diff --git a/Makefile.rhelver b/Makefile.rhelver
index 0ec7d56..439cc06 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 2
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 232
+RHEL_RELEASE = 233
 
 #
 # ZSTREAM
diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config
index 69188cd..1bd7e8b 100644
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@@ -2312,6 +2312,7 @@ CONFIG_INTEL_SDSI=m
 # CONFIG_INTEL_SOC_PMIC_CHTDC_TI is not set
 CONFIG_INTEL_SPEED_SELECT_INTERFACE=m
 # CONFIG_INTEL_TCC_COOLING is not set
+CONFIG_INTEL_TDX_GUEST=y
 CONFIG_INTEL_TH_ACPI=m
 # CONFIG_INTEL_TH_DEBUG is not set
 CONFIG_INTEL_TH_GTH=m
diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config
index 6100266..fd1fcbc 100644
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@@ -2296,6 +2296,7 @@ CONFIG_INTEL_SDSI=m
 # CONFIG_INTEL_SOC_PMIC_CHTDC_TI is not set
 CONFIG_INTEL_SPEED_SELECT_INTERFACE=m
 # CONFIG_INTEL_TCC_COOLING is not set
+CONFIG_INTEL_TDX_GUEST=y
 CONFIG_INTEL_TH_ACPI=m
 # CONFIG_INTEL_TH_DEBUG is not set
 CONFIG_INTEL_TH_GTH=m
diff --git a/kernel.spec b/kernel.spec
index 711272d..21209ae 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -119,15 +119,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 232
+%define pkgrelease 233
 %define kversion 5
-%define tarfile_release 5.14.0-232.el9
+%define tarfile_release 5.14.0-233.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 232%{?buildid}%{?dist}
+%define specrelease 233%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-232.el9
+%define kabiversion 5.14.0-233.el9
 
 #
 # End of genspec.sh variables
@@ -3110,6 +3110,61 @@ fi
 #
 #
 %changelog
+* Wed Jan 11 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-233.el9]
+- config: Enable TDX Guest (Wander Lairson Costa) [1955275]
+- x86/tdx: mark TDX as a preview (Wander Lairson Costa) [1955275]
+- x86/tdx: Panic on bad configs that #VE on "private" memory access (Wander Lairson Costa) [1955275]
+- x86/tdx: Prepare for using "INFO" call for a second purpose (Wander Lairson Costa) [1955275]
+- x86/tdx: Handle load_unaligned_zeropad() page-cross to a shared page (Wander Lairson Costa) [1955275]
+- x86/tdx: Clarify RIP adjustments in #VE handler (Wander Lairson Costa) [1955275]
+- swiotlb: merge swiotlb-xen initialization into swiotlb (Wander Lairson Costa) [1955275]
+- x86/kaslr: Fix build warning in KASLR code in boot stub (Wander Lairson Costa) [1955275]
+- x86/tdx: Fix early #VE handling (Wander Lairson Costa) [1955275]
+- x86/tdx: Fix RETs in TDX asm (Wander Lairson Costa) [1955275]
+- x86/tdx: Annotate a noreturn function (Wander Lairson Costa) [1955275]
+- x86/mm: Fix spacing within memory encryption features message (Wander Lairson Costa) [1955275]
+- x86/apic: Do apic driver probe for "nosmp" use case (Wander Lairson Costa) [1955275]
+- arm/xen: don't check for xen_initial_domain() in xen_create_contiguous_region (Wander Lairson Costa) [1955275]
+- tools arch x86: Sync the msr-index.h copy with the kernel sources (Wander Lairson Costa) [1955275]
+- x86/Kconfig: Only enable CONFIG_CC_HAS_IBT for clang >= 14.0.0 (Wander Lairson Costa) [1955275]
+- selftests/x86/iopl: Adjust to the faked iopl CLI/STI usage (Wander Lairson Costa) [1955275]
+- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (Wander Lairson Costa) [1955275]
+- x86/insn-eval: Handle insn_get_opcode() failure (Wander Lairson Costa) [1955275]
+- Documentation/x86: Document TDX kernel architecture (Wander Lairson Costa) [1955275]
+- ACPICA: Avoid cache flush inside virtual machines (Wander Lairson Costa) [1955275]
+- x86/tdx/ioapic: Add shared bit for IOAPIC base address (Wander Lairson Costa) [1955275]
+- x86/mm: Make DMA memory shared for TD guest (Wander Lairson Costa) [1955275]
+- x86/mm/cpa: Add support for TDX shared memory (Wander Lairson Costa) [1955275]
