_TSC_KHZ: Configure TD's TSC frequency if a different TSC frequency
than host is desired.  This is Optional.”h]”hÛ)”}”(hŒsKVM_SET_TSC_KHZ: Configure TD's TSC frequency if a different TSC frequency
than host is desired.  This is Optional.”h]”hŒuKVM_SET_TSC_KHZ: Configure TDâ€™s TSC frequency if a different TSC frequency
than host is desired.  This is Optional.”…””}”(hjg  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Köhjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubj!  )”}”(hŒ2KVM_TDX_INIT_VM: Pass TDX specific VM parameters.
”h]”hÛ)”}”(hŒ1KVM_TDX_INIT_VM: Pass TDX specific VM parameters.”h]”hŒ1KVM_TDX_INIT_VM: Pass TDX specific VM parameters.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Køhj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubeh}”(h]”h ]”h"]”h$]”h&]”j…  j  uh1j  hŸh³h Kòhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j   hjË  hžhhŸNh Nubj!  )”}”(hŒ¥Create VCPU

* KVM_CREATE_VCPU
* KVM_TDX_INIT_VCPU: Pass TDX specific VCPU parameters.
* KVM_SET_CPUID2: Configure TD's CPUIDs.
* KVM_SET_MSRS: Configure TD's MSRs.
”h]”(hÛ)”}”(hŒCreate VCPU”h]”hŒCreate VCPU”…””}”(hj£  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KúhjŸ  ubj  )”}”(hhh]”(j!  )”}”(hŒKVM_CREATE_VCPU”h]”hÛ)”}”(hj¶  h]”hŒKVM_CREATE_VCPU”…””}”(hj¸  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kühj´  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj±  ubj!  )”}”(hŒ5KVM_TDX_INIT_VCPU: Pass TDX specific VCPU parameters.”h]”hÛ)”}”(hjÍ  h]”hŒ5KVM_TDX_INIT_VCPU: Pass TDX specific VCPU parameters.”…””}”(hjÏ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KýhjË  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj±  ubj!  )”}”(hŒ&KVM_SET_CPUID2: Configure TD's CPUIDs.”h]”hÛ)”}”(hjä  h]”hŒ(KVM_SET_CPUID2: Configure TDâ€™s CPUIDs.”…””}”(hjæ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kþhjâ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj±  ubj!  )”}”(hŒ#KVM_SET_MSRS: Configure TD's MSRs.
”h]”hÛ)”}”(hŒ"KVM_SET_MSRS: Configure TD's MSRs.”h]”hŒ$KVM_SET_MSRS: Configure TDâ€™s MSRs.”…””}”(hjý  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kÿhjù  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj±  ubeh}”(h]”h ]”h"]”h$]”h&]”j…  j  uh1j  hŸh³h KühjŸ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j   hjË  hžhhŸNh Nubj!  )”}”(hŒÃInitialize initial guest memory

* Prepare content of initial guest memory.
* KVM_TDX_INIT_MEM_REGION: Add initial guest memory.
* KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.
”h]”(hÛ)”}”(hŒInitialize initial guest memory”h]”hŒInitialize initial guest memory”…””}”(hj!	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj	  ubj  )”}”(hhh]”(j!  )”}”(hŒ(Prepare content of initial guest memory.”h]”hÛ)”}”(hj4	  h]”hŒ(Prepare content of initial guest memory.”…””}”(hj6	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj2	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj/	  ubj!  )”}”(hŒ2KVM_TDX_INIT_MEM_REGION: Add initial guest memory.”h]”hÛ)”}”(hjK	  h]”hŒ2KVM_TDX_INIT_MEM_REGION: Add initial guest memory.”…””}”(hjM	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MhjI	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj/	  ubj!  )”}”(hŒ@KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.
”h]”hÛ)”}”(hŒ?KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.”h]”hŒ?KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.”…””}”(hjd	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj`	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj/	  ubeh}”(h]”h ]”h"]”h$]”h&]”j…  j  uh1j  hŸh³h Mhj	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j   hjË  hžhhŸNh Nubj!  )”}”(hŒ	Run VCPU
”h]”hÛ)”}”(hŒRun VCPU”h]”hŒRun VCPU”…””}”(hjˆ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj„	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjË  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œenumtype”Œarabic”Œprefix”hŒsuffix”Œ.”uh1jÉ  hjª  hžhhŸh³h Këubeh}”(h]”Œkvm-tdx-creation-flow”ah ]”h"]”Œkvm tdx creation flow”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kçubhµ)”}”(hhh]”(hº)”}”(hŒ
References”h]”hŒ
References”…””}”(hj²	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj¯	  hžhhŸh³h M
ubhÛ)”}”(hŒbhttps://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/documentation.html”h]”hŒ	reference”“”)”}”(hjÂ	  h]”hŒbhttps://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/documentation.html”…””}”(hjÆ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jÂ	  uh1jÄ	  hjÀ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj¯	  hžhubeh}”(h]”Œ
references”ah ]”h"]”Œ
references”ah$]”h&]”uh1h´hh¶hžhhŸh³h M
ubeh}”(h]”Œ!intel-trust-domain-extensions-tdx”ah ]”h"]”Œ#intel trust domain extensions (tdx)”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j
  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jç	  jä	  j  j  j§  j¤  j“  j  jš  j—  j›  j˜  jŽ  j‹  j«  j¨  jž  j›  jŸ  jœ  j¬	  j©	  jß	  jÜ	  uŒ	nametypes”}”(jç	  ‰j  ‰j§  ‰j“  ‰jš  ‰j›  ‰jŽ  ‰j«  ‰jž  ‰jŸ  ‰j¬	  ‰jß	  ‰uh}”(jä	  h¶j  hÉj¤  j  j  j  j—  j–  j˜  j  j‹  jž  j¨  j‘  j›  j®  jœ  j¡  j©	  jª  jÜ	  j¯	  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.