Am 08.10.25 um 12:21 PM schrieb Fiona Ebner: > Am 04.10.25 um 3:23 PM schrieb Anton Iacobaeus: >> From: Philipp Giersfeld <[email protected]> >> >> This commit adds support for setting up an Intel TDX VM. A Intel TDX VM >> can be setup similar to AMD SEV but uses a different firmware image. >> >> Signed-off-by: Philipp Giersfeld <[email protected]> >> Signed-off-by: Anton Iacobaeus <[email protected]> > > Apart from a few nits, see below: > Reviewed-by: Fiona Ebner <[email protected]> >> @@ -3965,6 +3978,10 @@ sub config_to_command { >> if ($conf->{'amd-sev'}) { >> push @$devices, '-object', get_amd_sev_object($conf->{'amd-sev'}, >> $conf->{bios}); >> push @$machineFlags, 'confidential-guest-support=sev0'; >> + } elsif ($conf->{'intel-tdx'}) { >> + push @$devices, '-object', >> get_intel_tdx_object($conf->{'intel-tdx'}, $conf->{bios}); >> + push @$machineFlags, 'confidential-guest-support=tdx0'; >> + push @$machineFlags, 'kernel_irqchip=split';
One more thing I noticed/remembered: Don't we also need something like -device vhost-vsock-pci,guest-cid=3 for communication between QGS and TD VM like described in the docs: https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/05/host_os_setup/#setup-communication-path-between-qgs-and-td ? > > Nit: would be nice to have a comment describing the rationale behind the > kernel_irqchip option and/or a sentence in the commit message. > >> } >> >> PVE::QemuServer::Virtiofs::config($conf, $vmid, $devices); _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
