On Wed, Jul 07, 2021 at 05:54:36PM -0700, isaku.yamahata@xxxxxxxxx wrote:
> From: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
>
> Introduce a machine property, kvm-type, to allow the user to create a
> Trusted Domain eXtensions (TDX) VM, a.k.a. a Trusted Domain (TD), e.g.:
>
> # $QEMU \
> -machine ...,kvm-type=tdx \
> ...
Can we align sev and tdx better than that?
SEV is enabled this way:
qemu -machine ...,confidential-guest-support=sev0 \
-object sev-guest,id=sev0,...
(see docs/amd-memory-encryption.txt for details).
tdx could likewise use a tdx-guest object (and both sev-guest and
tdx-guest should probably have a common parent object type) to enable
and configure tdx support.
take care,
Gerd
