10:10 p.m.
Extend qemu TDX capability to domain capabilities.
Signed-off-by: Chenyi Qiang <chenyi.qiang(a)intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com>
---
docs/formatdomaincaps.html.in | 17 +++++++++++++++++
docs/schemas/domaincaps.rng | 9 +++++++++
src/conf/domain_capabilities.c | 1 +
src/conf/domain_capabilities.h | 1 +
src/qemu/qemu_capabilities.c | 16 ++++++++++++++++
5 files changed, 44 insertions(+)
diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in
index 62f1940e6a..3f057af515 100644
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -570,6 +570,7 @@
<cbitpos>47</cbitpos>
<reduced-phys-bits>1</reduced-phys-bits>
</sev>
+ <tdx supported='yes'/>
</features>
</domainCapabilities>
</pre>
@@ -635,6 +636,22 @@
a look at <a href="formatdomain.html#launchSecurity">SEV in domain
XML</a>
</p>
+ <h4><a id="featureTDX">TDX capabilities</a></h4>
+
+ <p>Trust Domain Extensions(TDX) capabilities are exposed under the
+ <code>tdx</code> element.
+ TDX is an Intel technology that extends Virtual Machines Extensions (VMX)
+ to with a new kind of virtual machine guest called Trust Domain (TD). A TD
+ runs in a CPU model which protects the confidentiality of its memory contents
+ and its CPU state from any other software, including the hosting Virtual Machine
+ Monitor (VMM), unless explicitly shared by the TD itself.</p>
+
+ <p>
+ For more details on the TDX feature, please follow resources in the
+ Intel developer's document. In order to use TDX with libvirt have
+ a look at <a href="formatdomain.html#launchSecurity">TDX in domain
XML</a>
+ </p>
+
<dl>
<dt><code>cbitpos</code></dt>
<dd>When memory encryption is enabled, one of the physical address bits
diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng
index d7ee60dd16..60001b3c43 100644
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -253,6 +253,9 @@
<optional>
<ref name="sev"/>
</optional>
+ <optional>
+ <ref name="tdx"/>
+ </optional>
</element>
</define>
@@ -307,6 +310,12 @@
</element>
</define>
+ <define name="tdx">
+ <element name="tdx">
+ <ref name="supported"/>
+ </element>
+ </define>
+
<define name="value">
<zeroOrMore>
<element name="value">
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 83d3320980..2380eacde9 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -43,6 +43,7 @@ VIR_ENUM_IMPL(virDomainCapsFeature,
"backingStoreInput",
"backup",
"s390-pv",
+ "tdx",
);
static virClass *virDomainCapsClass;
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 34b9b8a693..cd3f5be472 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -180,6 +180,7 @@ typedef enum {
VIR_DOMAIN_CAPS_FEATURE_BACKING_STORE_INPUT,
VIR_DOMAIN_CAPS_FEATURE_BACKUP,
VIR_DOMAIN_CAPS_FEATURE_S390_PV,
+ VIR_DOMAIN_CAPS_FEATURE_TDX,
VIR_DOMAIN_CAPS_FEATURE_LAST
} virDomainCapsFeature;
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 6a29ec607a..e9906a2f32 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6351,6 +6351,21 @@ virQEMUCapsFillDomainFeatureS390PVCaps(virQEMUCaps *qemuCaps,
}
+static void
+virQEMUCapsFillDomainFeatureTDXCaps(virQEMUCaps *qemuCaps,
+ virDomainCaps *domCaps)
+{
+ if (ARCH_IS_X86(qemuCaps->arch)) {
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT)
&&
+ virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST) &&
+ virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps))
+ domCaps->features[VIR_DOMAIN_CAPS_FEATURE_TDX] = VIR_TRISTATE_BOOL_YES;
+ else
+ domCaps->features[VIR_DOMAIN_CAPS_FEATURE_TDX] = VIR_TRISTATE_BOOL_NO;
+ }
+}
+
+
int
virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
virArch hostarch,
@@ -6398,6 +6413,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps);
virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps);
virQEMUCapsFillDomainFeatureS390PVCaps(qemuCaps, domCaps);
+ virQEMUCapsFillDomainFeatureTDXCaps(qemuCaps, domCaps);
return 0;
}
--
2.25.1