On Mon, Jun 21, 2021 at 03:19:55AM +0000, Duan, Zhenzhong wrote:
> -----Original Message-----
> From: Pavel Hrdina <phrdina(a)redhat.com>
> Sent: Friday, June 18, 2021 8:34 PM
> To: Duan, Zhenzhong <zhenzhong.duan(a)intel.com>
> Cc: libvir-list(a)redhat.com; Yamahata, Isaku <isaku.yamahata(a)intel.com>;
> Tian, Jun J <jun.j.tian(a)intel.com>; Qiang, Chenyi
<chenyi.qiang(a)intel.com>
> Subject: Re: [RFC PATCH 5/7] qemu: add support to TDVF firmware loader
>
> On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote:
> > TDX guest need a specific firmware TDVF to bootup, add a new element
> > in TrustDomain element for that purpose, like below:
> >
> > <TrustDomain type='tdx'>
> > <policy>0x0001</policy>
> > <loader>/path/to/TDVF-binary</loader>
> > </TrustDomain>
>
> Looking into QEMU patches and if I understand it correctly this loader is
> supposed to be used instead of UEFI or BIOS?
Yes.
> If that's true I don't think it
> should be here as we already have XML bits to specify VM loader.
>
> We could use something like this:
>
> <os>
> <loader type='generic'>/path/to/TDVF-binary</loader>
> </os>
>
> Currently supported types are:
>
> - `rom` which is translated to
>
> -bios /path/to/bios.bin
>
> - `pflash` which is translated to
>
> -drive file=/path/to/uefi.fd,if=pflash,format=raw,...
>
> And we could add a new type called 'generic', 'device',
'binary' or something
> else which would be translated to:
>
> -device loader,file=/path/to/TDVF-binary,...
>
Thanks for your suggestion, the main reason is I see only TDX guest using firmware in
such a special way,
So I move <loader> in TDX specific element <TrustDomain>. I'll change to
<os>.<loader> if you think it's better.
I understand your original motivation but it would just create a
confusion for users of libvirt and management application as they would
have to look at two different places in the XML to figure out if and
what firmware is used for VM.
So yes, we would prefer to use <os>.<loader>.
Pavel