>-----Original Message----- >From: Daniel P. Berrangé <berra...@redhat.com> >Subject: Re: [PATCH v3 21/21] docs: domain: Add documentation for Intel >TDX guest > >On Mon, Jun 30, 2025 at 02:17:32PM +0800, Zhenzhong Duan wrote: >> Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com> >> --- >> docs/formatdomain.rst | 63 >+++++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 63 insertions(+) >> >> diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst >> index 9a2f065590..5acebefec0 100644 >> --- a/docs/formatdomain.rst >> +++ b/docs/formatdomain.rst >> @@ -9528,6 +9528,69 @@ The ``<launchSecurity/>`` element then accepts >the following child elements: >> the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. >> >> >> +The contents of the ``<launchSecurity type='tdx'>`` element is used to >provide >> +the guest owners input used for creating an encrypted VM using the Intel >TDX >> +(Trusted Domain eXtensions). Intel TDX refers to an Intel technology that >> +extends Virtual Machine Extensions (VMX) and Multi-Key Total Memory >Encryption >> +(MKTME) with a new kind of virtual machine guest called a Trust Domain >(TD). >> +A TD runs in a CPU mode that is designed to protect the confidentiality of >its >> +memory contents and its CPU state from any other software, including the >hosting >> +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. >> +Example configuration: >> + >> +:: >> + >> + <domain> >> + ... >> + <launchSecurity type='tdx'> >> + <policy>0x10000001</policy> >> + <mrConfigId>xxx</mrConfigId> >> + <mrOwner>xxx</mrOwner> >> + <mrOwnerConfig>xxx</mrOwnerConfig> >> + <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/> >> + </launchSecurity> >> + ... >> + </domain> >> + >> +``policy`` >> + The optional ``policy`` element provides the guest TD attributes which >is >> + passed by the host VMM as a guest TD initialization parameter as part >of >> + TD_PARAMS, it exactly matches the definition of >TD_PARAMS.ATTRIBUTES in >> + (Intel TDX Module Spec Table 22.2: ATTRIBUTES Definition). It is >reported >> + to the guest TD by TDG.VP.INFO and as part of TDREPORT_STRUCT >returned by >> + TDG.MR.REPORT. The guest policy is 64bit unsigned with the fields >shown >> + in Table: >> + >> + ====== >=============================================================== >===================== >> + Bit(s) Description >> + ====== >=============================================================== >===================== >> + 0 Guest TD runs in off-TD debug mode when set >> + 1:27 reserved >> + 28 Disable EPT violation conversion to #VE on guest TD access of >PENDING pages when set >> + 29:63 reserved >> + ====== >=============================================================== >===================== >> + >> +``mrConfigId`` >> + The optional ``mrConfigId`` element provides ID for non-owner-defined >> + configuration of the guest TD, e.g., run-time or OS configuration >> + (base64 encoded SHA384 digest). >> + >> +``@mrowner`` >> + The optional ``@mrowner`` element provides ID for the guest TD’s >owner > >s/mrowner/mrOwner/ > >> + (base64 encoded SHA384 digest). >> + >> +``mrownerconfig`` >> + The optional ``mrownerconfig`` element provides ID for owner-defined > >s/mrownerconfig/mrOwnerConfig/ > >> + configuration of the guest TD, e.g., specific to the workload rather >than >> + the run-time or OS (base64 encoded SHA384 digest). >> + >> +``quoteGenerationSocket`` >> + The optional ``quoteGenerationSocket`` subelement provides Quote >Generation > >s/quoteGenerationSocket/quoteGenerationService/
Fixed above, thanks Zhenzhong
