x86/tdx: Add TDG.MR.KEY.GET ABI support#149
Merged
mingweishih merged 1 commit intoJun 30, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Adds TDG.MR.KEY.GET support to the x86 TDX guest stack by exposing a new userspace ioctl and wiring it to a new in-kernel TDCALL wrapper, enabling derivation of a persistent sealing key bound to TD measurements/policy.
Changes:
- Introduces
struct tdx_key_get_reqandTDX_CMD_KEY_GETioctl in the TDX guest UAPI. - Implements
TDX_CMD_KEY_GEThandling in thetdx-guestdriver, including userspace marshalling of TDKEYREQUEST and key output buffers. - Adds the
TDG_MR_KEY_GETleaf ID and atdx_mcall_key_get()wrapper for invoking the TDCALL.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| include/uapi/linux/tdx-guest.h | Adds the KEY.GET ioctl UAPI struct and command definition. |
| drivers/virt/coco/tdx-guest/tdx-guest.c | Adds ioctl handler that allocates/marshals KEY.GET buffers and calls into the TDX module wrapper. |
| arch/x86/include/asm/tdx.h | Declares the new tdx_mcall_key_get() wrapper. |
| arch/x86/include/asm/shared/tdx.h | Adds the TDG.MR.KEY.GET TDCALL leaf ID constant. |
| arch/x86/coco/tdx/tdx.c | Implements tdx_mcall_key_get() wrapper calling __tdcall(). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add support for the TDG.MR.KEY.GET TDCALL, which derives a persistent, hardware-bound sealing key for the TD customized to its measurements and policy. Add the tdx_mcall_key_get() wrapper, the TDX_CMD_KEY_GET ioctl with its tdx_key_get_req UAPI structure, and the tdx_guest driver handler that marshals the TDKEYREQUEST input and key output buffers with the alignment required by the TDX module ABI. [mishih: fix typos and a misplaced apostrophe from the original patch; use _IOWR since the ioctl both reads the request and writes back the key and error code; document that kmalloc()/kzalloc() satisfy the 128B and 32B buffer alignment for these power-of-two sizes; write err_code back on success so callers do not observe a stale value; and use kfree_sensitive() to clear keying material] Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Signed-off-by: Ming-Wei Shih <mishih@microsoft.com>
5b96828 to
b674e6c
Compare
chris-oo
approved these changes
Jun 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add support for the TDG.MR.KEY.GET TDCALL, which derives a persistent, hardware-bound sealing key for the TD customized to its measurements and policy. Add the tdx_mcall_key_get() wrapper, the TDX_CMD_KEY_GET ioctl with its tdx_key_get_req UAPI structure, and the tdx_guest driver handler that marshals the TDKEYREQUEST input and key output buffers with the alignment required by the TDX module ABI.