>-----Original Message----- >From: Daniel P. Berrangé <berra...@redhat.com> >Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation >Service(QGS) support > >On Wed, Jul 09, 2025 at 02:52:05AM +0000, Duan, Zhenzhong wrote: >> >> >> >-----Original Message----- >> >From: Daniel P. Berrangé <berra...@redhat.com> >> >Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation >> >Service(QGS) support >> > >> >On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote: >> >> Add element "quoteGenerationSocket" to tdx launch security type. >> >> It contains only an optional unix socket address attribute, >> >> when omitted, libvirt will use default QGS server address >> >> "/var/run/tdx-qgs/qgs.socket". >> >> >> >> UNIX sockets offer the required functionality with greater >> >> security than vsock, so libvirt only provides support for unix >> >> socket. >> >> >> >> XML example: >> >> >> >> <launchSecurity type='tdx'> >> >> <policy>0x0</policy> >> >> <mrConfigId>xxx</mrConfigId> >> >> <mrOwner>xxx</mrOwner> >> >> <mrOwnerConfig>xxx</mrOwnerConfig> >> >> <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/> >> > >> >Minor nitpick - lets call the element 'quoteGenerationService' >> >still. >> >> QAPI exposes quote-generation-socket, do we really want a different >name? > >Matching QAPI naming is a non-goal. The 'quote-generation-socket' >property at the QAPI level actually maps to the 'path' attribute >in the XML. The existence of the XML element, without any path >set, indicates a request to enable use of QGS, and that makes >more sense with a name 'quoteGenerationService' as there's no >socket being specified in that case.
Make sense. Thanks Zhenzhong
