x86/hyperv/vtl: Use the wakeup mailbox to boot secondary CPUs

ricardon · ricardon · commit 04a67e5ec5a9 · 2025-11-19T09:37:00.000-08:00
The hypervisor is an untrusted entity for TDX guests. It cannot be used
to boot secondary CPUs. The function hv_vtl_wakeup_secondary_cpu() cannot
be used.

Instead, the virtual firmware boots the secondary CPUs and places them in
a state to transfer control to the kernel using the wakeup mailbox. The
firmware enumerates the mailbox via either an ACPI table or a DeviceTree
node.

If the wakeup mailbox is present, the kernel updates the APIC callback
wakeup_secondary_cpu_64() to use it.

Reviewed-by: Dexuan Cui &lt;decui@microsoft.com&gt;
Reviewed-by: Michael Kelley &lt;mhklinux@outlook.com&gt;
Signed-off-by: Ricardo Neri &lt;ricardo.neri-calderon@linux.intel.com&gt;
diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c
@@ -280,7 +280,8 @@ int __init hv_vtl_early_init(void)
 	 * Otherwise, use an enlightened path since SIPI is not
 	 * available for VTL2.
 	 */
-	if (!(hv_isolation_type_snp() && !hyperv_paravisor_present))
+	if (!((hv_isolation_type_snp() || hv_isolation_type_tdx()) &&
+	      !hyperv_paravisor_present))
 		apic_update_callback(wakeup_secondary_cpu_64, hv_vtl_wakeup_secondary_cpu);
 
 	return 0;
