enable CONFIG_INTEL_TDX_HOST in linux >= 6.8 for noble
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Noble |
New
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Intel Trust Domain Extensions (TDX) protects guest VMs from malicious host and certain physical attacks.
Linux 6.7 introduced the TDX support for the host to run confidential VMs (TDX guests).
Bug #2046040 enabled TDX_HOST on noble but that was disabled when updating to 6.8 as this was committed:
cb8eb06d50fcf4 x86/virt/tdx: Disable TDX host support when kexec is enabled
[Test case]
We should probably define with Intel a proper test case to test this feature, since it requires special hardware/firmware support.
[Fix]
Enable CONFIG_
[Regression potential]
The TDX host support may introduce potential performance regressions, so we should probably do some performance evaluation with vs without CONFIG_