From nobody Sun May 24 19:34:24 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5F8A47CC7C; Fri, 22 May 2026 17:26:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470792; cv=none; b=F2Zhg3yZThNHWlrdpNHSXa//Wprpy7GlMN7+lWnvW1caV1qMpvqDlHWA+7Dcua+2eJE0TikOVlp9mV5IRsIVWuZmoCPiLJvdr7eD1OE51pglZRkyYB/OoxSeL9LWMp89D6ryfE+7ZuEOBe1XAnM92ppKs97YGDi2/XCM8MGbomE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470792; c=relaxed/simple; bh=Y/EDb7cJv625sswSBK/1rGAGRqTlRFyn+SBXXtXJ1rQ=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=bUiG53RzQYDZJcGm5JXCUYyag5AjjAvVQ9cyAjY3TMXTJZACBGdVb51hcjOJtsyvGQtMR7lIIdlMSP+e/8mWGkmXtPb0dzrpgZYfQ2Qwn6Q67yQsh10zhWusECi12un04yZk3oa8Z4DgzPpvBXCY5clBJpXx7TTkbrt3miVmIWU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=hMYizrc9; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=4nfVedJj; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="hMYizrc9"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="4nfVedJj" Date: Fri, 22 May 2026 17:26:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1779470789; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DholW0chbGPBAMmKBehnniY26JmgleeZFaWlIFGPWII=; b=hMYizrc9jmEUhraiq4AB4W98MyC46PlIOREe442iPFEae1LdndJ8S+MQkjtIZVw2KK3nEl vPsqk341fB2qNGXZJYVUStOJJ18av2OmRVVFZhDAi99YR5cWumH2/1yv7dSwlrDwGuuB1B ehN4RcSxsHY4pitIXjbifnXVZZd+wF4nJrmiv5a460JWVmYeWMFBekY4M6KOFyn3NVFa1w skoW4108/Y44OgLDbin7L+aEQWBEgPK8E9mHoalq2AhaFxmdwYqd1pmkfzeqp/YupRVABY +4ApNAh/t19xQZAvy5p2WhCdjKO0F+ChKuaETKipZ1f62MworuLjvIMIKtPA0Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1779470789; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DholW0chbGPBAMmKBehnniY26JmgleeZFaWlIFGPWII=; b=4nfVedJjaJn4C5eUR+vKvy8uU1ir0ssgdmRm0eS04ZCGXOimI8IXTIP2U713zCp9qBPQ+2 2taASJmxZT5ViCCQ== From: "tip-bot2 for Chao Gao" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/tdx] coco/tdx-host: Expose TDX module version Cc: Chao Gao , Dave Hansen , Binbin Wu , Tony Lindgren , Xu Yilun , Kai Huang , "Kiryl Shutsemau (Meta)" , Xiaoyao Li , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20260520222853.EB21B7D3@davehans-spike.ostc.intel.com> References: <20260520222853.EB21B7D3@davehans-spike.ostc.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <177947078758.711.7270215698785495263.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit has been merged into the x86/tdx branch of tip: Commit-ID: e4afd39aefd8f41b85fd38463cc50903620e8cc9 Gitweb: https://git.kernel.org/tip/e4afd39aefd8f41b85fd38463cc509036= 20e8cc9 Author: Chao Gao AuthorDate: Wed, 20 May 2026 15:28:53 -07:00 Committer: Dave Hansen CommitterDate: Wed, 20 May 2026 15:37:09 -07:00 coco/tdx-host: Expose TDX module version For TDX module updates, userspace needs to select compatible update versions based on the current module version. For example, the 1.5.x series runs on Sapphire Rapids but not Granite Rapids, which needs 2.0.x. Updates are also constrained by version distance, so a 1.5.6 module might permit updates to 1.5.7 but not to 1.5.20. Start the process of punting the version selection logic to userspace. Expose the TDX module version in the new faux device. Define TDX_VERSION_FMT macro for the TDX version format since it will be used multiple times. Also convert an existing print statement to use it. =3D=3D Background =3D=3D For posterity, here's what other firmware mechanisms do: 1. AMD SEV leverages an existing PCI device for the PSP to expose metadata. TDX uses a faux device as it doesn't have PCI device in its architecture. 