diff --git a/alioth/src/arch/x86_64/tdx.rs b/alioth/src/arch/x86_64/tdx.rs new file mode 100644 index 00000000..1fd9fa01 --- /dev/null +++ b/alioth/src/arch/x86_64/tdx.rs @@ -0,0 +1,25 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use bitflags::bitflags; + +bitflags! { + #[derive(Default, Debug, Clone, Copy, PartialEq, Eq, Hash)] + pub struct TdAttr: u64 { + const DEBUG = 1 << 0; + const SEPT_VE_DISABLE = 1 << 28; + const PKS = 1 << 30; + const PERFMON = 1 << 63; + } +} diff --git a/alioth/src/arch/x86_64/x86_64.rs b/alioth/src/arch/x86_64/x86_64.rs index d5727553..af5c9c7b 100644 --- a/alioth/src/arch/x86_64/x86_64.rs +++ b/alioth/src/arch/x86_64/x86_64.rs @@ -20,3 +20,4 @@ pub mod msr; pub mod paging; pub mod reg; pub mod sev; +pub mod tdx; diff --git a/alioth/src/sys/linux/kvm.rs b/alioth/src/sys/linux/kvm.rs index ce24e235..c8115274 100644 --- a/alioth/src/sys/linux/kvm.rs +++ b/alioth/src/sys/linux/kvm.rs @@ -39,6 +39,7 @@ consts! { SEV = 2; SEV_ES = 3; SNP = 4; + TDX = 5; } } diff --git a/alioth/src/sys/linux/linux.rs b/alioth/src/sys/linux/linux.rs index 9dd67b70..67cba0f6 100644 --- a/alioth/src/sys/linux/linux.rs +++ b/alioth/src/sys/linux/linux.rs @@ -17,5 +17,7 @@ pub mod ioctl; pub mod kvm; #[cfg(target_arch = "x86_64")] pub mod sev; +#[cfg(target_arch = "x86_64")] +pub mod tdx; pub mod vfio; pub mod vhost; diff --git a/alioth/src/sys/linux/tdx.rs b/alioth/src/sys/linux/tdx.rs new file mode 100644 index 00000000..c864761b --- /dev/null +++ b/alioth/src/sys/linux/tdx.rs @@ -0,0 +1,80 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use bitflags::bitflags; + +use crate::arch::tdx::TdAttr; +use crate::consts; +use crate::sys::kvm::KvmCpuid2; + +consts! { + #[derive(Default)] + pub struct KvmTdxCmdId(u32) { + CAPABILITIES = 0; + INIT_VM = 1; + INIT_VCPU = 2; + INIT_MEM_REGION = 3; + FINALIZE_VM = 4; + GET_CPUID = 5; + } +} + +#[repr(C)] +#[derive(Debug, Copy, Clone, Default)] +pub struct KvmTdxCmd { + pub id: KvmTdxCmdId, + pub flags: u32, + pub data: u64, + pub hw_error: u64, +} + +#[repr(C)] +#[derive(Debug, Clone)] +pub struct KvmTdxCapabilities { + pub supported_attrs: TdAttr, + pub supported_xfam: u64, + pub kernel_tdvmcallinfo_1_r11: u64, + pub user_tdvmcallinfo_1_r11: u64, + pub kernel_tdvmcallinfo_1_r12: u64, + pub user_tdvmcallinfo_1_r12: u64, + pub reserved: [u64; 250], + pub cpuid: KvmCpuid2, +} + +#[repr(C)] +#[derive(Debug, Clone)] +pub struct KvmTdxInitVm { + pub attributes: u64, + pub xfam: u64, + pub mrconfigid: [u8; 48], + pub mrowner: [u8; 48], + pub mrownerconfig: [u8; 48], + pub reserved: [u64; 12], + pub cpuid: KvmCpuid2, +} + +#[repr(C)] +#[derive(Debug, Copy, Clone, Default)] +pub struct KvmTdxInitMemRegion { + pub source_addr: u64, + pub gpa: u64, + pub nr_pages: u64, +} + +bitflags! { + #[derive(Default, Debug, Clone, Copy, PartialEq, Eq, Hash)] + pub struct KvmTdxInitMemRegionFlag: u32 { + const MEASURE_MEMORY_REGION = 1 << 0; + } +}