>-----Original Message-----
>From: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>Subject: Re: [PATCH rfcv4 06/13] qemu: Add command line and validation
>for TDX type
>
>On Fri, May 24, 2024 at 02:21:21PM +0800, Zhenzhong Duan wrote:
>> QEMU will provides 'tdx-guest' object which is used to launch encrypted
>> VMs on Intel platform using TDX feature.
>>
>> Command line looks like:
>> $QEMU ... \
>> -object '{"qom-type":"tdx-guest","id":"lsec0","debug":true,"sept-ve-
>disable":false,"mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx"}' \
>> -machine pc-q35-6.0,confidential-guest-support=lsec0
>>
>> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
>> ---
>> src/conf/domain_conf.h | 5 +++++
>> src/qemu/qemu_command.c | 31
>+++++++++++++++++++++++++++++++
>> src/qemu/qemu_validate.c | 11 +++++++++++
>> 3 files changed, 47 insertions(+)
>>
>> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
>> index 7882b7a75d..bb4973fce8 100644
>> --- a/src/conf/domain_conf.h
>> +++ b/src/conf/domain_conf.h
>> @@ -2880,6 +2880,11 @@ struct _virDomainTDXDef {
>> char *mrownerconfig;
>> };
>>
>> +#define VIR_DOMAIN_TDX_POLICY_DEBUG 0x1
>> +#define VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE 0x10000000
>> +#define VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK
>(VIR_DOMAIN_TDX_POLICY_DEBUG | \
>> +
>VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE)
>> +
>> struct _virDomainSecDef {
>> virDomainLaunchSecurity sectype;
>> union {
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index dde2d5fa01..d212d80038 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -9745,6 +9745,36 @@ qemuBuildPVCommandLine(virDomainObj
>*vm, virCommand *cmd)
>> }
>>
>>
>> +static int
>> +qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
>> + virDomainTDXDef *tdx)
>> +{
>> + g_autoptr(virJSONValue) props = NULL;
>> + qemuDomainObjPrivate *priv = vm->privateData;
>> + bool sept_ve_disable = tdx->policy &
>VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE;
>> +
>> + VIR_DEBUG("policy=0x%llx", tdx->policy);
>> +
>> + if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0",
>> + "B:debug", !!(tdx->policy &
>VIR_DOMAIN_TDX_POLICY_DEBUG),
>> + "S:mrconfigid", tdx->mrconfigid,
>> + "S:mrowner", tdx->mrowner,
>> + "S:mrownerconfig", tdx->mrownerconfig,
>> + NULL) < 0)
>> + return -1;
>
>I like that you've just exposed the "policy" as an int field in libvirt,
>but find it unpleasant that we have to unpack it to pass bits to QEMU,
>whereupon QEMU re-packs it into the original int field we already had.
Yes.
>
>I think this is a mistake in the QEMU QAPI design - QEMU shoud just accept
>the policy in 'int' format. I've CC'd you on a mail to qemu-devel where I
>raise this point.
Agree with your point.
Thanks
Zhenzhong
