On Wed, Mar 26, 2025 at 02:45:55AM +0000, Duan, Zhenzhong wrote:
>
>
> >-----Original Message-----
> >From: Daniel P. Berrangé <berra...@redhat.com>
> >Subject: Re: [PATCH rfcv4 05/13] conf: add tdx as launch security type
> >
> >On Fri, May 24, 2024 at 02:21:20PM +0800, Zhenzhong Duan wrote:
> >> When 'tdx' is used, the VM will launched with Intel TDX feature enabled.
> >> TDX feature supports running encrypted VM (Trust Domain, TD) under the
> >> control of KVM. A TD runs in a CPU model which protects the
> >> confidentiality of its memory and its CPU state from other software
> >>
> >> There is a child element 'policy' and three optional element for tdx type.
> >> In 'policy', bit 0 is set to enable TDX debug, bit 28 set to enable
> >> sept-ve-disable, other bits are reserved currently. mrConfigId, mrOwner
> >> and mrOwnerConfig are base64 encoded SHA384 digest.
> >>
> >> For example:
> >>
> >> <launchSecurity type='tdx'>
> >> <policy>0x10000001</policy>
> >> <mrConfigId>xxx</mrConfigId>
> >> <mrOwner>xxx</mrOwner>
> >> <mrOwnerConfig>xxx</mrOwnerConfig>
> >> </launchSecurity>
> >>
> >> Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com>
> >> ---
> >> src/conf/domain_conf.c | 42 +++++++++++++++++++++++++++++++
> >> src/conf/domain_conf.h | 9 +++++++
> >> src/conf/schemas/domaincommon.rng | 29 +++++++++++++++++++++
> >> src/conf/virconftypes.h | 2 ++
> >> src/qemu/qemu_command.c | 2 ++
> >> src/qemu/qemu_firmware.c | 1 +
> >> src/qemu/qemu_namespace.c | 1 +
> >> src/qemu/qemu_process.c | 1 +
> >> src/qemu/qemu_validate.c | 1 +
> >> 9 files changed, 88 insertions(+)
> >>
> >> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> >> index a0912062ff..c557da0c65 100644
> >> --- a/src/conf/domain_conf.c
> >> +++ b/src/conf/domain_conf.c
> >
> >
> >> @@ -13649,6 +13654,24 @@ virDomainSEVDefParseXML(virDomainSEVDef
> >*def,
> >> }
> >>
> >>
> >> +static int
> >> +virDomainTDXDefParseXML(virDomainTDXDef *def,
> >> + xmlXPathContextPtr ctxt)
> >> +{
> >> + if (virXPathULongLongBase("string(./policy)", ctxt, 16, &def->policy)
> >> < 0) {
> >> + virReportError(VIR_ERR_XML_ERROR, "%s",
> >> + _("failed to get launch security policy for launch
> >> security type
> >TDX"));
> >> + return -1;
> >> + }
> >
> >This makes the 'policy' attribute mandatory, but QEMU is quite happy
> >with it being unset, so we should not require this in libvirt either.
>
> Yes, but I am trying to align with SEV which has same issue.
> So aligning with SEV vs. making TDX's 'policy' optional, you prefer the 2nd?
> Pls confirm.
Yes, consistency is good. So if QEMU's sev/snp object lets policy be
optional, then we should make the same change in libvirt's SEV parsing
code too.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
