On Mon, Jun 30, 2025 at 02:17:32PM +0800, Zhenzhong Duan wrote: > Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com> > --- > docs/formatdomain.rst | 63 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 63 insertions(+) > > diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst > index 9a2f065590..5acebefec0 100644 > --- a/docs/formatdomain.rst > +++ b/docs/formatdomain.rst > @@ -9528,6 +9528,69 @@ The ``<launchSecurity/>`` element then accepts the > following child elements: > the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. > > > +The contents of the ``<launchSecurity type='tdx'>`` element is used to > provide > +the guest owners input used for creating an encrypted VM using the Intel TDX > +(Trusted Domain eXtensions). Intel TDX refers to an Intel technology that > +extends Virtual Machine Extensions (VMX) and Multi-Key Total Memory > Encryption > +(MKTME) with a new kind of virtual machine guest called a Trust Domain (TD). > +A TD runs in a CPU mode that is designed to protect the confidentiality of > its > +memory contents and its CPU state from any other software, including the > hosting > +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. > +Example configuration: > + > +:: > + > + <domain> > + ... > + <launchSecurity type='tdx'> > + <policy>0x10000001</policy> > + <mrConfigId>xxx</mrConfigId> > + <mrOwner>xxx</mrOwner> > + <mrOwnerConfig>xxx</mrOwnerConfig> > + <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/> > + </launchSecurity> > + ... > + </domain> > + > +``policy`` > + The optional ``policy`` element provides the guest TD attributes which is > + passed by the host VMM as a guest TD initialization parameter as part of > + TD_PARAMS, it exactly matches the definition of TD_PARAMS.ATTRIBUTES in > + (Intel TDX Module Spec Table 22.2: ATTRIBUTES Definition). It is reported > + to the guest TD by TDG.VP.INFO and as part of TDREPORT_STRUCT returned by > + TDG.MR.REPORT. The guest policy is 64bit unsigned with the fields shown > + in Table: > + > + ====== > ==================================================================================== > + Bit(s) Description > + ====== > ==================================================================================== > + 0 Guest TD runs in off-TD debug mode when set > + 1:27 reserved > + 28 Disable EPT violation conversion to #VE on guest TD access of > PENDING pages when set > + 29:63 reserved > + ====== > ==================================================================================== > + > +``mrConfigId`` > + The optional ``mrConfigId`` element provides ID for non-owner-defined > + configuration of the guest TD, e.g., run-time or OS configuration > + (base64 encoded SHA384 digest). > + > +``@mrowner`` > + The optional ``@mrowner`` element provides ID for the guest TD’s owner
s/mrowner/mrOwner/ > + (base64 encoded SHA384 digest). > + > +``mrownerconfig`` > + The optional ``mrownerconfig`` element provides ID for owner-defined s/mrownerconfig/mrOwnerConfig/ > + configuration of the guest TD, e.g., specific to the workload rather than > + the run-time or OS (base64 encoded SHA384 digest). > + > +``quoteGenerationSocket`` > + The optional ``quoteGenerationSocket`` subelement provides Quote > Generation s/quoteGenerationSocket/quoteGenerationService/ > + Service(QGS) daemon socket address configuration. It includes an optional > + ``path`` attribute to determine the UNIX socket address, when omitted, > + ``/var/run/tdx-qgs/qgs.socket`` is used as default. User in TD guest > cannot > + get TD quoting for attestation if this subelement is not provided. > + > Example configs > =============== > > -- > 2.34.1 > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
