# TDX Module In preparation for the loading process of the Intel TDX Module it needs to be ensured that the platform has been configured correctly. As the platform configuration is the job of the BIOS/UEFI, which is untrusted in TDX and SGX Intel developed a piece of firmware named MCHECK which checks these parameters during the initialization process. The parameters which are checked by MCHECK are for example the configuration of the Convertible Memory Ranges, the configuration of memory encryption or the configuration of the ECC memory. The MCHECK routine is embedded into the microcode of the CPU and therefore signed and encrypted by Intel. The loading process commences with the execution of the Intel Non-Persistent SEAM Loader (NP-SEAM Loader), an Intel Authenticated Code Module (ACM). ACMs are Intel-signed modules that operate within the processor's internal RAM. The NP-SEAM Loader is authenticated and loaded by the Intel Trusted Execution Technology (TXT) via the GETSEC\[ENTERACCS] function. SEAM Memory Layout Inside the NP-SEAM Loader resides the image of the Intel Persistent SEAM Loader (P-SEAM Loader), which is verified and loaded by the NP-SEAM Loader itself. The responsibility of installing or updating the TDX Module lies with the P-SEAM Loader. I want to emphasize that the P-SEAM Loader and the TDX Module are loaded into the SEAM RANGE, a dedicated portion of system memory reserved through UEFI/BIOS. The IA32\_SEAMRR\_PHYS\_BASE and IA32\_SEAMRR\_PHYS\_MASK MSRs specify this range's base address and size. The SEAM RANGE is divided into Module\_Range for the TDX Module and P\_SEAMLDR\_Range for the P-SEAM Loader. Both modules operate in the SEAM VMX root mode and utilize SEAMCALL / SEAMRET instructions to interact with external software. The NP-SEAM Loader, P-SEAM Loader, and TDX Module are all provided and signed by Intel, establishing a chain of trust to bootstrap the TDX Module. The P-SEAM Loader offers a SEAMCALL interface function named seamldr\_install for loading the TDX Module. The TDX Module's image is pre-loaded into a memory buffer (located outside the SEAM RANGE). The buffer's physical addresses and a seam\_sigstruct (signature of the TDX Module) are passed as parameters to seamldr\_install. The seam\_sigstruct contains the hash value and the Security Version Number (SVN) of the TDX Module, as well as the counts of per-Logical Processor (LP) stack pages, per-LP data pages, and global data pages. These values are used by seamldr\_install to determine the physical/linear addresses and sizes of various memory regions in the TDX Module. seamldr\_install must be called on all Logical Processors (LPs) serially. When seamldr\_install is invoked on the first LP, an installation session commences. On each subsequent LP, seamldr\_install checks that the LP is not already in an installation session (initiated by another LP) and clears the LP's VMCS (Virtual Machine Control Structure) cache. Upon calling seamldr\_install on the last LP, the following actions are performed: 1. Check the parameters provided to seamldr\_install. 2. Verify the signature of the TDX Module. 3. Check the SVN of the to-be-loaded image and compare it with the resident TDX Module. 4. Determine the physical and linear addresses and sizes of various memory regions within the SEAM RANGE, including code, data, stack, page table, sysinfo\_table, keyhole, and keyhole-edit. 5. Map the physical addresses of these regions to their corresponding linear addresses. 6. Load the binary image of the TDX Module into the SEAM RANGE, measuring the image and computing/verifying the TDX Module's hash value. 7. Set up the TDX Module's sysinfo\_table. 8. Establish SEAM Transfer VMCS on each LP. 9. Record the TDX Module's hash and SVN in the P-SEAM Loader's data region. In addition to the SEAMCALL used for installing the TDX Module, the P-SEAM Loader provides other interface functions to shut itself down and retrieve the loader's system information. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-tdx/technology/fundamentals/architecture/tdx-module.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.