+- x86/tdx: Make pages shared in ioremap() (Wander Lairson Costa) [1955275]
+- x86/topology: Disable CPU online/offline control for TDX guests (Wander Lairson Costa) [1955275]
+- x86/boot: Avoid #VE during boot for TDX platforms (Wander Lairson Costa) [1955275]
+- x86/boot: Set CR0.NE early and keep it set during the boot (Wander Lairson Costa) [1955275]
+- x86/acpi/x86/boot: Add multiprocessor wake-up support (Wander Lairson Costa) [1955275]
+- x86/boot: Add a trampoline for booting APs via firmware handoff (Wander Lairson Costa) [1955275]
+- x86/tdx: Wire up KVM hypercalls (Wander Lairson Costa) [1955275]
+- x86/tdx: Port I/O: Add early boot support (Wander Lairson Costa) [1955275]
+- x86/tdx: Port I/O: Add runtime hypercalls (Wander Lairson Costa) [1955275]
+- x86/boot: Port I/O: Add decompression-time support for TDX (Wander Lairson Costa) [1955275]
+- x86/boot: Port I/O: Allow to hook up alternative helpers (Wander Lairson Costa) [1955275]
+- x86: Consolidate port I/O helpers (Wander Lairson Costa) [1955275]
+- x86: Adjust types used in port I/O helpers (Wander Lairson Costa) [1955275]
+- x86/tdx: Detect TDX at early kernel decompression time (Wander Lairson Costa) [1955275]
+- x86/tdx: Handle in-kernel MMIO (Wander Lairson Costa) [1955275]
+- x86/tdx: Handle CPUID via #VE (Wander Lairson Costa) [1955275]
+- x86/tdx: Add MSR support for TDX guests (Wander Lairson Costa) [1955275]
+- x86/tdx: Add HLT support for TDX guests (Wander Lairson Costa) [1955275]
+- x86/traps: Add #VE support for TDX guest (Wander Lairson Costa) [1955275]
+- x86/traps: Refactor exc_general_protection() (Wander Lairson Costa) [1955275]
+- x86/tdx: Exclude shared bit from __PHYSICAL_MASK (Wander Lairson Costa) [1955275]
+- x86/tdx: Extend the confidential computing API to support TDX guests (Wander Lairson Costa) [1955275]
+- x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions (Wander Lairson Costa) [1955275]
+- x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappers (Wander Lairson Costa) [1955275]
+- x86/tdx: Detect running as a TDX guest in early boot (Wander Lairson Costa) [1955275]
+- Documentation: Add x86/amd_hsmp driver (Wander Lairson Costa) [1955275]
+- x86/insn-eval: Introduce insn_decode_mmio() (Wander Lairson Costa) [1955275]
+- x86/insn-eval: Introduce insn_get_modrm_reg_ptr() (Wander Lairson Costa) [1955275]
+- x86/iopl: Fake iopl(3) CLI/STI usage (Wander Lairson Costa) [1955275]
+
 * Tue Jan 10 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-232.el9]
 - ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (David Arcari) [2158310]
 - ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (David Arcari) [2158310]
diff --git a/sources b/sources
index 1ea643f..78f7eef 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-232.el9.tar.xz) = 1cf539ee07006a97fb945122aa23b4f6851ee9639396f54f95a2e81660943758be317fd1ceb596adaa95542d8f3cfad570e13472aabc1b050a83afac008be440
-SHA512 (kernel-abi-stablelists-5.14.0-232.el9.tar.bz2) = 9268863fe2e6c9c5c4c72aa12db3dd7f0a81456c913f656221d1ead1271724b05e1c750b64268703d52899af47a1fca394dde7948510669188045ef2352fb3ef
-SHA512 (kernel-kabi-dw-5.14.0-232.el9.tar.bz2) = 6f730dd91b2f15b9d0b750831b15a549e86d1feedd75f429349cf0b941a2802fd3e2a7f6a8ea4018a5b0d07d5e074aa177800a9220c3b9e0fa2e0a85213038e6
+SHA512 (linux-5.14.0-233.el9.tar.xz) = 35dd61b4b1fd783fbf891734cb3a82723eb5716956f12838581f73263e94e3299f24a9175b0c985e34cd7d64cc7698a189488785678eebef53d4c65cfcd6ce88
+SHA512 (kernel-abi-stablelists-5.14.0-233.el9.tar.bz2) = c49a7885acde199a7b8395c3a46c56a1cbf08c575f56ba1f5450ce1dabd313c1b40b6cd93a78ae1b9a75893bf24b0f7054e3e20d197cbe7beb6de3535e7a71c4
+SHA512 (kernel-kabi-dw-5.14.0-233.el9.tar.bz2) = 8d21df149c3247b035c56a1bc032bba5beca785942db48e6b62263494bc3a722c329ced201a496f74930962d25ada959cf47917e6a99a17f7bc86e75b49c581f