On Mon, Jun 21, 2021 at 03:19:55AM +0000, Duan, Zhenzhong wrote: > > > -----Original Message----- > > From: Pavel Hrdina <phrdina@xxxxxxxxxx> > > Sent: Friday, June 18, 2021 8:34 PM > > To: Duan, Zhenzhong <zhenzhong.duan@xxxxxxxxx> > > Cc: libvir-list@xxxxxxxxxx; Yamahata, Isaku <isaku.yamahata@xxxxxxxxx>; > > Tian, Jun J <jun.j.tian@xxxxxxxxx>; Qiang, Chenyi <chenyi.qiang@xxxxxxxxx> > > Subject: Re: [RFC PATCH 5/7] qemu: add support to TDVF firmware loader > > > > On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote: > > > TDX guest need a specific firmware TDVF to bootup, add a new element > > > in TrustDomain element for that purpose, like below: > > > > > > <TrustDomain type='tdx'> > > > <policy>0x0001</policy> > > > <loader>/path/to/TDVF-binary</loader> > > > </TrustDomain> > > > > Looking into QEMU patches and if I understand it correctly this loader is > > supposed to be used instead of UEFI or BIOS? > Yes. > > > If that's true I don't think it > > should be here as we already have XML bits to specify VM loader. > > > > We could use something like this: > > > > <os> > > <loader type='generic'>/path/to/TDVF-binary</loader> > > </os> > > > > Currently supported types are: > > > > - `rom` which is translated to > > > > -bios /path/to/bios.bin > > > > - `pflash` which is translated to > > > > -drive file=/path/to/uefi.fd,if=pflash,format=raw,... > > > > And we could add a new type called 'generic', 'device', 'binary' or something > > else which would be translated to: > > > > -device loader,file=/path/to/TDVF-binary,... > > > Thanks for your suggestion, the main reason is I see only TDX guest using firmware in such a special way, > So I move <loader> in TDX specific element <TrustDomain>. I'll change to <os>.<loader> if you think it's better. Note that SEV does actually need a special loader too. The standard UEFI builds don't support SEV, so we need to pick a special UEFI build just for SEV. QEMU has a concept of firmware descriptors that let the host tell libvirt what features each firmware supports. This lets libvirt automatically pick the right firmware binary to use. Even if the TDX firmware is not a normal UEFI / EDK2 binary, I think we really ought to figure out a way to use the firmware descriptors in QEMU to report the existsance of the TDX firmware inary on the host. This would let libvirt automatically pick a TDX loader. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
