is enabled in the host kernel.
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_capabilities.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5e54d7e306..8f8802c121 100644
--- a/src/qemu/qemu_capabilities.c
Extend hypervisor capabilities to include tdx feature. When available,
hypervisor can launch an encrypted VM on Intel platform.
Signed-off-by: Chenyi Qiang
Signed-off-by: Zhenzhong Duan
---
docs/formatdomaincaps.html.in| 16
docs/schemas/domaincaps.rng
support.
- patch 7: Sure kvmSupportsSecureGuest cache updated.
Using these patches we have succesfully booted and tested a guest both with and
without TDX enabled.
[1] https://lkml.org/lkml/2020/11/16/1106
[2] https://github.com/codomania/libvirt/commits/v9
Zhenzhong Duan (7):
qemu: provide
-support=tdx0,kvm-type=tdx,pic=no,kernel_irqchip=split
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_command.c | 31 +++
.../.trust-domain-tdx.xml.swo | Bin 0 -> 12288 bytes
tests/qemuxml2argvdata/trust-domain-tdx.args |
-off-by: Zhenzhong Duan
---
src/conf/domain_capabilities.c | 8 +
src/conf/domain_capabilities.h | 10 +++
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 30 +++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_monitor.c| 8 +
src
. A TD runs in a CPU model which protects the
confidentiality of its memory and its CPU state from other software
There is a child element 'policy' in TrustDomain. In 'policy', bit 0
is used to enable TDX debug, other bits are reserved currently.
For example:
0x0001
Signed-off-by: Zhenzhong
TDX guest need a specific firmware TDVF to bootup, add a new element
in TrustDomain element for that purpose, like below:
0x0001
/path/to/TDVF-binary
Qemu command line looks like:
$QEMU ... \
-device loader,file= /path/to/TDVF-binary,id=fd0
Signed-off-by: Zhenzhong Duan
---
docs
TDX guest requires some special parameters in qemu command line.
They are "pic=no,kernel_irqchip=split" without which guest fails to
bootup.
PMU has a big impact to the performance of TDX guest. So always
disable PMU except it's forcely enabled.
Signed-off-by: Zhenzhong Duan
---
When action for 'on_poweroff' is set to 'restart', 'fake reboot'
is triggered and qemu shutdown state is transient. Domain state
need not to be changed and events not sent in this case.
Fixes:4ffc807214cb80086d57e1d3e7b60959a41d2874
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_process.c | 2
We just found is ignored in our xml. Further debug
shows that ctxt's node pointer isn't restored in virDomainSecDefParseXML(),
which leads to parsing of remaining elements failed.
Signed-off-by: Zhenzhong Duan
---
src/conf/domain_conf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src
Extend qemu TDX capability to domain capabilities.
Signed-off-by: Chenyi Qiang
Signed-off-by: Zhenzhong Duan
---
docs/formatdomaincaps.html.in | 17 +
docs/schemas/domaincaps.rng| 9 +
src/conf/domain_capabilities.c | 1 +
src/conf/domain_capabilities.h | 1
Add a firmware descriptor support for TDVF, then libvirt can
auto match TDVF fimware with td-guest.
Signed-off-by: Zhenzhong Duan
---
docs/schemas/domaincommon.rng | 1 +
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_firmware.c | 101 +-
src/qemu
/to/TDVF-binary
Signed-off-by: Zhenzhong Duan
---
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c| 2 ++
src/conf/domain_conf.h| 2 ++
src/qemu/qemu_capabilities.c | 3 +++
src/qemu/qemu_command.c | 5 +
src/qemu/qemu_namespace.c | 1 +
6 files changed, 14
;: "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"intel-tdx",
"verbose-dynamic"
],
"tags": [
]
}
Links:
[1] https://lists.nongnu.org
-by: Zhenzhong Duan
---
src/qemu/qemu_command.c | 33 +
src/qemu/qemu_firmware.c | 1 +
src/qemu/qemu_namespace.c | 1 +
src/qemu/qemu_process.c | 1 +
src/qemu/qemu_validate.c | 10 ++
5 files changed, 46 insertions(+)
diff --git a/src/qemu/qemu_command.c b
TDX guest requires some special parameters to boot, They are:
"-machine q35-*"
"pic=no"
"kernel_irqchip=split"
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_validate.c | 11 +++
2 files changed, 12 insertions(+), 1
QEMU_CAPS_TDX_GUEST set means TDX supported with this qemu.
Signed-off-by: Chenyi Qiang
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu
-by: Zhenzhong Duan
---
docs/schemas/domaincommon.rng | 16
src/conf/domain_conf.c| 47 +++
src/conf/domain_conf.h| 9 +++
src/conf/virconftypes.h | 2 ++
4 files changed, 74 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_capabilities.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 0d93cc2052..9085c0b875 100644
--- a/src/qemu/qemu_capabilities.c
+++
ent
before starting qemu process. But this is missed in domxml-to-native
command, add the same logic so domxml-to-native could pass.
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_domain.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qem
nvironment
before starting qemu process. But this is missed in domxml-to-native
command, add the same logic so domxml-to-native could pass and replace
the relevant code in qemuHostdevPreparePCIDevicesCheckSupport() with
an error report.
Signed-off-by: Zhenzhong Duan
---
v2: replace setting with an er
21 matches
Mail list logo
