Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp260912imn;
        Wed, 3 Aug 2022 02:45:21 -0700 (PDT)
X-Google-Smtp-Source: AA6agR7RrSYW0IpDxDzShHT4CjCFiMQO8vHLrcz9VomN1f0rWB6fvALcfV8sfv1D2vrhyYJeQqZq
X-Received: by 2002:a05:6402:3293:b0:43e:4a21:af84 with SMTP id f19-20020a056402329300b0043e4a21af84mr1583995eda.170.1659519921435;
        Wed, 03 Aug 2022 02:45:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1659519921; cv=none;
        d=google.com; s=arc-20160816;
        b=lZKqI9QfAtJy4mV9RhoxqK1xCi5dvfH1iBpK1E2OUJFgcErQtCvnS7X6sKIGo8+xVX
         28NjRWhB8ANBvGApVcTvNBbMyRKG4h7RZDqcJpgc0x1VetYMAUSbl3kKco+4j+glKvMq
         sVYzgyLwJCH/oZjcH/uEIOpGTirBUvPWAxK8P5aK2YK4qZAEL+DGM4ygNq5U3k2cINTD
         8qEn82Z6JB0K8mIeDrfJaVASx9mEK6nKoPQJwwzry4DGZo7Os3TW94xAU1mBDhG1+dqr
         7nPZNlvxfhb3+OfCnskR3T+gKRFTWmnVNBWNs7cO+O+TERXyS2bfFR8+v89fCuyN7J/C
         kwow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent
         :content-transfer-encoding:references:in-reply-to:date:cc:to:from
         :subject:message-id:dkim-signature;
        bh=zHlI/iGv+DAR7yO1nZvuwYu+HMT5LX6fSWnpOvYfsS0=;
        b=KORk0VcDEbLQxy8bvjOM7zsejntmwNorTToZ+1oYEMupKHgx64PlHtkihYHjSLMZyv
         A9pC5JnN/P/ea78Qf7u3MdZRQmhy+WYTUD0j8X2RMp4Nr7yDp88Pyc3i/tkOzrtnrWfr
         XAPdDEpD3k1ducO7AvnZZ4RLXzVyhtRbY9srZNIrjKxd8NQBijFNeq1kOL4YJ53efIDP
         bjSO+ohUKZQDdq3vT5m4kcgWGVrVZrUXBwTi6f44RjoeVaP9Q8pHeCbCNOCIrc3hH1JY
         B8Y01cAtERIwbwtQaqRb00M3Iax2JGqcZ2DfetJhwSRVnAZS6oqZEyoLcZ3qUDDigh5n
         BMhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=mzNn1WL8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id di15-20020a170906730f00b00730822632e8si4109442ejc.535.2022.08.03.02.44.56;
        Wed, 03 Aug 2022 02:45:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=mzNn1WL8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236174AbiHCJUo (ORCPT <rfc822;alvinliu630@gmail.com>
        + 99 others); Wed, 3 Aug 2022 05:20:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38800 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234652AbiHCJUl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Aug 2022 05:20:41 -0400
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78CB74B0ED;
        Wed,  3 Aug 2022 02:20:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1659518440; x=1691054440;
  h=message-id:subject:from:to:cc:date:in-reply-to:
   references:content-transfer-encoding:mime-version;
  bh=QdS5RtaD0CycG9Edwc4z5a24SxaDH/1WGpeoyI9KL50=;
  b=mzNn1WL8/w6ikhASdP7Vy7dYoXuUmMb2q3wbg88AofrtzxjYr/jJnjA0
   k4EBj9m3F5u/jEik5S1BsXd+wYzr4f2r9b/JhxYLCGnZOgnGJ13/AHem2
   egRVUuSLGPYC35H+cmLdgxDzTZuI1QUDp6Nrz/HGLE2ANlcdfdBhvzhvS
   83FuIre1bJIsgRDcIn9zHFL333oc95zsTkz6A3v6F+c9S8nAbFGyMQejE
   nCIbkgIWUPa+eeGKsrSypHBahtxHXxUm5aDOV+67YoaieMAQ0XOy1buNf
   SxPw7Ym7T2QG9L6WA4NGTI3JcWav+9PNCo0aMmDkLgI8ZvH8UGogPcG4e
   Q==;
X-IronPort-AV: E=McAfee;i="6400,9594,10427"; a="287187885"
X-IronPort-AV: E=Sophos;i="5.93,213,1654585200"; 
   d="scan'208";a="287187885"
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Aug 2022 02:20:40 -0700
X-IronPort-AV: E=Sophos;i="5.93,213,1654585200"; 
   d="scan'208";a="602762965"
Received: from gvenka2-desk.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.212.85.17])
  by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Aug 2022 02:20:34 -0700
Message-ID: <02f40786caee3ecf9b2bfd90c70317c282dd87e5.camel@intel.com>
Subject: Re: [PATCH v5 02/22] cc_platform: Add new attribute to prevent ACPI
 CPU hotplug
From:   Kai Huang <kai.huang@intel.com>
To:     Binbin Wu <binbin.wu@linux.intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     linux-acpi@vger.kernel.org, seanjc@google.com, pbonzini@redhat.com,
        len.brown@intel.com, tony.luck@intel.com,
        rafael.j.wysocki@intel.com, reinette.chatre@intel.com,
        dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com,
        kirill.shutemov@linux.intel.com,
        sathyanarayanan.kuppuswamy@linux.intel.com,
        isaku.yamahata@intel.com, thomas.lendacky@amd.com,
        Tianyu.Lan@microsoft.com, rdunlap@infradead.org, Jason@zx2c4.com,
        juri.lelli@redhat.com, mark.rutland@arm.com, frederic@kernel.org,
        yuehaibing@huawei.com, dongli.zhang@oracle.com
Date:   Wed, 03 Aug 2022 21:20:32 +1200
In-Reply-To: <041f2d03-c32f-c578-f714-5b01bb8bc46b@linux.intel.com>
References: <cover.1655894131.git.kai.huang@intel.com>
         <f4bff93d83814ea1f54494f51ce3e5d954cf0f5b.1655894131.git.kai.huang@intel.com>
         <43a67bfe-9707-33e0-2574-1e6eca6aa24b@intel.com>
         <5ebd7c3cfb3ab9d77a2577c4864befcffe5359d4.camel@intel.com>
         <041f2d03-c32f-c578-f714-5b01bb8bc46b@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.44.3 (3.44.3-1.fc36) 
MIME-Version: 1.0
X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2022-08-03 at 11:40 +0800, Binbin Wu wrote:
> host kernel is also not in TDX's TCB either, what would happen if kernel=
=20
> doesn't
> do anything in case of buggy BIOS? How does TDX handle the case to=20
> enforce the
> secure of TDs?

TDX doesn't support hot-add or hot-removal CPU from TDX' security perimeter=
 at
runtime.  Even BIOS/kernel can ever bring up new CPUs at runtime, the new C=
PUs
cannot run within TDX's security domain, in which case TDX's security isn't
compromised.  If kernel schedules a TD to a new added CPU, then AFAICT the
behaviour is TDX module implementation specific but not architectural.  A
reasonable behaviour would be the TDENTER should refuse to run when the CPU
isn't verified by TDX during boot.

If any CPU is hot-removed, then the security's TDX isn't compromised, but T=
DX is
not guaranteed to functionally work anymore.

--=20
Thanks,
-Kai