On Wed, Jul 28, 2021 at 02:54:09AM +0000, Duan, Zhenzhong wrote: > > > > -----Original Message----- > > From: Pavel Hrdina <phrdina@xxxxxxxxxx> > > Sent: Wednesday, July 21, 2021 10:23 PM > > To: Duan, Zhenzhong <zhenzhong.duan@xxxxxxxxx> > > Cc: libvir-list@xxxxxxxxxx; pkrempa@xxxxxxxxxx; berrange@xxxxxxxxxx; > > Yamahata, Isaku <isaku.yamahata@xxxxxxxxx>; Tian, Jun J > > <jun.j.tian@xxxxxxxxx>; Qiang, Chenyi <chenyi.qiang@xxxxxxxxx> > > Subject: Re: [RFC PATCH v2 0/8] LIBVIRT: X86: TDX support > > > > On Fri, Jul 16, 2021 at 11:10:28AM +0800, Zhenzhong Duan wrote: > > > Thanks Peter, Pavel and Daniel's comments on v1 version, now the v2 > > comes. > [...] > > > * Misc > > > Just let you know we have released v2 version of TDX qemu in [1], and > > > the API for libvirt is keeping stable. Using these patches we have > > > succesfully booted and tested a guest both with and without TDX enabled. > > > > Overall looks good. It's missing documentation and the QEMU patches are > > missing documentation as well. I was looking into Intel specification but I > > failed to find the necessary info there as well. > > What are the values `mrconfigid`, `mrowner`, `mrownerconfig` for, what data > > is supposed to be stored there, what are the limitation and so on. > > > > What I could gather these are exposed in the VM and are used for > > measurement but that's it. > > > > Another thing that I've missed in v1, QEMU patches are introducing new `- > > machine pic=no` option and for TDX PIC has to be disabled. The libvirt > > patches are putting it on the QEMU command line but it is not reflected in > > the VM XML, so I would say we need to introduce new hypervisor feature [1]: > > > > <features> > > ... > > <pic state='on|off'/> > > ... > > </features> > > > > [1] <https://libvirt.org/formatdomain.html#hypervisor-features> > > > > > * Diff to v1: > > > - give up using qmp cmd and check TDX directly on host for TDX capabilities. > > > - use launchsecurity framework to support TDX > > > - use <os>.<loader> for general loader > > > - add auto firmware match feature for TDX > > > > > > A example TDVF fimware description file 70-edk2-x86_64-tdx.json: > > > { > > > "description": "UEFI firmware for x86_64, supporting Intel TDX", > > > "interface-types": [ > > > "uefi" > > > ], > > > "mapping": { > > > "device": "generic", > > > > I think using 'loader' as that's the actual device in QEMU used with this > > firmware will be better. The patches posted to QEMU doesn't extend > > `docs/interop/firmware.json` so this example may change once some specific > > format is accepted by QEMU community. > Hi Pavel, > > Just want to clarify you want 'generic' changing to 'loader' only in 70-edk2-x86_64-tdx.json > Or also want all the 'generic' and '_GENERIC' string in ('[RFC PATCH v2 8/8] qemu: Add firmware descriptor support for TDX') to be changed? Hi, correct, from libvirt POV we will export it as 'generic' type so in libvirt code it makes sense to use 'generic' and '_GENERIC'. In QEMU in the file 70-edk2-x86_64-tdx.json we want to probably use 'loader' because that's the '-device' type. Pavel > Thanks > Zhenzhong
Attachment:
signature.asc
Description: PGP signature
