Re: [PATCH v5 49/65] i386/tdx: handle TDG.VP.VMCALL<GetQuote>

Markus Armbruster <armbru@xxxxxxxxxx> · Thu, 29 Feb 2024 09:40:42 +0100

Xiaoyao Li <xiaoyao.li@xxxxxxxxx> writes:

> From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
>
> Add property "quote-generation-socket" to tdx-guest, which is a property
> of type SocketAddress to specify Quote Generation Service(QGS).
>
> On request of GetQuote, it connects to the QGS socket, read request
> data from shared guest memory, send the request data to the QGS,
> and store the response into shared guest memory, at last notify
> TD guest by interrupt.
>
> command line example:
>   qemu-system-x86_64 \
>     -object '{"qom-type":"tdx-guest","id":"tdx0","quote-generation-socket":{"type": "vsock", "cid":"1","port":"1234"}}' \
>     -machine confidential-guest-support=tdx0
>
> Note, above example uses vsock type socket because the QGS we used
> implements the vsock socket. It can be other types, like UNIX socket,
> which depends on the implementation of QGS.
>
> To avoid no response from QGS server, setup a timer for the transaction.
> If timeout, make it an error and interrupt guest. Define the threshold of
> time to 30s at present, maybe change to other value if not appropriate.
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> Codeveloped-by: Chenyi Qiang <chenyi.qiang@xxxxxxxxx>
> Signed-off-by: Chenyi Qiang <chenyi.qiang@xxxxxxxxx>
> Codeveloped-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>

[...]

> diff --git a/qapi/qom.json b/qapi/qom.json
> index cac875349a3a..7b26b0a0d3aa 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -917,13 +917,19 @@
>  #     (base64 encoded SHA384 digest). (A default value 0 of SHA384 is
>  #     used when absent).
>  #
> +# @quote-generation-socket: socket address for Quote Generation
> +#     Service (QGS).  QGS is a daemon running on the host.  User in
> +#     TD guest cannot get TD quoting for attestation if QGS is not
> +#     provided.  So admin should always provide it.

This makes me wonder why it's optional.  Can you describe a use case for
*not* specifying @quote-generation-socket?

> +#
>  # Since: 9.0
>  ##
>  { 'struct': 'TdxGuestProperties',
>    'data': { '*sept-ve-disable': 'bool',
>              '*mrconfigid': 'str',
>              '*mrowner': 'str',
> -            '*mrownerconfig': 'str' } }
> +            '*mrownerconfig': 'str',
> +            '*quote-generation-socket': 'SocketAddress' } }
>  
>  ##
>  # @ThreadContextProperties:

[...]