x86/tdx: integrate fatal error reporting and improve initialization

2026-01-21 17:01:21 +08:00 · 2026-01-21 17:01:21 +08:00 · dee39e21d1
parent a82d185154
commit dee39e21d1
7 changed files with 30 additions and 10 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1772,12 +1772,13 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"

 [[package]]
 name = "tdx-guest"
-version = "0.2.2"
+version = "0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15fda2de9c0a2fdcc22e802af4f7f1e8f609a206f34d30986e3cd974b04911f0"
+checksum = "be70e62fdd829b19d5e1e03969f125391347e4e33d1419addfe59a45b043005d"
 dependencies = [
 "bitflags 1.3.2",
 "iced-x86",
+ "log",
 "raw-cpuid",
 "x86_64",
 ]
--- a/kernel/Cargo.toml
+++ b/kernel/Cargo.toml
@ -64,7 +64,7 @@ xarray.workspace = true
 xmas-elf.workspace = true

 [target.x86_64-unknown-none.dependencies]
-tdx-guest = { version = "0.2.2", optional = true }
+tdx-guest = { version = "0.2.4", optional = true }

 [target.riscv64imac-unknown-none-elf.dependencies]
 riscv = { version = "0.15.0", features = ["s-mode"] }
--- a/kernel/comps/virtio/Cargo.toml
+++ b/kernel/comps/virtio/Cargo.toml
@ -27,7 +27,7 @@ ostd.workspace = true
 typeflags-util.workspace = true

 [target.x86_64-unknown-none.dependencies]
-tdx-guest = { version = "0.2.2", optional = true }
+tdx-guest = { version = "0.2.4", optional = true }

 [features]
 all = ["cvm_guest"]
--- a/ostd/Cargo.toml
+++ b/ostd/Cargo.toml
@ -56,7 +56,7 @@ iced-x86 = { version = "1.21.0", default-features = false, features = [
    "decoder",
    "gas",
 ], optional = true }
-tdx-guest = { version = "0.2.2", optional = true }
+tdx-guest = { version = "0.2.4", optional = true }
 unwinding = { version = "=0.2.8", default-features = false, features = ["fde-gnu-eh-frame-hdr", "hide-trace", "panic", "personality", "unwinder"] }

 [target.riscv64imac-unknown-none-elf.dependencies]
--- a/ostd/libs/linux-bzimage/setup/Cargo.toml
+++ b/ostd/libs/linux-bzimage/setup/Cargo.toml
@ -24,7 +24,7 @@ xmas-elf.workspace = true
 [target.x86_64-unknown-none.dependencies]
 uefi = { version = "0.32.0", features = ["global_allocator", "panic_handler", "logger", "qemu"]}
 uefi-raw = "0.8.0"
-tdx-guest = { version = "0.2.2", optional = true }
+tdx-guest = { version = "0.2.4", optional = true }

 [features]
 default = ["cvm_guest"]
--- a/ostd/src/arch/x86/mod.rs
+++ b/ostd/src/arch/x86/mod.rs
@ -22,13 +22,30 @@ pub(crate) mod tdx_guest;
 #[cfg(feature = "cvm_guest")]
 pub(crate) fn init_cvm_guest() {
    use ::tdx_guest::{
-        disable_sept_ve, init_tdx, metadata, reduce_unnecessary_ve,
+        SeptVeError, disable_sept_ve, init_tdx, metadata, reduce_unnecessary_ve,
        tdcall::{InitError, write_td_metadata},
+        tdvmcall::report_fatal_error_simple,
    };
    match init_tdx() {
        Ok(td_info) => {
            reduce_unnecessary_ve().unwrap();
-            disable_sept_ve(td_info.attributes).unwrap();
+            match disable_sept_ve(td_info.attributes) {
+                Ok(_) => {}
+                Err(SeptVeError::Misconfiguration) => {
+                    crate::early_println!(
+                        "[kernel] Error: TD misconfiguration: \
+                        The SEPT_VE_DISABLE bit of the TD attributes must be set by VMM \
+                        when running in non-debug mode and FLEXIBLE_PENDING_VE is not enabled."
+                    );
+                    report_fatal_error_simple("TD misconfiguration: SEPT #VE has to be disabled");
+                }
+                Err(e) => {
+                    crate::early_println!("[kernel] Error: Unexpected TDX error: {:?}", e);
+                    report_fatal_error_simple(
+                        "Disabling SEPT #VE failed due to unexpected TDX error",
+                    );
+                }
+            }
            // Enable notification for zero step attack detection.
            write_td_metadata(metadata::NOTIFY_ENABLES, 1, 1).unwrap();

@ -39,10 +56,11 @@ pub(crate) fn init_cvm_guest() {
            );
        }
        Err(InitError::TdxGetVpInfoError(td_call_error)) => {
-            panic!(
-                "[kernel] Intel TDX not initialized, Failed to get TD info: {:?}",
+            crate::early_println!(
+                "[kernel] Intel TDX not initialized, Failed to get TD info. TD call error: {:?}",
                td_call_error
            );
+            report_fatal_error_simple("Intel TDX not initialized, Failed to get TD info.");
        }
        // The machine has no TDX support.
        Err(_) => {}
--- a/tools/qemu_args.sh
+++ b/tools/qemu_args.sh
@ -70,6 +70,7 @@ if [ "$1" = "tdx" ]; then
        -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
        -monitor chardev:mux \
        -serial chardev:mux \
+        -d guest_errors \
    "
    echo $QEMU_ARGS
    exit 0