RE: [PATCH v3 20/21] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data
-----Original Message-----
From: Daniel P. Berrangé <berrange(a)redhat.com>
Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of
'launch-security-tdx*' test data
On Fri, Jul 04, 2025 at 03:10:11AM +0000, Duan, Zhenzhong wrote:
>
>
> >-----Original Message-----
> >From: Daniel P. Berrangé <berrange(a)redhat.com>
> >Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of
> >'launch-security-tdx*' test data
> >
> >On Mon, Jun 30, 2025 at 02:17:31PM +0800, Zhenzhong Duan wrote:
> >> We now have the '+inteltdx' variant dumped from a modern qemu with
tdx
> >support,
> >> add qemuxmlconftest data for that variant.
> >>
> >> Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com>
> >> ---
> >> ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++++++++++
> >> ...ch-security-tdx.x86_64-latest+inteltdx.xml | 74
+++++++++++++++++++
> >> tests/qemuxmlconfdata/launch-security-tdx.xml | 27 +++++++
> >> tests/qemuxmlconftest.c | 3 +
> >> 4 files changed, 148 insertions(+)
> >> create mode 100644
> >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args
> >> create mode 100644
> >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >> create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml
> >
> >
> >> diff --git
> >a/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >> new file mode 100644
> >> index 0000000000..77fada7408
> >> --- /dev/null
> >> +++
> >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
> >> @@ -0,0 +1,74 @@
> >> +<domain type='qemu'>
> >
> >> + <launchSecurity type='tdx'>
> >> + <policy>0x1</policy>
> >> +
> ><mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vnia
vN
> >7wEjRWeJq83v</mrConfigId>
> >> +
> ><mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vniav
N7
> >wEjRWeJq83v</mrOwner>
> >> +
> ><mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0
Vni
> >avN7wEjRWeJq83v</mrOwnerConfig>
> >> + </launchSecurity>
> >
> >Can you extend this to include the QGS config too.
>
> Got it, have done it internally, look forward to more comments.
Also, IIUC, policy 0x1 is not valid - can you make it use 0x10000000
which seems to be valid with KVM.
Sure.
Thanks
Zhenzhong