Re: [PATCH v2 1/1] KVM: TDX: Handle TDG.VP.VMCALL<GetQuote>

[Huang, Kai]

On Wed, 2025-04-16 at 13:54 +0800, Binbin Wu wrote:
> Handle TDVMCALL for GetQuote to generate a TD-Quote.
> 
> GetQuote is a doorbell-like interface used by TDX guests to request VMM
> to generate a TD-Quote signed by a service hosting TD-Quoting Enclave
> operating on the host.  A TDX guest passes a TD Report (TDREPORT_STRUCT) in
> a shared-memory area as parameter.  Host VMM can access it and queue the
> operation for a service hosting TD-Quoting enclave.  When completed, the
> Quote is returned via the same shared-memory area.
> 
> KVM only checks the GPA from the TDX guest has the shared-bit set and drops
> the shared-bit before exiting to userspace to avoid bleeding the shared-bit
> into KVM's exit ABI.  KVM forwards the request to userspace VMM (e.g. QEMU)
> and userspace VMM queues the operation asynchronously.  KVM sets the return
> code according to the 'ret' field set by userspace to notify the TDX guest
> whether the request has been queued successfully or not.  When the request
> has been queued successfully, the TDX guest can poll the status field in
> the shared-memory area to check whether the Quote generation is completed
> or not.  When completed, the generated Quote is returned via the same
> buffer.
> 
> Add KVM_EXIT_TDX_GET_QUOTE as a new exit reason to userspace.
> 
> Signed-off-by: Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx>
> Tested-by: Mikko Ylinen <mikko.ylinen@xxxxxxxxxxxxxxx>

Acked-by: Kai Huang <kai.huang@xxxxxxxxx>