From dd397ff1bf9518dfcf79459b121e88dbf4742c0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 11:00:36 +0200
Subject: [PATCH 1/3] versions: Bump QEMU TDX version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's use the latest tag provided in the
"https://github.com/intel/qemu-dcp" repo, "SPR-BKC-QEMU-v2.5".

Fixes: #4802

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 versions.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions.yaml b/versions.yaml
index 075b7e0070..d964cac7c0 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -101,7 +101,7 @@ assets:
       tdx:
         description: "VMM that uses KVM and supports TDX"
         url: "https://github.com/intel/qemu-dcp"
-        tag: "SPR-BKC-QEMU-v2.2"
+        tag: "SPR-BKC-QEMU-v2.5"
 
     qemu-experimental:
       description: "QEMU with virtiofs support"

From c9358155a26cd2491431a2b96aba2c93b50ed8f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 11:56:18 +0200
Subject: [PATCH 2/3] kernel: Sort the TDX configs alphabetically
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's just re-order the TDX configs alphabetically. No new config has
been added or removed, thus no need to bump the kernel version.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 .../kernel/configs/fragments/x86_64/tdx/tdx.conf     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf
index a363ec6b6e..9239aeecdc 100644
--- a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf
+++ b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf
@@ -1,13 +1,13 @@
 # Intel Trust Domain Extensions (Intel TDX)
 
+CONFIG_CLK_LGM_CGU=y
+CONFIG_DMA_RESTRICTED_POOL=y
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
-CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
-CONFIG_INTEL_TDX_GUEST=y
 CONFIG_INTEL_TDX_FIXES=y
-CONFIG_X86_MEM_ENCRYPT_COMMON=y
-CONFIG_X86_5LEVEL=y
+CONFIG_INTEL_TDX_GUEST=y
 CONFIG_OF=y
-CONFIG_CLK_LGM_CGU=y
 CONFIG_OF_RESERVED_MEM=y
-CONFIG_DMA_RESTRICTED_POOL=y
+CONFIG_X86_5LEVEL=y
+CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
+CONFIG_X86_MEM_ENCRYPT_COMMON=y

From 9972487f6e1a1ffd27c6f3e013d60efa4a3a2859 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 11:58:34 +0200
Subject: [PATCH 3/3] versions: Bump Kernel TDX version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The latest kernel with TDX support should be pulled from a different
repo (https://github.com/intel/linux-kernel-dcp, instead of
https://github.com/intel/tdx), and the latest version to be used is
SPR-BKC-PC-v9.6.

With the new version being used, let's make sure we enable the
INTEL_TDX_ATTESTATION config option, and all the dependencies needed to
do so.

Fixes: #4803

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf | 4 ++++
 tools/packaging/kernel/kata_config_version                   | 2 +-
 versions.yaml                                                | 4 ++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf
index 9239aeecdc..1b1f8751ef 100644
--- a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf
+++ b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf
@@ -4,6 +4,8 @@ CONFIG_CLK_LGM_CGU=y
 CONFIG_DMA_RESTRICTED_POOL=y
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
+CONFIG_INTEL_IOMMU_SVM=y
+CONFIG_INTEL_TDX_ATTESTATION=y
 CONFIG_INTEL_TDX_FIXES=y
 CONFIG_INTEL_TDX_GUEST=y
 CONFIG_OF=y
@@ -11,3 +13,5 @@ CONFIG_OF_RESERVED_MEM=y
 CONFIG_X86_5LEVEL=y
 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_MEM_ENCRYPT_COMMON=y
+CONFIG_X86_PLATFORM_DEVICES=y
+CONFIG_X86_PLATFORM_DRIVERS_INTEL=y
diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version
index c67f579c9a..49541f7210 100644
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@@ -1 +1 @@
-93
+94
diff --git a/versions.yaml b/versions.yaml
index d964cac7c0..306e058e97 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -156,8 +156,8 @@ assets:
     version: "v5.15.48"
     tdx:
       description: "Linux kernel that supports TDX"
-      url: "https://github.com/intel/tdx/archive/refs/tags"
-      tag: "tdx-guest-v5.15-4"
+      url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags"
+      tag: "SPR-BKC-PC-v9.6"
     sev:
       description: "Linux kernel with efi_secret support"
       url: "https://github.com/confidential-containers-demo/\