Bug#1032437: marked as done (linux: Enable TDX Guest Support driver)

To: Ben Hutchings <benh@debian.org>
Subject: Bug#1032437: marked as done (linux: Enable TDX Guest Support driver)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 15 May 2023 10:42:05 +0000
Message-id: <[🔎] handler.1032437.D1032437.16841472161207246.ackdone@bugs.debian.org>
Reply-to: 1032437@bugs.debian.org
References: <E1pyVci-007Lcu-VF@fasolo.debian.org> <ZAZBwf5mXjOOU3mr@ce>

Your message dated Mon, 15 May 2023 10:40:12 +0000
with message-id <E1pyVci-007Lcu-VF@fasolo.debian.org>
and subject line Bug#1032437: fixed in linux 6.3.2-1~exp1
has caused the Debian Bug report #1032437,
regarding linux: Enable TDX Guest Support driver
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1032437: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032437
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: linux: Enable TDX Guest Support driver
From: Miguel Bernal Marin <miguel.bernal.marin@gmail.com>
Date: Mon, 6 Mar 2023 13:40:49 -0600
Message-id: <ZAZBwf5mXjOOU3mr@ce>

Source: linux
Version: 6.1.12-1
Severity: wishlist
Tags: patch, sid
X-Debbugs-Cc: miguel.bernal.marin@linux.intel.com, jair.de.jesus.gonzalez.plascencia@linux.intel.com

Dear Maintainer,

Please enable the Intel's Trust Domain Extensions (TDX) Guest driver.

Intel’s Trust Domain Extensions (TDX) protect confidential guest VMs from
the host and physical attacks by isolating the guest register state and by
encrypting the guest memory. In TDX, a special module running in a special
mode sits between the host and the guest and manages the guest/host
separation [2].

Since the host cannot directly access guest registers or memory, much normal
functionality of a hypervisor must be moved into the guest. This is
implemented using a Virtualization Exception (#VE) that is handled by the
guest kernel. A #VE is handled entirely inside the guest kernel, but some
require the hypervisor to be consulted.

TDX includes new hypercall-like mechanisms for communicating from the guest
to the hypervisor or the TDX module.

Intel® Trust Domain Extensions (Intel® TDX) is introducing new, architectural
elements to help deploy hardware-isolated, virtual machines (VMs) called trust
domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine
manager (VMM)/hypervisor and any other non-TD software on the platform to
protect TDs from a broad range of software [1]. These hardware-isolated TDs
include:

* Secure-Arbitration Mode (SEAM) – a new mode of the CPU designed to host
an Intel-provided, digitally-signed, security-services module called the
Intel TDX module.

* Shared bit in GPA to help allow TD to access shared memory.

* Secure EPT to help translate private GPA to provide address-translation
integrity and to prevent TD-code fetches from shared memory. Encryption
and integrity protection of private-memory access using a TD-private key
is the goal.

* Physical-address-metadata table (PAMT) to help track page allocation, page
initialization, and TLB consistency.

* Multi-key, total-memory-encryption (MKTME) engine designed to provide
memory encryption using AES-128- XTS and integrity using 28-bit MAC and a
TD-ownership bit.

* Remote attestation designed to provide evidence of TD executing on a
genuine, Intel TDX system and its TCB version.

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
[2] https://docs.kernel.org/x86/tdx.html

A MR was created at:

https://salsa.debian.org/kernel-team/linux/-/merge_requests/671

Thanks,
Miguel

--- End Message ---

--- Begin Message ---

To: 1032437-close@bugs.debian.org
Subject: Bug#1032437: fixed in linux 6.3.2-1~exp1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 15 May 2023 10:40:12 +0000
Message-id: <E1pyVci-007Lcu-VF@fasolo.debian.org>
Reply-to: Ben Hutchings <benh@debian.org>

