On Tue, Nov 05, 2024 at 01:23:10AM -0500, Xiaoyao Li wrote:
> Introduce tdx-guest object which inherits X86_CONFIDENTIAL_GUEST,
> and will be used to create TDX VMs (TDs) by
>
> qemu -machine ...,confidential-guest-support=tdx0 \
> -object tdx-guest,id=tdx0
>
> It has one QAPI member 'attributes' defined, which allows user to set
> TD's attributes directly.
>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
> Acked-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
> Acked-by: Markus Armbruster <armbru@xxxxxxxxxx>
> ---
> Chanegs in v6:
> - Make tdx-guest inherits X86_CONFIDENTIAL_GUEST;
> - set cgs->require_guest_memfd;
> - allow attributes settable via QAPI;
> - update QAPI version to since 9.2;
>
> Changes in v4:
> - update the new qapi `since` filed from 8.2 to 9.0
>
> Changes in v1
> - make @attributes not user-settable
> ---
> configs/devices/i386-softmmu/default.mak | 1 +
> hw/i386/Kconfig | 5 +++
> qapi/qom.json | 15 ++++++++
> target/i386/kvm/meson.build | 2 ++
> target/i386/kvm/tdx.c | 45 ++++++++++++++++++++++++
> target/i386/kvm/tdx.h | 19 ++++++++++
> 6 files changed, 87 insertions(+)
> create mode 100644 target/i386/kvm/tdx.c
> create mode 100644 target/i386/kvm/tdx.h
>
> diff --git a/configs/devices/i386-softmmu/default.mak b/configs/devices/i386-softmmu/default.mak
> index 4faf2f0315e2..bc0479a7e0a3 100644
> --- a/configs/devices/i386-softmmu/default.mak
> +++ b/configs/devices/i386-softmmu/default.mak
> @@ -18,6 +18,7 @@
> #CONFIG_QXL=n
> #CONFIG_SEV=n
> #CONFIG_SGA=n
> +#CONFIG_TDX=n
> #CONFIG_TEST_DEVICES=n
> #CONFIG_TPM_CRB=n
> #CONFIG_TPM_TIS_ISA=n
> diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
> index 32818480d263..86bc10377c4f 100644
> --- a/hw/i386/Kconfig
> +++ b/hw/i386/Kconfig
> @@ -10,6 +10,10 @@ config SGX
> bool
> depends on KVM
>
> +config TDX
> + bool
> + depends on KVM
> +
> config PC
> bool
> imply APPLESMC
> @@ -26,6 +30,7 @@ config PC
> imply QXL
> imply SEV
> imply SGX
> + imply TDX
> imply TEST_DEVICES
> imply TPM_CRB
> imply TPM_TIS_ISA
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 321ccd708ad1..129b25edf495 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -1008,6 +1008,19 @@
> '*host-data': 'str',
> '*vcek-disabled': 'bool' } }
>
> +##
> +# @TdxGuestProperties:
> +#
> +# Properties for tdx-guest objects.
> +#
> +# @attributes: The 'attributes' of a TD guest that is passed to
> +# KVM_TDX_INIT_VM
> +#
> +# Since: 9.2
> +##
Since QEMU soft-freeze for 9.2 is today, you've missed the
boat for that. Please update any version tags in this series
to 10.0, which is the first release of next year.
> +{ 'struct': 'TdxGuestProperties',
> + 'data': { '*attributes': 'uint64' } }
> +
> ##
> # @ThreadContextProperties:
> #
> @@ -1092,6 +1105,7 @@
> 'sev-snp-guest',
> 'thread-context',
> 's390-pv-guest',
> + 'tdx-guest',
> 'throttle-group',
> 'tls-creds-anon',
> 'tls-creds-psk',
> @@ -1163,6 +1177,7 @@
> 'if': 'CONFIG_SECRET_KEYRING' },
> 'sev-guest': 'SevGuestProperties',
> 'sev-snp-guest': 'SevSnpGuestProperties',
> + 'tdx-guest': 'TdxGuestProperties',
> 'thread-context': 'ThreadContextProperties',
> 'throttle-group': 'ThrottleGroupProperties',
> 'tls-creds-anon': 'TlsCredsAnonProperties',
> diff --git a/target/i386/kvm/meson.build b/target/i386/kvm/meson.build
> index 3996cafaf29f..466bccb9cb17 100644
> --- a/target/i386/kvm/meson.build
> +++ b/target/i386/kvm/meson.build
> @@ -8,6 +8,8 @@ i386_kvm_ss.add(files(
>
> i386_kvm_ss.add(when: 'CONFIG_XEN_EMU', if_true: files('xen-emu.c'))
>
> +i386_kvm_ss.add(when: 'CONFIG_TDX', if_true: files('tdx.c'))
> +
> i386_system_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'), if_false: files('hyperv-stub.c'))
>
> i386_system_ss.add_all(when: 'CONFIG_KVM', if_true: i386_kvm_ss)
> diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
> new file mode 100644
> index 000000000000..166f53d2b9e3
> --- /dev/null
> +++ b/target/i386/kvm/tdx.c
> @@ -0,0 +1,45 @@
> +/*
> + * QEMU TDX support
> + *
> + * Copyright Intel
> + *
> + * Author:
> + * Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory
FYI, since KVM Forum we decided that we would prefer newly
created files to just use SPDX tags for license info.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qom/object_interfaces.h"
> +
> +#include "tdx.h"
> +
> +/* tdx guest */
> +OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest,
> + tdx_guest,
> + TDX_GUEST,
> + X86_CONFIDENTIAL_GUEST,
> + { TYPE_USER_CREATABLE },
> + { NULL })
> +
> +static void tdx_guest_init(Object *obj)
> +{
> + ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj);
> + TdxGuest *tdx = TDX_GUEST(obj);
> +
> + cgs->require_guest_memfd = true;
> + tdx->attributes = 0;
> +
> + object_property_add_uint64_ptr(obj, "attributes", &tdx->attributes,
> + OBJ_PROP_FLAG_READWRITE);
> +}
> +
> +static void tdx_guest_finalize(Object *obj)
> +{
> +}
> +
> +static void tdx_guest_class_init(ObjectClass *oc, void *data)
> +{
> +}
> diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
> new file mode 100644
> index 000000000000..de687457cae6
> --- /dev/null
> +++ b/target/i386/kvm/tdx.h
> @@ -0,0 +1,19 @@
> +#ifndef QEMU_I386_TDX_H
> +#define QEMU_I386_TDX_H
Missing license info.
> +
> +#include "confidential-guest.h"
> +
> +#define TYPE_TDX_GUEST "tdx-guest"
> +#define TDX_GUEST(obj) OBJECT_CHECK(TdxGuest, (obj), TYPE_TDX_GUEST)
> +
> +typedef struct TdxGuestClass {
> + X86ConfidentialGuestClass parent_class;
> +} TdxGuestClass;
> +
> +typedef struct TdxGuest {
> + X86ConfidentialGuest parent_obj;
> +
> + uint64_t attributes; /* TD attributes */
> +} TdxGuest;
> +
> +#endif /* QEMU_I386_TDX_H */
> --
> 2.34.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
