On Fri, Jul 04, 2025 at 03:10:11AM +0000, Duan, Zhenzhong wrote: > > > >-----Original Message----- > >From: Daniel P. Berrangé <berra...@redhat.com> > >Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of > >'launch-security-tdx*' test data > > > >On Mon, Jun 30, 2025 at 02:17:31PM +0800, Zhenzhong Duan wrote: > >> We now have the '+inteltdx' variant dumped from a modern qemu with tdx > >support, > >> add qemuxmlconftest data for that variant. > >> > >> Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com> > >> --- > >> ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++++++++++ > >> ...ch-security-tdx.x86_64-latest+inteltdx.xml | 74 +++++++++++++++++++ > >> tests/qemuxmlconfdata/launch-security-tdx.xml | 27 +++++++ > >> tests/qemuxmlconftest.c | 3 + > >> 4 files changed, 148 insertions(+) > >> create mode 100644 > >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args > >> create mode 100644 > >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml > >> create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml > > > > > >> diff --git > >a/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml > >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml > >> new file mode 100644 > >> index 0000000000..77fada7408 > >> --- /dev/null > >> +++ > >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml > >> @@ -0,0 +1,74 @@ > >> +<domain type='qemu'> > > > >> + <launchSecurity type='tdx'> > >> + <policy>0x1</policy> > >> + > ><mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN > >7wEjRWeJq83v</mrConfigId> > >> + > ><mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7 > >wEjRWeJq83v</mrOwner> > >> + > ><mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vni > >avN7wEjRWeJq83v</mrOwnerConfig> > >> + </launchSecurity> > > > >Can you extend this to include the QGS config too. > > Got it, have done it internally, look forward to more comments.
Also, IIUC, policy 0x1 is not valid - can you make it use 0x10000000 which seems to be valid with KVM. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|