Ubuntu
linux package

enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble

Bug #2046040 reported by Andrea Righi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Noble
Won't Fix
Undecided
Unassigned

Bug Description

[Impact]

Intel Trust Domain Extensions (TDX) protects guest VMs from malicious host and certain physical attacks.
Linux 6.7 introduced the TDX support for the host to run confidential VMs (TDX guests).

[Test case]

We should probably define with Intel a proper test case to test this feature, since it requires special hardware/firmware support.

[Fix]

Enable CONFIG_INTEL_TDX_HOST in our generic kernel.

[Regression potential]

The TDX host support may introduce potential performance regressions, so we should probably do some performance evaluation with vs without CONFIG_INTEL_TDX_HOST enabled.

Andrea Righi (arighi)
affects: linux-lowlatency (Ubuntu) → linux (Ubuntu)
Andrea Righi (arighi)
Changed in linux (Ubuntu Noble):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 6.8.0-11.11

---------------
linux (6.8.0-11.11) noble; urgency=medium

  * noble/linux: 6.8.0-11.11 -proposed tracker (LP: #2053094)

  * Miscellaneous Ubuntu changes
    - [Packaging] riscv64: disable building unnecessary binary debs

 -- Paolo Pisati <email address hidden> Wed, 14 Feb 2024 00:04:31 +0100

Changed in linux (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Thibf (thibf) wrote :

When switching to 6.8-rc1, this commit was introduced:

cb8eb06d50fcf4 x86/virt/tdx: Disable TDX host support when kexec is enabled

Which led to this config to be removed with this commit:

ca03be74737277 UBUNTU: [Config] updateconfigs following v6.8-rc1 rebase

So this isn't fixed in 6.8

Revision history for this message
Andrea Righi (arighi) wrote :

Changing the state to Won't fix, because of LP: #2059762.

Changed in linux (Ubuntu Noble):
status: Fix Released → Won't Fix
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-6.8/6.8.0-1006.6~22.04.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-6.8' to 'verification-done-jammy-linux-nvidia-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-6.8' to 'verification-failed-jammy-linux-nvidia-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-nvidia-6.8-v2 verification-needed-jammy-linux-nvidia-6.8
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.