RE: [PATCH rfcv4 05/13] conf: add tdx as launch security type

"Duan, Zhenzhong" <zhenzhong.duan@xxxxxxxxx> · Thu, 6 Jun 2024 10:28:51 +0000

>-----Original Message-----
>From: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>Subject: Re: [PATCH rfcv4 05/13] conf: add tdx as launch security type
>
>On Fri, May 24, 2024 at 02:21:20PM +0800, Zhenzhong Duan wrote:
>> When 'tdx' is used, the VM will launched with Intel TDX feature enabled.
>> TDX feature supports running encrypted VM (Trust Domain, TD) under the
>> control of KVM. A TD runs in a CPU model which protects the
>> confidentiality of its memory and its CPU state from other software
>>
>> There is a child element 'policy' and three optional element for tdx type.
>> In 'policy', bit 0 is set to enable TDX debug, bit 28 set to enable
>> sept-ve-disable, other bits are reserved currently. mrConfigId, mrOwner
>> and mrOwnerConfig are base64 encoded SHA384 digest.
>>
>> For example:
>>
>>  <launchSecurity type='tdx'>
>>    <policy>0x10000001</policy>
>>    <mrConfigId>xxx</mrConfigId>
>>    <mrOwner>xxx</mrOwner>
>>    <mrOwnerConfig>xxx</mrOwnerConfig>
>>  </launchSecurity>
>>
>> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
>> ---
>>  src/conf/domain_conf.c            | 42
>+++++++++++++++++++++++++++++++
>>  src/conf/domain_conf.h            |  9 +++++++
>>  src/conf/schemas/domaincommon.rng | 29 +++++++++++++++++++++
>>  src/conf/virconftypes.h           |  2 ++
>>  src/qemu/qemu_command.c           |  2 ++
>>  src/qemu/qemu_firmware.c          |  1 +
>>  src/qemu/qemu_namespace.c         |  1 +
>>  src/qemu/qemu_process.c           |  1 +
>>  src/qemu/qemu_validate.c          |  1 +
>>  9 files changed, 88 insertions(+)
>>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index a0912062ff..c557da0c65 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -1508,6 +1508,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
>>                "",
>>                "sev",
>>                "s390-pv",
>> +              "tdx",
>>  );
>>
>>  typedef enum {
>> @@ -3832,6 +3833,10 @@ virDomainSecDefFree(virDomainSecDef *def)
>>          g_free(def->data.sev.dh_cert);
>>          g_free(def->data.sev.session);
>>          break;
>> +    case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
>> +        g_free(def->data.tdx.mrconfigid);
>> +        g_free(def->data.tdx.mrowner);
>> +        g_free(def->data.tdx.mrownerconfig);
>
>Missing 'break' here. I'm surprised the compiler didn't complain,
>as we have warning flags set to require explicit marking of case
>fallthroughs.

Will do.

Thanks
Zhenzhong

>
>>      case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>>      case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>>      case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>
>
>
>
>With regards,
>Daniel
>--
>|: https://berrange.com      -o-
>https://www.flickr.com/photos/dberrange :|
>|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
>|: https://entangle-photo.org    -o-
>https://www.instagram.com/dberrange :|