Skip to content

[RTE-680] Add TDX types to sgx-isa crate and create tdx-ql crate #857

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Taowyoo wants to merge 25 commits into
base: master
Choose a base branch
from
Open

[RTE-680] Add TDX types to sgx-isa crate and create tdx-ql crate #857

Taowyoo wants to merge 25 commits into from

Conversation

@Taowyoo
Copy link
Collaborator

@Taowyoo Taowyoo commented Jan 18, 2026
edited
Loading

Summary

Add TDX attestation support via a new tdx-ql crate, split common layout macros into a standalone memory-layout crate, and update CI setup.

Changes

  • Add intel-tdx/tdx-ql crate with TDX report + RTMR extend APIs implemented by nix::ioctl (default) via /dev/tdx_guest.
  • Move shared layout macros (struct_def!, impl_default_clone_eq!) into new memory-layout crate and wire sgx-isa feature flags through it.
  • Add TDX report structs/constants to intel-sgx/sgx-isa/src/tdx.rs and export via sgx-isa.
  • Add tdx-ql and memory-layout to the workspace.
  • CI: use install_build_deps.sh, add tdx-ql test step; release workflow accepts tdx-isa_vX.Y.Z tags.
  • Add tdx_ql_cli example cli program for manual testing.

Testing

  • Unit tests added in tdx-ql for report/extend error paths.

@Taowyoo Taowyoo self-assigned this Jan 18, 2026
@Taowyoo Taowyoo added the TDX label Jan 18, 2026
@Taowyoo Taowyoo force-pushed the yx/rte-680-intel_tdx branch from e661b9c to 5c7bbe9 Compare January 18, 2026 14:53
@Taowyoo
feat(build): update CI workflow to install build dependencies from sc…
82f621c 
…ript and add tdx-isa version to release triggers
@Taowyoo Taowyoo force-pushed the yx/rte-680-intel_tdx branch from 5c7bbe9 to 82f621c Compare January 18, 2026 15:04
@Taowyoo Taowyoo requested a review from gilanghamidy January 18, 2026 15:06
raoulstrackx
raoulstrackx reviewed Jan 18, 2026
View reviewed changes
@Taowyoo Taowyoo requested a review from raoulstrackx January 20, 2026 10:42
@Taowyoo Taowyoo force-pushed the yx/rte-680-intel_tdx branch from 2937656 to 5678749 Compare January 21, 2026 07:13
@Taowyoo Taowyoo force-pushed the yx/rte-680-intel_tdx branch from 5678749 to baab81c Compare January 21, 2026 07:15
@Taowyoo Taowyoo changed the title [RTE-680] Add tdx-isa crate, and streamline CI deps [RTE-680] Add TDX types to sgx-isa crate and create tdx-ql crate Jan 22, 2026
@Taowyoo Taowyoo added the C-sgx-isa Crate: sgx-isa label Jan 22, 2026
@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Jan 22, 2026

Added feat(tdx-ql): remove intel tdx-attest-rs backend to remove the appraoch that using Intel's rust binding crate.

The ioctl approach looks cleaner.

Please be free to suggest any ideas on this.

jethrogb
jethrogb reviewed Jan 22, 2026
View reviewed changes
@Taowyoo Taowyoo requested a review from jethrogb January 22, 2026 16:26
@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Jan 23, 2026

Added tdx_ql_cli example cli, successfully got report in a TD:

root@tdx-guest:~# ./tdx_ql_cli get-report 
report_size=1024 bytes
report_hex=8100000000000000000000000000000006060a0a05ff00020000000000000000c8d2ed60a7eccfd48bda6d716cdd7c30650fa2eb9a51f0b3aad6b596e6b1843cfca07b2cd8bbb16e1e6f51559c0b986b553c4dd23eb8d9dd303c9f9d0480699de3afa71346bcaa744576e0481b59d2e7370cbe3afc833f0cd5eb0b077ed0edf2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c657444601077f93f2a5e9abf537ad83aa91350c51cab81039274a3119c5d8c5ff010300000000000b0106000000000000000000000000007bf063280e94fb051f5dd7b1fc59ce9aac42bb961df8d44b709c9b0ff87a7b4df648657ba6d1189589feab1d5a3c9a9d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0106000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000702000000000000eea8b6a814569a52bd1e12f6b869bb2d9c0c8a7a43e658ffc3b42c199f116157ea7f04d359c7fdfd8ac483152cc1354200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080b0247b5c29c6b5261c7c0aeddd9483b796809e12cd391c803873ba3ca52ea049e5c846e8dc3d97a524b39f1656ce2aa4db3ec8c881ad466c26333037dba1092408bd592d75451b45a3a2b054a88996c5b41ad808162414f1f470cdf15205fe783b6b2cfcb73273cf4cd2f7f385812944a5ce383d889805ecbc72281a140e46d96d8035a618fdf5f956d45c2ae1d99600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

@gilanghamidy
Copy link
Member

gilanghamidy commented Jan 31, 2026

Maybe we should put the tdx-ql crate also under intel-sgx instead. Because the sgx-isa (and later the pcs and dcap-artifact-retrieval) also consists of TDX stuff, which makes intel-sgx directory also has TDX functionality in it. Adding separate intel-tdx directory specifically for TDX will make the structure inconsistent and confusing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aditijannu aditijannu Awaiting requested review from aditijannu

@gilanghamidy gilanghamidy Awaiting requested review from gilanghamidy

@raoulstrackx raoulstrackx Awaiting requested review from raoulstrackx

@jethrogb jethrogb Awaiting requested review from jethrogb

At least 1 approving review is required to merge this pull request.

Assignees

@Taowyoo Taowyoo

Labels

C-sgx-isa Crate: sgx-isa TDX

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Taowyoo @gilanghamidy @jethrogb @raoulstrackx