Source: linux
Source-Version: 6.3.2-1~exp1
Done: Ben Hutchings <benh@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1032437@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <benh@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 May 2023 02:12:25 +0200
Source: linux
Architecture: source
Version: 6.3.2-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Closes: 1028463 1032437 1033061 1033095 1034506 1035569
Changes:
 linux (6.3.2-1~exp1) experimental; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2
 .
   [ Diederik de Haas ]
   * [arm64] Improve support for rk3328 devices
     - drivers/clk: Enable COMMON_CLK
     - drivers/clk/rockchip: Enable CLK_RK3328
     - drivers/cpuidle[arm]: Enable ARM_PSCI_CPUIDLE_DOMAIN
     - drivers/gpio: Enable GPIO_ROCKCHIP as module
     - drivers/gpio: Enable GPIO_SYSCON as module
     - drivers/pinctrl: Enable PINCTRL_ROCKCHIP as module
     - drivers/power/reset: Enable SYSCON_REBOOT_MODE as module
     - drivers/soc/rockchip: Enable ROCKCHIP_GRF
   * [arm64] Improve support for rk3399 devices
     - drivers/clk/rockchip: Enable CLK_RK3399
     - drivers/mmc/core: Enable PWRSEQ_SIMPLE
     - drivers/soc/rockchip: Enable ROCKCHIP_DTPM as module
     - drivers/usb/dwc3: Enable USB_DWC3_OF_SIMPLE as module
   * [arm64] Improve support for rk356x devices
     - drivers/clk/rockchip: Enable CLK_RK3568
     - drivers/firmware/arm_scmi: Enable ARM_SCMI_TRANSPORT_SMC
     - drivers/gpu/drm/bridge: Enable DRM_DISPLAY_CONNECTOR as module
     - drivers/misc: Enable SRAM
   * [rt] Update to 6.3.1-rt13
 .
   [ Yoann Congal ]
   * net/hsr: Enable PRP/HSR protocols as module (Closes: #1034506)
 .
   [ Vincent Blut ]
   * drivers/net/wireless/realtek/rtw89: Enable RTW89_8852BE and RTW89_8852CE
     as modules (Closes: #1035569)
 .
   [ Salvatore Bonaccorso ]
   * drivers/tty: Unset LEGACY_TIOCSTI (Closes: #1033095)
   * d/rules.real: Fix typo in setup_image target.
 .
   [ Aurelien Jarno ]
   * [riscv64] Enable support for hardware added in Linux 6.2 and 6.3 based on
     the upstream defconfig update: ARCH_R9A07G043, ARCH_RENESAS, ARCH_SUNXI,
     DMADEVICES, DMA_SUN6I, DRM_SUN4I, HW_RANDOM_JH7110, I2C_MV64XXX,
     MMC_SUNXI, NOP_USB_XCEIV, NVMEM_SUNXI_SID, PHY_SUN4I_USB, REGULATOR,
     REGULATOR_FIXED_VOLTAGE, RTC_DRV_SUN6I, SERIAL_SH_SCI, SPI_SUN6I,
     STMMAC_ETH, SUN50I_IOMMU, SUNXI_WATCHDOG, USB_MUSB_HDRC, USB_MUSB_SUNXI.
 .
   [ Ben Hutchings ]
   * [mips*] Increase RELOCATION_TABLE_SIZE to 0x1d0000 (fixes FTBFS)
   * [sh4/sh7785lcr] Modularise drivers to shrink kernel image (fixes FTBFS):
     - ata: Change ATA, SATA_SIL from built-in to modular
     - SCSI: Change SCSI, BLK_DEV_SD from built-in to modular
     - USB: Change USB, USB_EHCI_HCD, USB_R8A66597_HCD,_USB_STORAGE from
       built-in to modular
     - udeb: Add ata-modules, scsi-core-modules, usb-modules packages
   * [armel/marvell]: Disable features to shrink kernel image (fixes FTBFS):
     - security: Disable SECURITY_APPARMOR_EXPORT_BINARY
     - tcp: Disable MPTCP
     - tracing: Disable FUNCTION_TRACER
   * linux-kbuild: Fix cross-build regression in objtool in 6.3
