x86/hyperv/vtl: Use the wakeup mailbox to boot secondary CPUs

ricardon · allenpais · commit d1ad1ee973b0 · 2025-06-19T13:00:50.000-07:00
The hypervisor is an untrusted entity for TDX guests. It cannot be used
to boot secondary CPUs. The function hv_vtl_wakeup_secondary_cpu() cannot
be used.

Instead, the virtual firmware boots the secondary CPUs and places them in
a state to transfer control to the kernel using the wakeup mailbox.

The kernel updates the APIC callback wakeup_secondary_cpu_64() to use
the mailbox if detected early during boot (enumerated via either an ACPI
table or a DeviceTree node).

Reviewed-by: Michael Kelley &lt;mhklinux@outlook.com&gt;
Signed-off-by: Ricardo Neri &lt;ricardo.neri-calderon@linux.intel.com&gt;
diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c
@@ -243,7 +243,8 @@ int __init hv_vtl_early_init(void)
 	 * Otherwise, use an enlightened path since SIPI is not
 	 * available for VTL2.
 	 */
-	if (!(hv_isolation_type_snp() && !hyperv_paravisor_present))
+	if (!((hv_isolation_type_snp() || hv_isolation_type_tdx())
+	    && !hyperv_paravisor_present))
 		apic_update_callback(wakeup_secondary_cpu_64, hv_vtl_wakeup_secondary_cpu);
 
 	return 0;
