This release brings feature additions including foundational support for Intel Trust Domain Extensions (TDX), new emulated devices for firmware boot, and bug fixes and refactorings.
New Features
- Intel TDX Support: Alioth now provides basic support for booting Intel TDX confidential virtual machines.
- Added userspace emulation for the IOAPIC, required by TDX guests to enable KVM_CAP_SPLIT_IRQCHIP.
- Preparation for supporting UEFI boot on x86:
- Added an emulated CMOS and an ACPI power management timer for x86.
- Added a
fw_dbgdevice to capture firmware logs. - Included CPU count and memory size in
fw_cfg. - Corrected
fw_cfgACPI table checksum calculation by clearing checksum fields before computation. - MMIO reads from unmapped addresses now correctly return all-ones.
Bug Fixes and Refactorings
- VFIO:
- Dynamically allocate buffers for PCI configuration space, resolving an
EFAULTerror when reading device configs. - Conditionally reset devices based on device flags.
- Dynamically allocate buffers for PCI configuration space, resolving an
- Confidential Computing (AMD SEV-SNP):
- Verified the firmware's SEV metadata signature.
- Explicitly enabled the
MAP_GPA_RANGEhypercall for SNP. - Added unknown descriptors as zero pages for SNP and removed unsupported CPUID features.
- Filtered out empty KVM CPUID entries and checked the SEV error code in
kvm_memory_encrypt_op.
- Console: Abstracted the I/O backend using a new
Consoletrait, decoupling the console worker from hardcoded stdio logic. - Others:
- Added tests for PL031 RTC and PL011 UART.
- Prevented log spam originating from virtio split queues
- Preserved the lower bits of
addr_hiduring MSI address translation in KVM.
Documentation & Infrastructure
- Documentation: Added instructions for running Intel-TDX.
- Dependencies & Tooling:
- Upgraded workspace
Cargo.tomlresolver to V3 and removed deprecatedauthorsfields. - Bumped various dependencies.
- Upgraded workspace