On 6/23/25 09:03, Xiaoyao Li wrote:
On 6/23/2025 2:43 PM, Cédric Le Goater wrote:
Hello,
On 6/20/25 18:40, Paolo Bonzini wrote:
From: Isaku Yamahata <isaku.yamah...@intel.com>
Add property "quote-generation-socket" to tdx-guest, which is a property
of type SocketAddress to specify Quote Generation Service(QGS).
On request of GetQuote, it connects to the QGS socket, read request
data from shared guest memory, send the request data to the QGS,
and store the response into shared guest memory, at last notify
TD guest by interrupt.
command line example:
qemu-system-x86_64 \
-object '{"qom-type":"tdx-guest","id":"tdx0","quote-generation- socket":{"type":"unix",
"path":"/var/run/tdx-qgs/qgs.socket"}}' \
-machine confidential-guest-support=tdx0
Note, above example uses the unix socket. It can be other types, like vsock,
which depends on the implementation of QGS.
To avoid no response from QGS server, setup a timer for the transaction.
If timeout, make it an error and interrupt guest. Define the threshold of
time to 30s at present, maybe change to other value if not appropriate.
Signed-off-by: Isaku Yamahata <isaku.yamah...@intel.com>
Co-developed-by: Chenyi Qiang <chenyi.qi...@intel.com>
Signed-off-by: Chenyi Qiang <chenyi.qi...@intel.com>
Co-developed-by: Xiaoyao Li <xiaoyao...@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao...@intel.com>
Tested-by: Xiaoyao Li <xiaoyao...@intel.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
qapi/qom.json | 8 +-
target/i386/kvm/tdx-quote-generator.h | 82 +++++++
target/i386/kvm/tdx.h | 10 +
target/i386/kvm/kvm.c | 3 +
target/i386/kvm/tdx-quote-generator.c | 300 ++++++++++++++++++++++++++
target/i386/kvm/tdx-stub.c | 4 +
target/i386/kvm/tdx.c | 176 ++++++++++++++-
target/i386/kvm/meson.build | 2 +-
8 files changed, 582 insertions(+), 3 deletions(-)
create mode 100644 target/i386/kvm/tdx-quote-generator.h
create mode 100644 target/i386/kvm/tdx-quote-generator.c
These changes broke the build on 32-bit host.
Could you please send a patch to avoid compiling TDX in such environment ?
Paolo is on vacation.
> I would like to help, but I don't have 32-bit host environment on hand. Do
you know how to set up such environment quickly? (I tried to set up within a
32-bit VM but the 32-bit OS is too old and I didn't get it work to install the
required package for building QEMU)
debian should work fine :
$ uname -a
Linux vm15 6.10.12-686-pae #1 SMP PREEMPT_DYNAMIC Debian 6.10.12-1
(2024-10-01) i686 GNU/Linux
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux trixie/sid"
NAME="Debian GNU/Linux"
...
Thanks,
C.
