>-----Original Message-----
>From: Daniel P. Berrangé <berra...@redhat.com>
>Subject: Re: [PATCH rfcv4 05/13] conf: add tdx as launch security type
>
>On Wed, Mar 26, 2025 at 02:45:55AM +0000, Duan, Zhenzhong wrote:
>>
>>
>> >-----Original Message-----
>> >From: Daniel P. Berrangé <berra...@redhat.com>
>> >Subject: Re: [PATCH rfcv4 05/13] conf: add tdx as launch security type
>> >
>> >On Fri, May 24, 2024 at 02:21:20PM +0800, Zhenzhong Duan wrote:
>> >> When 'tdx' is used, the VM will launched with Intel TDX feature enabled.
>> >> TDX feature supports running encrypted VM (Trust Domain, TD) under the
>> >> control of KVM. A TD runs in a CPU model which protects the
>> >> confidentiality of its memory and its CPU state from other software
>> >>
>> >> There is a child element 'policy' and three optional element for tdx type.
>> >> In 'policy', bit 0 is set to enable TDX debug, bit 28 set to enable
>> >> sept-ve-disable, other bits are reserved currently. mrConfigId, mrOwner
>> >> and mrOwnerConfig are base64 encoded SHA384 digest.
>> >>
>> >> For example:
>> >>
>> >> <launchSecurity type='tdx'>
>> >> <policy>0x10000001</policy>
>> >> <mrConfigId>xxx</mrConfigId>
>> >> <mrOwner>xxx</mrOwner>
>> >> <mrOwnerConfig>xxx</mrOwnerConfig>
>> >> </launchSecurity>
>> >>
>> >> Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com>
>> >> ---
>> >> src/conf/domain_conf.c | 42 +++++++++++++++++++++++++++++++
>> >> src/conf/domain_conf.h | 9 +++++++
>> >> src/conf/schemas/domaincommon.rng | 29 +++++++++++++++++++++
>> >> src/conf/virconftypes.h | 2 ++
>> >> src/qemu/qemu_command.c | 2 ++
>> >> src/qemu/qemu_firmware.c | 1 +
>> >> src/qemu/qemu_namespace.c | 1 +
>> >> src/qemu/qemu_process.c | 1 +
>> >> src/qemu/qemu_validate.c | 1 +
>> >> 9 files changed, 88 insertions(+)
>> >>
>> >> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> >> index a0912062ff..c557da0c65 100644
>> >> --- a/src/conf/domain_conf.c
>> >> +++ b/src/conf/domain_conf.c
>> >
>> >
>> >> @@ -13649,6 +13654,24 @@ virDomainSEVDefParseXML(virDomainSEVDef
>> >*def,
>> >> }
>> >>
>> >>
>> >> +static int
>> >> +virDomainTDXDefParseXML(virDomainTDXDef *def,
>> >> + xmlXPathContextPtr ctxt)
>> >> +{
>> >> + if (virXPathULongLongBase("string(./policy)", ctxt, 16,
>> >> &def->policy) < 0) {
>> >> + virReportError(VIR_ERR_XML_ERROR, "%s",
>> >> + _("failed to get launch security policy for
>> >> launch security type
>> >TDX"));
>> >> + return -1;
>> >> + }
>> >
>> >This makes the 'policy' attribute mandatory, but QEMU is quite happy
>> >with it being unset, so we should not require this in libvirt either.
>>
>> Yes, but I am trying to align with SEV which has same issue.
>> So aligning with SEV vs. making TDX's 'policy' optional, you prefer the 2nd?
>> Pls
>confirm.
>
>Yes, consistency is good. So if QEMU's sev/snp object lets policy be
>optional, then we should make the same change in libvirt's SEV parsing
>code too.
Got it, will do.
Thanks
Zhenzhong