   * linux-kbuild: Add support for objtool powerpc target
 .
   [ Andreas Hübner ]
   * d/templates: Improve package description for "header" packages
 .
   [ Martyn Welch ]
   * d/rules.real: Enable limiting of compression threading
 .
   [ Punit Agrawal ]
   * [arm64,armhf] drivers/hwtracing/coresight: Enable components
 .
   [ Miguel Bernal Marin ]
   * Enable MEI options for Intel ARC GPUs as modules (Closes: #1028463)
     - [amd64] drivers/gpu/drm/i915: Enable DRM_I915_PXP
     - [x86] drivers/misc/mei: Enable INTEL_MEI_GSC as module
     - [x86] drivers/misc/mei/pxp: Enable INTEL_MEI_PXP as module
   * Enable Intel Trust Domain Extensions - Guest Support (Closes: #1032437)
     - [amd64] arch/x86: Enable INTEL_TDX_GUEST
     - [amd64] drivers/virt/coco/tdx-guest: Enable TDX_GUEST_DRIVER as module
   * [amd64] drivers/platform/x86/intel/ifs: Enable Intel In-Field Scan (IFS)
     INTEL_IFS as module (Closes: #1033061)
Checksums-Sha1:
 408af5b497596e5b1e2f78d6c703919a7b90b684 287688 linux_6.3.2-1~exp1.dsc
 0ea85c2e182d87248bc52f84752129104072b0fe 139379328 linux_6.3.2.orig.tar.xz
 23d0dd6fd9314f6bd61b8404cb98f69ef7fe89c3 1460260 linux_6.3.2-1~exp1.debian.tar.xz
 294a2522dc5e15f22393d2a866882ace0a2fde44 8066 linux_6.3.2-1~exp1_source.buildinfo
Checksums-Sha256:
 b18442c022db21e24a01249663f100e909231cd244bde80364b6201d046af2c9 287688 linux_6.3.2-1~exp1.dsc
 5ec22f7ddc752d3f3753ab77d5afa0f90c7d526a7a48d3abb53e37f5863a11ad 139379328 linux_6.3.2.orig.tar.xz
 33a6b569a0eed4b497e37f886a38844971a330fb5a00953a72843fe2e36a1aa4 1460260 linux_6.3.2-1~exp1.debian.tar.xz
 847d510a398d9faa39e67eccf34151419c1dcc3ea47f1db102b6af4ac8f6ff4f 8066 linux_6.3.2-1~exp1_source.buildinfo
Files:
 d8c48a02a1841efe567f6cc27cd6242d 287688 kernel optional linux_6.3.2-1~exp1.dsc
 ab7f74312056ef02366e7436aaf7e74d 139379328 kernel optional linux_6.3.2.orig.tar.xz
 d04fa115cbcea5ea0c6dfd23948b3a0e 1460260 kernel optional linux_6.3.2-1~exp1.debian.tar.xz
 855c859b74d04577799b1da4017dd20a 8066 kernel optional linux_6.3.2-1~exp1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmRiBfYACgkQ57/I7JWG
EQnRvA//V6tW6XJ4oC0vfwapnXzUtdvYZwYGo9PM4opQ7aIKO2eYXu/HcAvjKVc1
zzWoqbF5vkytFi0cwEA3GG7gF8ypaNbs0K2+ZVSgXn36KAKXVfOFYNmj1c0mjc/u
UARLT9kIGzBrZfnON1L19FQ6Rvyzr4kUdLiKs3TP+5bu9zuoe7ZPZLGDIbVz5yn0
5WK8oxki8iaWCa553j3tJBErTQRny4nS8Kq65a/tm5epXdnkX0D89iMOYsXrYlqM
qKCDyRTx06B7J6+Di7ludT4FDuoYTuCH7rYJ1oODBbtg7bojktSgGobY4oBi7MF7
ekN2Rf2MOForPB2g5Xvq7Uwdbdly4vyDFaswPOV5fpx+s4P0kpej210nddJudwmA
OTYmnVAG/ThlUqvUjBhoKlXUajsC2BKHsmLjR4ry4eFBgrcYU6Rg1VKPQxcaqlrX
+Fuck1fFTdX+CZEKDNHnBoYiDMa1kr9IXCSbgXaPxeWiVzgsQFioD7fbUHjiUB9A
4IuYVaKGr3h+X8jUCfLnIb+b85+hPgOZTSQraPrA6Ge6WhXBdyB4fwrEB8t83Zti
Um8JwKEdAY1G3maef4ri54CqxHmQKVzXVVGdTB9sIi9CnjPs7n0OGDk3ypSgm5ZL
82qBhnKuOh7GrgTz3kRKpDhvz0SjzCV+2Y/c9fb74xu53cVT40s=
=+6aX
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#1028463: marked as done (linux: enable MEI options for Intel ARC)
Next by Date: Bug#1033095: marked as done (Disable TIOCSTI for trixie)
Previous by thread: Bug#1028463: marked as done (linux: enable MEI options for Intel ARC)
Next by thread: Bug#1033095: marked as done (Disable TIOCSTI for trixie)
Index(es):
- Date
- Thread