Module tdx_guest::tdvmcall

The TDVMCALL helps invoke services from the host VMM. From the perspective of the host VMM, the TDVMCALL is a trap-like, VM exit into the host VMM, reported via the SEAMRET instruction flow. By design, after the SEAMRET, the host VMM services the request specified in the parameters passed by the TD during the TDG.VP.VMCALL (that are passed via SEAMRET to the VMM), then resumes the TD via a SEAMCALL [TDH.VP.ENTER] invocation.

Structs

• CpuIdInfo

Enums

• Direction
• IoSize
• Operand
• TdVmcallError
• TdVmcallNum
  TDVMCALL Instruction Leaf Numbers Definition.

Functions

• cpuid
• get_quote
  GetQuote TDG.VP.VMCALL is a doorbell-like interface used to help send a message to the host VMM to queue operations that tend to be long-running operations. GetQuote is designed to invoke a request to generate a TD-Quote signing by a service hosting TD-Quoting Enclave operating in the host environment for a TD Report passed as a parameter by the TD. TDREPORT_STRUCT is a memory operand intended to be sent via the GetQuote TDG.VP.VMCALL to indicate the asynchronous service requested.
• get_td_service
  In Service TD scenario, there is a need to define interfaces for the command/response that may have long latency, such as communicating with local device via Secure Protocol and Data Model (SPDM), communicating with remote platform via Transport Layer Security (TLS) Protocol, or communicating with a Quoting Enclave (QE) on attestation or mutual authentication.
• get_tdvmcall_info
  GetTdVmCallInfo TDG.VP.VMCALL is used to help request the host VMM enumerate which TDG.VP.VMCALLs are supported.
• hlt
• io_read
• io_write
• map_gpa
  MapGPA TDG.VP.VMCALL is used to help request the host VMM to map a GPA range as private or shared-memory mappings. This API may also be used to convert page mappings from private to shared. The GPA range passed in this operation can indicate if the mapping is requested for a shared or private memory via the GPA.Shared bit in the start address.
• perform_cache_operation
  Used to help perform WBINVD or WBNOINVD operation.
• print
• rdmsr^⚠
  Safety
• read_mmio^⚠
  Safety
• setup_event_notify_interrupt
  The guest TD may request that the host VMM specify which interrupt vector to use as an event-notify vector. This is designed as an untrusted operation; thus, the TD OS should be designed not to use the event notification for trusted operations. Example of an operation that can use the event notify is the host VMM signaling a device removal to the TD, in response to which a TD may unload a device driver. The host VMM should use SEAMCALL [TDWRVPS] leaf to inject an interrupt at the requestedinterrupt vector into the TD VCPU that executed TDG.VP.VMCALL via the posted-interrupt descriptor.
• write_mmio^⚠
  Safety
• wrmsr^⚠
  Safety