Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data

Tue, 08 Jul 2025 05:47:00 -0700 

On Fri, Jul 04, 2025 at 03:10:11AM +0000, Duan, Zhenzhong wrote:
> 
> 
> >-----Original Message-----
> >From: Daniel P. Berrangé <berra...@redhat.com>
> >Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of
> >'launch-security-tdx*' test data
> >
> >On Mon, Jun 30, 2025 at 02:17:31PM +0800, Zhenzhong Duan wrote:
> >> We now have the '+inteltdx' variant dumped from a modern qemu with tdx
> >support,
> >> add qemuxmlconftest data for that variant.
> >>
> >> Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com>
> >> ---
> >>  ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++++++++++
> >>  ...ch-security-tdx.x86_64-latest+inteltdx.xml | 74 +++++++++++++++++++
> >>  tests/qemuxmlconfdata/launch-security-tdx.xml | 27 +++++++
> >>  tests/qemuxmlconftest.c                       |  3 +
> >>  4 files changed, 148 insertions(+)
> >>  create mode 100644
> >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args
> >>  create mode 100644
> >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >>  create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml
> >
> >
> >> diff --git
> >a/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >> new file mode 100644
> >> index 0000000000..77fada7408
> >> --- /dev/null
> >> +++
> >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >> @@ -0,0 +1,74 @@
> >> +<domain type='qemu'>
> >
> >> +  <launchSecurity type='tdx'>
> >> +    <policy>0x1</policy>
> >> +
> ><mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN
> >7wEjRWeJq83v</mrConfigId>
> >> +
> ><mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7
> >wEjRWeJq83v</mrOwner>
> >> +
> ><mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vni
> >avN7wEjRWeJq83v</mrOwnerConfig>
> >> +  </launchSecurity>
> >
> >Can you extend this to include the QGS config too.
> 
> Got it, have done it internally, look forward to more comments.

Also, IIUC, policy 0x1 is not valid - can you make it use 0x10000000
which seems to be valid with KVM.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to