• Kai Huang's avatar
    x86/virt/tdx: Handle TDX interaction with sleep and hibernation · f3f6aa68
    Kai Huang authored
    TDX is incompatible with hibernation and some ACPI sleep states.
    Users must disable hibernation to use TDX.  Users must also disable
    TDX if they want to use ACPI S3 sleep.
    
    This feels a bit wonky and asymmetric, but it avoids adding any new
    command-line parameters for now.  It can be improved if users hate it
    too much.
    
    Long version:
    
    TDX cannot survive from S3 and deeper states.  The hardware resets and
    disables TDX completely when platform goes to S3 and deeper.  Both TDX
    guests and the TDX module get destroyed permanently.
    
    The kernel uses S3 to support suspend-to-ram, and S4 or deeper states to
    support hibernation.  The kernel also maintains TDX states to track
    whether it has been initialized and its metadata resource, etc.  After
    resuming from S3 or hibernation, these TDX states won't be correct
    anymore.
    
    Theoretically, the kernel can do more complicated things like resetting
    TDX internal states and TDX module metadata before going to S3 or
    deeper, and re-initialize TDX module after resuming, etc, but there is
    no way to save/restore TDX guests for now.
    
    Until TDX supports full save and restore of TDX guests, there is no big
    value to handle TDX module in suspend and hibernation alone.  To make
    things simple, just choose to make TDX mutually exclusive with S3 and
    hibernation.
    
    Note the TDX module is initialized at runtime.  To avoid having to deal
    with the fuss of determining TDX state at runtime, just choose TDX vs S3
    and hibernation at kernel early boot.  It's a bad user experience if the
    choice of TDX and S3/hibernation is done at runtime anyway, i.e., the
    user can experience being able to do S3/hibernation but later becoming
    unable to due to TDX being enabled.
    
    Disable TDX in kernel early boot when hibernation support is available.
    Currently there's no mechanism exposed by the hibernation code to allow
    other kernel code to disable hibernation once for all.  Users that want
    TDX must disable hibernation, like using hibername=no on the command
    line.
    
    Disable ACPI S3 when TDX is enabled by the BIOS.  For now the user needs
    to disable TDX in the BIOS to use ACPI S3.  A new kernel command line
    can be added in the future if there's a need to let user disable TDX
    host via kernel command line.
    
    Alternatively, the kernel could disable TDX when ACPI S3 is supported
    and request the user to disable S3 to use TDX.  But there's no existing
    kernel command line to do that, and BIOS doesn't always have an option
    to disable S3.
    
    [ dhansen: subject / changelog tweaks ]
    Signed-off-by: default avatarKai Huang <kai.huang@intel.com>
    Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
    Reviewed-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
    Reviewed-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
    Link: https://lore.kernel.org/all/20231208170740.53979-16-dave.hansen%40intel.com
    f3f6aa68
tdx.c 33.8 KB