On 8/26/2021 6:22 PM, Gerd Hoffmann wrote:
On Wed, Jul 07, 2021 at 05:54:36PM -0700, isaku.yamahata@xxxxxxxxx wrote:
From: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
Introduce a machine property, kvm-type, to allow the user to create a
Trusted Domain eXtensions (TDX) VM, a.k.a. a Trusted Domain (TD), e.g.:
# $QEMU \
-machine ...,kvm-type=tdx \
...
Sorry for the very late reply.
Can we align sev and tdx better than that?
SEV is enabled this way:
qemu -machine ...,confidential-guest-support=sev0 \
-object sev-guest,id=sev0,...
(see docs/amd-memory-encryption.txt for details).
tdx could likewise use a tdx-guest object (and both sev-guest and
tdx-guest should probably have a common parent object type) to enable
and configure tdx support.
yes, sev only introduced a new object and passed it to
confidential-guest-support. This is because SEV doesn't require the new
type of VM.
However, TDX does require a new type of VM.
If we read KVM code, there is a parameter of CREATE_VM to pass the
vm_type, though x86 doesn't use this field so far. On QEMU side, it also
has the codes to pass/configure vm-type in command line. Of cousre, x86
arch doesn't implement it. With upcoming TDX, it will implement and use
vm type for TDX. That's the reason we wrote this patch to implement
kvm-type for x86, similar to other arches.
yes, of course we can infer the vm_type from "-object tdx-guest". But I
prefer to just use vm_type. Let's see others opinion.
thanks,
-Xiaoyao
take care,
Gerd
