[Kernel-packages] [Bug 2059230] [NEW] enable CONFIG_INTEL_TDX_HOST in linux >= 6.8 for noble

[Thibf]

Public bug reported:

[Impact]

Intel Trust Domain Extensions (TDX) protects guest VMs from malicious host and 
certain physical attacks.
Linux 6.7 introduced the TDX support for the host to run confidential VMs (TDX 
guests).

Bug #2046040 enabled TDX_HOST on noble but that was disabled when
updating to 6.8 as this was committed:

cb8eb06d50fcf4 x86/virt/tdx: Disable TDX host support when kexec is
enabled

[Test case]

We should probably define with Intel a proper test case to test this
feature, since it requires special hardware/firmware support.

[Fix]

Enable CONFIG_INTEL_TDX_HOST in our generic kernel.

[Regression potential]

The TDX host support may introduce potential performance regressions, so
we should probably do some performance evaluation with vs without
CONFIG_INTEL_TDX_HOST enabled.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Noble)
     Importance: Undecided
         Status: New

** Also affects: linux (Ubuntu Noble)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2059230

Title:
   enable CONFIG_INTEL_TDX_HOST in linux >= 6.8 for noble

Status in linux package in Ubuntu:
  New
Status in linux source package in Noble:
  New

Bug description:
  [Impact]

  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious host 
and certain physical attacks.
  Linux 6.7 introduced the TDX support for the host to run confidential VMs 
(TDX guests).

  Bug #2046040 enabled TDX_HOST on noble but that was disabled when
  updating to 6.8 as this was committed:

  cb8eb06d50fcf4 x86/virt/tdx: Disable TDX host support when kexec is
  enabled

  [Test case]

  We should probably define with Intel a proper test case to test this
  feature, since it requires special hardware/firmware support.

  [Fix]

  Enable CONFIG_INTEL_TDX_HOST in our generic kernel.

  [Regression potential]

  The TDX host support may introduce potential performance regressions,
  so we should probably do some performance evaluation with vs without
  CONFIG_INTEL_TDX_HOST enabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2059230/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp