Re: [PATCH v7 12/52] i386/tdx: Validate TD attributes

[Xiaoyao Li <xiaoyao.li@xxxxxxxxx>]

On 2/5/2025 5:06 PM, Markus Armbruster wrote:
> Xiaoyao Li <xiaoyao.li@xxxxxxxxx> writes:
>
> > Validate TD attributes with tdx_caps that only supported bits arer
> > allowed by KVM.
> >
> > Besides, sanity check the attribute bits that have not been supported by
> > QEMU yet. e.g., debug bit, it will be allowed in the future when debug
> > TD support lands in QEMU.
> >
> > Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
> > Acked-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
> > ---
> > Changes in v7:
> > - Define TDX_SUPPORTED_TD_ATTRS as QEMU supported mask, to validates
> >    user's request. (Rick)
> >
> > Changes in v3:
> > - using error_setg() for error report; (Daniel)
> > ---
> >   qapi/qom.json         |  16 +++++-
> >   target/i386/kvm/tdx.c | 118 +++++++++++++++++++++++++++++++++++++++++-
> >   target/i386/kvm/tdx.h |   3 ++
> >   3 files changed, 134 insertions(+), 3 deletions(-)
> >
> > diff --git a/qapi/qom.json b/qapi/qom.json
> > index 8740626c4ee6..a53000ca6fb4 100644
> > --- a/qapi/qom.json
> > +++ b/qapi/qom.json
> > @@ -1060,11 +1060,25 @@
> >   #     pages.  Some guest OS (e.g., Linux TD guest) may require this to
> >   #     be set, otherwise they refuse to boot.
> >   #
> > +# @mrconfigid: ID for non-owner-defined configuration of the guest TD,
> > +#     e.g., run-time or OS configuration (base64 encoded SHA384 digest).
> > +#     Defaults to all zeros.
> > +#
> > +# @mrowner: ID for the guest TD’s owner (base64 encoded SHA384 digest).
> > +#     Defaults to all zeros.
> > +#
> > +# @mrownerconfig: ID for owner-defined configuration of the guest TD,
> > +#     e.g., specific to the workload rather than the run-time or OS
> > +#     (base64 encoded SHA384 digest).  Defaults to all zeros.
>
> All three members are IDs, but only the first one has "id" in its name.
> Odd.  Any particular reason for that?
>
> > +#
> >   # Since: 10.0
> >   ##
> >   { 'struct': 'TdxGuestProperties',
> >     'data': { '*attributes': 'uint64',
> > -            '*sept-ve-disable': 'bool' } }
> > +            '*sept-ve-disable': 'bool',
> > +            '*mrconfigid': 'str',
> > +            '*mrowner': 'str',
> > +            '*mrownerconfig': 'str' } }
>
> The member names are abbreviations all run together, wheras QAPI/QMP
> favors words-separated-with-dashes.  If you invented them, please change
> them to QAPI/QMP style.  If they are established TDX terminology, keep
> them as they are, but please show us your evidence.

The names are defined in TDX spec. Table 3.13 "TD_PARAMS definition" in 
TDX Module ABI spec[1]. And they are used for attestation, please refer 
to section 12 "Measurement and Attestation" in TDX Module Base spec[2].

[1] https://cdrdv2.intel.com/v1/dl/getContent/733579
[2] https://cdrdv2.intel.com/v1/dl/getContent/733575


> >   
> >   ##
> >   # @ThreadContextProperties:
>
> [...]