>-----Original Message----- >From: Daniel P. Berrangé <berrange@xxxxxxxxxx> >Subject: Re: [PATCH rfcv3 04/11] conf: add tdx as launch security type > >On Mon, Nov 27, 2023 at 04:55:14PM +0800, Zhenzhong Duan wrote: >> When 'tdx' is used, the VM will launched with Intel TDX feature enabled. >> TDX feature supports running encrypted VM (Trust Domain, TD) under the >> control of KVM. A TD runs in a CPU model which protects the >> confidentiality of its memory and its CPU state from other software >> >> There is a child element 'policy' and four optional element for tdx type. >> In 'policy', bit 0 is set to enable TDX debug, bit 28 set to enable >> sept-ve-disable, other bits are reserved currently. mrConfigId, mrOwner >> and mrOwnerConfig are hex string of 48 * 2 length each. >> Quote-Generation-Service is string to specify Quote Generation >Service(QGS) >> in qemu socket address format. The examples of the supported format are >> "vsock:2:1234", "unix:/run/qgs", "localhost:1234". >> >> For example: >> >> <launchSecurity type='tdx'> >> <policy>0x1</policy> >> <mrConfigId>xxx...xxx</mrConfigId> >> <mrOwner>xxx...xxx</mrOwner> >> <mrOwnerConfig>xxx...xxx</mrOwnerConfig> >> <Quote-Generation-Service>xxx</Quote-Generation-Service> >> </launchSecurity> > >On the QEMU side, the quote generateo sevice is defined as > > '*quote-generation-socket': 'SocketAddress' > >we need to model 'SocktetAddress' in the XML properly, not >just as an opaque string. Good suggestion. > >Also given the naming for the rest of the elements, this >should also use caps, eg <quoteGenerationService> Will do. > >> >> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx> >> --- >> src/conf/domain_conf.c | 46 >+++++++++++++++++++++++++++++++ >> src/conf/domain_conf.h | 10 +++++++ >> src/conf/schemas/domaincommon.rng | 34 +++++++++++++++++++++++ >> src/conf/virconftypes.h | 2 ++ >> src/qemu/qemu_command.c | 2 ++ >> src/qemu/qemu_firmware.c | 1 + >> src/qemu/qemu_namespace.c | 1 + >> src/qemu/qemu_process.c | 1 + >> src/qemu/qemu_validate.c | 1 + > >Schema additions need something added to docs/formatdomain.rst to >document them, as well as example XML added under tests/ to validate >the parsing and formatting logic, and the QEMU command line args >generation. Will do. Thanks Zhenzhong _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
