Public bug reported: [Impact]
Intel Trust Domain Extensions (TDX) protects guest VMs from malicious host and certain physical attacks. Linux 6.7 introduced the TDX support for the host to run confidential VMs (TDX guests). Bug #2046040 enabled TDX_HOST on noble but that was disabled when updating to 6.8 as this was committed: cb8eb06d50fcf4 x86/virt/tdx: Disable TDX host support when kexec is enabled [Test case] We should probably define with Intel a proper test case to test this feature, since it requires special hardware/firmware support. [Fix] Enable CONFIG_INTEL_TDX_HOST in our generic kernel. [Regression potential] The TDX host support may introduce potential performance regressions, so we should probably do some performance evaluation with vs without CONFIG_INTEL_TDX_HOST enabled. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Affects: linux (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2059230 Title: enable CONFIG_INTEL_TDX_HOST in linux >= 6.8 for noble Status in linux package in Ubuntu: New Status in linux source package in Noble: New Bug description: [Impact] Intel Trust Domain Extensions (TDX) protects guest VMs from malicious host and certain physical attacks. Linux 6.7 introduced the TDX support for the host to run confidential VMs (TDX guests). Bug #2046040 enabled TDX_HOST on noble but that was disabled when updating to 6.8 as this was committed: cb8eb06d50fcf4 x86/virt/tdx: Disable TDX host support when kexec is enabled [Test case] We should probably define with Intel a proper test case to test this feature, since it requires special hardware/firmware support. [Fix] Enable CONFIG_INTEL_TDX_HOST in our generic kernel. [Regression potential] The TDX host support may introduce potential performance regressions, so we should probably do some performance evaluation with vs without CONFIG_INTEL_TDX_HOST enabled. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2059230/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp