Refactor tdx_guest_device and sev_guest_device (#1642)

Move all of the no_std bits in tdx_guest_device and sev_guest_device to
x86defs, leaving the *guest_device crates solely for Linux ioctls. This
removes the need for a `std` feature for tdx_guest_device -- notably,
openhcl_boot can now use these TDX bits without needing special no_std
handling.

Author: stunes-ms

Cargo.lock

@@ -4799,8 +4799,7 @@ dependencies = [
  "open_enum",
  "serde",
  "serde_json",
- "sev_guest_device",
- "tdx_guest_device",
+ "x86defs",
  "zerocopy 0.8.24",
 ]
 
@@ -4824,7 +4823,6 @@ dependencies = [
  "sha2",
  "sidecar_defs",
  "tdcall",
- "tdx_guest_device",
  "underhill_confidentiality",
  "x86defs",
  "zerocopy 0.8.24",
@@ -6384,10 +6382,10 @@ dependencies = [
 name = "sev_guest_device"
 version = "0.0.0"
 dependencies = [
- "bitfield-struct 0.10.1",
  "nix 0.27.1",
  "static_assertions",
  "thiserror 2.0.12",
+ "x86defs",
  "zerocopy 0.8.24",
 ]
 
@@ -6792,7 +6790,6 @@ version = "0.0.0"
 dependencies = [
  "hvdef",
  "memory_range",
- "tdx_guest_device",
  "thiserror 2.0.12",
  "tracing",
  "x86defs",
@@ -6802,10 +6799,9 @@ dependencies = [
 name = "tdx_guest_device"
 version = "0.0.0"
 dependencies = [
- "bitfield-struct 0.10.1",
  "nix 0.27.1",
- "static_assertions",
  "thiserror 2.0.12",
+ "x86defs",
  "zerocopy 0.8.24",
 ]
 
@@ -6817,6 +6813,7 @@ dependencies = [
  "static_assertions",
  "tdx_guest_device",
  "thiserror 2.0.12",
+ "x86defs",
  "zerocopy 0.8.24",
 ]
 
@@ -9766,6 +9763,7 @@ dependencies = [
  "arbitrary",
  "bitfield-struct 0.10.1",
  "open_enum",
+ "static_assertions",
  "zerocopy 0.8.24",
 ]
 

openhcl/openhcl_attestation_protocol/Cargo.toml

@@ -10,8 +10,7 @@ rust-version.workspace = true
 open_enum.workspace = true
 guid.workspace = true
 mesh.workspace = true
-sev_guest_device.workspace = true
-tdx_guest_device = { workspace = true, features = ["std"] }
+x86defs.workspace = true
 
 base64.workspace = true
 base64-serde.workspace = true

openhcl/openhcl_attestation_protocol/src/igvm_attest/get.rs

@@ -18,8 +18,8 @@ const ATTESTATION_SIGNATURE: u32 = 0x414c4348; // 'HCLA'
 const ATTESTATION_REPORT_SIZE_MAX: usize = SNP_VM_REPORT_SIZE;
 
 pub const VBS_VM_REPORT_SIZE: usize = 0x230;
-pub const SNP_VM_REPORT_SIZE: usize = sev_guest_device::protocol::SNP_REPORT_SIZE;
-pub const TDX_VM_REPORT_SIZE: usize = tdx_guest_device::protocol::TDX_REPORT_SIZE;
+pub const SNP_VM_REPORT_SIZE: usize = x86defs::snp::SNP_REPORT_SIZE;
+pub const TDX_VM_REPORT_SIZE: usize = x86defs::tdx::TDX_REPORT_SIZE;
 /// No TEE attestation report for TVM
 pub const TVM_REPORT_SIZE: usize = 0;
 

openhcl/openhcl_boot/Cargo.toml

@@ -30,7 +30,6 @@ zerocopy.workspace = true
 [target.'cfg(target_arch = "x86_64")'.dependencies]
 safe_intrinsics.workspace = true
 tdcall.workspace = true
-tdx_guest_device.workspace = true
 x86defs.workspace = true
 
 [build-dependencies]

openhcl/openhcl_boot/src/arch/x86_64/tdx.rs

@@ -20,10 +20,10 @@ use tdcall::TdcallOutput;
 use tdcall::tdcall_hypercall;
 use tdcall::tdcall_map_gpa;
 use tdcall::tdcall_wrmsr;
-use tdx_guest_device::protocol::TdReport;
 use x86defs::X64_LARGE_PAGE_SIZE;
 use x86defs::tdx::RESET_VECTOR_PAGE;
 use x86defs::tdx::TdCallResult;
+use x86defs::tdx::TdReport;
 use x86defs::tdx::TdVmCallR10Result;
 
 /// Writes a synthehtic register to tell the hypervisor the OS ID for the boot shim.

openhcl/openhcl_boot/src/main.rs

@@ -632,7 +632,7 @@ fn get_hw_debug_bit(isolation: IsolationType) -> bool {
     match isolation {
         #[cfg(target_arch = "x86_64")]
         IsolationType::Tdx => {
-            use tdx_guest_device::protocol::TdReport;
+            use x86defs::tdx::TdReport;
 
             use crate::arch::tdx::get_tdreport;
 

support/sev_guest_device/Cargo.toml

@@ -7,12 +7,12 @@ edition.workspace = true
 rust-version.workspace = true
 
 [dependencies]
-bitfield-struct.workspace = true
 static_assertions.workspace = true
 zerocopy.workspace = true
 [target.'cfg(target_os = "linux")'.dependencies]
 nix = { workspace = true, features = ["ioctl"] }
 thiserror.workspace = true
+x86defs.workspace = true
 
 [lints]
 workspace = true