Skip to main content
Start a Conversation

Unsolved

S

scot239

1 Rookie

 • 

1 Message

45

June 30th, 2025 20:03

PowerEdge XE9680 TDX XFAM 0x0 Limitation - Need Microcode Update

Initial Question

Has full Intel TDX (Trust Domain Extensions) support been tested and validated for the PowerEdge XE9680 with Xeon Platinum 8580 processors? Specifically, does Dell's current firmware support XFAM (eXtended Features Available Mask) values beyond 0x0?

We're following NVIDIA's TDX deployment guide for confidential computing workloads but encountering limitations that suggest TDX may only be partially supported.

What We're Experiencing

We have a PowerEdge XE9680 with all Dell-documented TDX BIOS settings correctly configured, and TDX initializes successfully. However, QEMU fails to launch TDX VMs with the error:

qemu-system-x86_64: Invalid XFAM 0x3 for TDX VM (supported: 0x0)

This suggests our system only supports basic TDX features (XFAM 0x0) rather than the extended features (XFAM 0x3) needed for practical TDX workloads.

Current System Details

Hardware:

  • Model: PowerEdge XE9680 <Private data removed from public view DELL-Admin>
  • CPU: Intel Xeon Platinum 8580 (Emerald Rapids, 5th Gen)
  • BIOS Version: 2.6.3 (March 2025)
  • Current Microcode: 0x210002a9

TDX Status:

dmesg output shows:virt/tdx: BIOS enabled: private KeyID range [32, 64)virt/tdx: 4186100 KB allocated for PAMTvirt/tdx: module initialized

BIOS Configuration: All TDX settings configured per Dell documentation:

  • ✅ Memory Encryption: Multiple Keys
  • ✅ Global Memory Integrity: Disabled
  • ✅ Intel Trust Domain Extension (TDX): Enabled
  • ✅ TME-MT/TDX Key Split: 1 (non-zero)
  • ✅ TDX Secure Arbitration Mode Loader (SEAM): Enabled
  • ✅ Intel SGX: On
  • ✅ Node Interleaving: Disabled
  • ✅ x2APIC Mode: Enabled
  • ✅ CPU Physical Address Limit: Disabled

Our Investigation

Firmware Updates Attempted:

  • OS-level microcode update: No change (still 0x210002a9)
  • fwupdtool: Reports "No updates available for BIOS1"
  • UEFI capsule updates: Not available on this system

QEMU Analysis:

  • qemu-system-x86_64 -object tdx-guest,help returns "There are no options for tdx-guest"
  • Suggests limited TDX implementation in current firmware

Key Questions for Dell Community

  1. Is XFAM 0x3 support available for the XE9680 with current or newer firmware?

  2. Is microcode 0x210002a9 the latest for Xeon Platinum 8580 on this platform?

  3. Are there plans to release enhanced TDX firmware with broader XFAM support?

  4. Is this a known limitation during the early TDX rollout phase?

  5. Should we expect XFAM 0x0 to be sufficient for most TDX use cases, or is this a temporary restriction?

Business Context

We're implementing confidential computing infrastructure following industry best practices (NVIDIA's deployment guides) and need to understand whether current XE9680 firmware supports production TDX workloads or if we should expect enhanced firmware releases.

Any insights from Dell engineers or community members who have successfully deployed TDX VMs on similar platforms would be greatly appreciated!

Has anyone else encountered XFAM limitations on Dell 16G servers? What was your resolution path?

No Responses!

Was this post helpful?

View All

No Events found!

Top