On 6/24/25 17:08, Daniel P. Berrangé wrote:
On Tue, Jun 24, 2025 at 11:03:19AM -0400, Stefan Hajnoczi wrote:
On Mon, Jun 23, 2025 at 4:37 PM Cédric Le Goater <c...@kaod.org> wrote:
On 6/23/25 20:57, Stefan Hajnoczi wrote:
On Mon, Jun 23, 2025 at 9:09 AM Daniel P. Berrangé <berra...@redhat.com> wrote:
On Mon, Jun 23, 2025 at 09:04:33AM -0400, Stefan Hajnoczi wrote:
On Mon, Jun 23, 2025 at 4:04 AM Daniel P. Berrangé <berra...@redhat.com> wrote:
On Mon, Jun 23, 2025 at 03:03:19PM +0800, Xiaoyao Li wrote:
On 6/23/2025 2:43 PM, Cédric Le Goater wrote:
Hello,
On 6/20/25 18:40, Paolo Bonzini wrote:
From: Isaku Yamahata <isaku.yamah...@intel.com>
Add property "quote-generation-socket" to tdx-guest, which is a property
of type SocketAddress to specify Quote Generation Service(QGS).
On request of GetQuote, it connects to the QGS socket, read request
data from shared guest memory, send the request data to the QGS,
and store the response into shared guest memory, at last notify
TD guest by interrupt.
command line example:
qemu-system-x86_64 \
-object '{"qom-type":"tdx-guest","id":"tdx0","quote-generation-
socket":{"type":"unix", "path":"/var/run/tdx-qgs/qgs.socket"}}' \
-machine confidential-guest-support=tdx0
Note, above example uses the unix socket. It can be other types,
like vsock,
which depends on the implementation of QGS.
To avoid no response from QGS server, setup a timer for the transaction.
If timeout, make it an error and interrupt guest. Define the threshold of
time to 30s at present, maybe change to other value if not appropriate.
Signed-off-by: Isaku Yamahata <isaku.yamah...@intel.com>
Co-developed-by: Chenyi Qiang <chenyi.qi...@intel.com>
Signed-off-by: Chenyi Qiang <chenyi.qi...@intel.com>
Co-developed-by: Xiaoyao Li <xiaoyao...@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao...@intel.com>
Tested-by: Xiaoyao Li <xiaoyao...@intel.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
qapi/qom.json | 8 +-
target/i386/kvm/tdx-quote-generator.h | 82 +++++++
target/i386/kvm/tdx.h | 10 +
target/i386/kvm/kvm.c | 3 +
target/i386/kvm/tdx-quote-generator.c | 300 ++++++++++++++++++++++++++
target/i386/kvm/tdx-stub.c | 4 +
target/i386/kvm/tdx.c | 176 ++++++++++++++-
target/i386/kvm/meson.build | 2 +-
8 files changed, 582 insertions(+), 3 deletions(-)
create mode 100644 target/i386/kvm/tdx-quote-generator.h
create mode 100644 target/i386/kvm/tdx-quote-generator.c
These changes broke the build on 32-bit host.
Could you please send a patch to avoid compiling TDX in such environment ?
Paolo is on vacation.
I would like to help, but I don't have 32-bit host environment on hand. Do
you know how to set up such environment quickly? (I tried to set up within a
32-bit VM but the 32-bit OS is too old and I didn't get it work to install
the required package for building QEMU)
You should be able to use QEMU's docker containers to get yourself a
Debian i386 container, on a x86_64 host.
The cross-i686-system (Debian) build CI job succeeded:
https://gitlab.com/qemu-project/qemu/-/jobs/10423776600
I wonder why the CI didn't catch the issue?
It didn't build the x86_64 target:
--target-list-exclude="arm-softmmu i386-softmmu microblaze-softmmu mips-softmmu
mipsel-softmmu mips64-softmmu ppc-softmmu riscv32-softmmu sh4-softmmu sparc-softmmu
xtensa-softmmu $CROSS_SKIP_TARGETS"
so in turn didn't build any TDX code
Here are the targets that were built by the CI job:
target list : avr-softmmu m68k-softmmu microblazeel-softmmu
or1k-softmmu rx-softmmu sh4eb-softmmu tricore-softmmu xtensaeb-softmmu
64-bit targets are not supported on 32-bit hosts since commit
acce728cbc6c ("meson: Disallow 64-bit on 32-bit emulation"). I don't
think the x86_64 target can be built on 32-bit hosts.
But notice that i386-softmmu is missing from the target list. That
could be why the CI job succeeded.
Cédric: What were your ./configure options?
Just :
--target-list=arm-softmmu,ppc-softmmu,i386-softmmu
cross-i686-tci builds i386-softmmu on debian-i686-cross with
--disable-kvm, but the TDX code isn't compiled:
https://gitlab.com/qemu-project/qemu/-/jobs/10440424393
A new CI job could be added to cover TDX on 32-bit hosts if you think
it's worthwhile. Maybe it's a corner case and not worth spending CI
cycles on?
We should not set any expectation of support for TDX on 32-bit host
or guest emulator. IMHO the only right answer here is to disable
build of TDX for anything other than x86_64-softmmu w/ KVM.
yes. This is what I was reminding the developers.
Thanks,
C.