2. Microcode uses per-CPU virtual devices to report microcode revisions because CPUs can have different revisions. But, there is only a single TDX module, so exposing the TDX module version through a global TDX faux device is appropriate 3. ARM's CCA implementation isn't in-tree yet, but will likely follow a similar faux device approach, though it's unclear whether they need to expose firmware version information [ dhansen: trim changelog ] Signed-off-by: Chao Gao Signed-off-by: Dave Hansen Reviewed-by: Binbin Wu Reviewed-by: Tony Lindgren Reviewed-by: Xu Yilun Reviewed-by: Kai Huang Reviewed-by: Kiryl Shutsemau (Meta) Reviewed-by: Xiaoyao Li Reviewed-by: Dave Hansen Link: https://lore.kernel.org/all/2025073035-bulginess-rematch-b92e@gregkh/= # [1] Link: https://patch.msgid.link/20260520133909.409394-8-chao.gao@intel.com Link: https://patch.msgid.link/20260520222853.EB21B7D3@davehans-spike.ostc.= intel.com --- Documentation/ABI/testing/sysfs-devices-faux-tdx-host | 5 ++- arch/x86/include/asm/tdx.h | 6 ++- arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 2 +- drivers/virt/coco/tdx-host/tdx-host.c | 26 +++++++++- 4 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-devices-faux-tdx-host diff --git a/Documentation/ABI/testing/sysfs-devices-faux-tdx-host b/Docume= ntation/ABI/testing/sysfs-devices-faux-tdx-host new file mode 100644 index 0000000..47d73cb --- /dev/null +++ b/Documentation/ABI/testing/sysfs-devices-faux-tdx-host @@ -0,0 +1,5 @@ +What: /sys/devices/faux/tdx_host/version +Contact: linux-coco@lists.linux.dev +Description: (RO) Report the version of the loaded TDX module. + Formatted as "major.minor.update". Used by TDX module + update tooling. Example: "1.2.03". diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 8b739ac..b7f4396 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -42,6 +42,12 @@ #include =20 /* + * TDX module and P-SEAMLDR version convention: "major.minor.update" + * (e.g., "1.5.08") with zero-padded two-digit update field. + */ +#define TDX_VERSION_FMT "%u.%u.%02u" + +/* * Used by the #VE exception handler to gather the #VE exception * info from the TDX module. This is a software only structure * and not part of the TDX module/VMM ABI. diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vm= x/tdx/tdx_global_metadata.c index c7db393..d54d422 100644 --- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c +++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c @@ -106,7 +106,7 @@ static __init int get_tdx_sys_info(struct tdx_sys_info = *sysinfo) =20 ret =3D ret ?: get_tdx_sys_info_version(&sysinfo->version); =20 - pr_info("Module version: %u.%u.%02u\n", + pr_info("Module version: " TDX_VERSION_FMT "\n", sysinfo->version.major_version, sysinfo->version.minor_version, sysinfo->version.update_version); diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-= host/tdx-host.c index c778853..ef117a8 100644 --- a/drivers/virt/coco/tdx-host/tdx-host.c +++ b/drivers/virt/coco/tdx-host/tdx-host.c @@ -8,6 +8,7 @@ #include #include #include +#include =20 #include #include @@ -18,6 +19,29 @@ static const struct x86_cpu_id tdx_host_ids[] =3D { }; MODULE_DEVICE_TABLE(x86cpu, tdx_host_ids); =20 +static ssize_t version_show(struct device *dev, struct device_attribute *a= ttr, + char *buf) +{ + const struct tdx_sys_info *tdx_sysinfo =3D tdx_get_sysinfo(); + const struct tdx_sys_info_version *ver; + + if (!tdx_sysinfo) + return -ENXIO; + + ver =3D &tdx_sysinfo->version; + + return sysfs_emit(buf, TDX_VERSION_FMT "\n", ver->major_version, + ver->minor_version, + ver->update_version); +} +static DEVICE_ATTR_RO(version); + +static struct attribute *tdx_host_attrs[] =3D { + &dev_attr_version.attr, + NULL, +}; +ATTRIBUTE_GROUPS(tdx_host); + static struct faux_device *fdev; =20 static int __init tdx_host_init(void) @@ -25,7 +49,7 @@ static int __init tdx_host_init(void) if (!x86_match_cpu(tdx_host_ids) || !tdx_get_sysinfo()) return -ENODEV; =20 - fdev =3D faux_device_create(KBUILD_MODNAME, NULL, NULL); + fdev =3D faux_device_create_with_groups(KBUILD_MODNAME, NULL, NULL, tdx_h= ost_groups); if (!fdev) return -ENODEV; =20