TDX disabled in bios

[matti]

I know this is not directly related to tdx-tools, but what could be missing? I can not enable TDX it's not selectable and looks disabled.

The CPU is w3-2423, motherboard is Asus Pro WS W790E-SAGE SE

[matti]

Okay so in here by an Intel employee Kai Huang kai.huang@intel.com https://patchwork.kernel.org/project/kvm/patch/062075b36150b119bf2d0a1262de973b0a2b11a7.1654025431.git.kai.huang@intel.com/

It says that

To enable TDX, BIOS needs to configure SEAMRR (core-scope) and TDX
private KeyIDs (package-scope) consistently for all packages. TDX
doesn't trust BIOS. TDX ensures all BIOS configurations are correct,
and if not, refuses to enable SEAMRR on any core. This means detecting
SEAMRR alone on BSP is enough to check whether TDX has been enabled by
BIOS.

So it's not clear if BIOS even needs to be enabled. Meanwhile I've updated to the latest BIOS and firmware.

[kenplusplus]

For the general requirement on HW and BIOS, you can refer to the chapter 2 at https://www.intel.com/content/www/us/en/content-details/780133/whitepaper-linux-stacks-for-intel-trust-domain-extension-1-0.html

But it may various on different vendor's hardware and BIOS. So you may need contact sales or vendor for TDX support status.

[matti]

This link does not give any concrete information.

I have contacted Asus on this.

[kenplusplus]

This link does not give any concrete information.

I have contacted Asus on this.

Thanks!

[rezabfil-sec]

@matti did you have any luck with the support? I am in the same situation. Thanks in advnce for your time!

[matti]

@rezabfil-sec not yet, the case is still open. what hardware do you have?

feel free to email me at matti.paksula@iki.fi

[matti]

Basically no Sapphire Rapids supports TDX - Emerald Rapids will, see #399