RE: [PATCH rfcv4 06/13] qemu: Add command line and validation for TDX type

Tue, 01 Apr 2025 22:57:51 -0700 


>-----Original Message-----
>From: Jim Fehlig <jfeh...@suse.com>
>Subject: Re: [PATCH rfcv4 06/13] qemu: Add command line and validation for TDX
>type
>
>On 5/24/24 00:21, Zhenzhong Duan wrote:
>> QEMU will provides 'tdx-guest' object which is used to launch encrypted
>> VMs on Intel platform using TDX feature.
>>
>> Command line looks like:
>> $QEMU ... \
>>    -object '{"qom-type":"tdx-guest","id":"lsec0","debug":true,"sept-ve-
>disable":false,"mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx"}' \
>>    -machine pc-q35-6.0,confidential-guest-support=lsec0
>>
>> Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com>
>> ---
>>   src/conf/domain_conf.h   |  5 +++++
>>   src/qemu/qemu_command.c  | 31 +++++++++++++++++++++++++++++++
>>   src/qemu/qemu_validate.c | 11 +++++++++++
>>   3 files changed, 47 insertions(+)
>>
>> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
>> index 7882b7a75d..bb4973fce8 100644
>> --- a/src/conf/domain_conf.h
>> +++ b/src/conf/domain_conf.h
>> @@ -2880,6 +2880,11 @@ struct _virDomainTDXDef {
>>       char *mrownerconfig;
>>   };
>>
>> +#define VIR_DOMAIN_TDX_POLICY_DEBUG              0x1
>> +#define VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE    0x10000000
>> +#define VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK
>(VIR_DOMAIN_TDX_POLICY_DEBUG | \
>> +                                                  
>> VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE)
>> +
>>   struct _virDomainSecDef {
>>       virDomainLaunchSecurity sectype;
>>       union {
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index dde2d5fa01..d212d80038 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -9745,6 +9745,36 @@ qemuBuildPVCommandLine(virDomainObj *vm,
>virCommand *cmd)
>>   }
>>
>>
>> +static int
>> +qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
>> +                        virDomainTDXDef *tdx)
>> +{
>> +    g_autoptr(virJSONValue) props = NULL;
>> +    qemuDomainObjPrivate *priv = vm->privateData;
>> +    bool sept_ve_disable = tdx->policy &
>VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE;
>> +
>> +    VIR_DEBUG("policy=0x%llx", tdx->policy);
>> +
>> +    if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0",
>> +                                     "B:debug", !!(tdx->policy &
>VIR_DOMAIN_TDX_POLICY_DEBUG),
>
>I recall Daniel suggesting a change to the QAPI for this field. It appears his
>suggestion was incorporated in V7 of the QEMU patches, where this field is now
>named 'attributes' and typed as uint64
>
>https://mail.gnu.org/archive/html/qemu-devel/2025-01/msg04476.html

Yes, corresponding change is also added in 
https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_v1.wip/

Thanks
Zhenzhong

Reply via email to