RE: [PATCH v3 21/21] docs: domain: Add documentation for Intel TDX guest

-----Original Message----- From: Daniel P. Berrangé <berrange(a)redhat.com&gt; Subject: Re: [PATCH v3 21/21] docs: domain: Add documentation for Intel TDX guest On Mon, Jun 30, 2025 at 02:17:32PM +0800, Zhenzhong Duan wrote: > Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; > --- > docs/formatdomain.rst | 63 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 63 insertions(+) > > diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst > index 9a2f065590..5acebefec0 100644 > --- a/docs/formatdomain.rst > +++ b/docs/formatdomain.rst > @@ -9528,6 +9528,69 @@ The ``<launchSecurity/>`` element then accepts the following child elements: > the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. > > > +The contents of the ``<launchSecurity type='tdx'>`` element is used to provide > +the guest owners input used for creating an encrypted VM using the Intel TDX > +(Trusted Domain eXtensions). Intel TDX refers to an Intel technology that > +extends Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption > +(MKTME) with a new kind of virtual machine guest called a Trust Domain (TD). > +A TD runs in a CPU mode that is designed to protect the confidentiality of its > +memory contents and its CPU state from any other software, including the hosting > +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. > +Example configuration: > + > +:: > + > + <domain> > + ... > + <launchSecurity type='tdx'> > + <policy>0x10000001</policy> > + <mrConfigId>xxx</mrConfigId> > + <mrOwner>xxx</mrOwner> > + <mrOwnerConfig>xxx</mrOwnerConfig> > + <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/> > + </launchSecurity> > + ... > + </domain> > + > +``policy`` > + The optional ``policy`` element provides the guest TD attributes which is > + passed by the host VMM as a guest TD initialization parameter as part of > + TD_PARAMS, it exactly matches the definition of TD_PARAMS.ATTRIBUTES in > + (Intel TDX Module Spec Table 22.2: ATTRIBUTES Definition). It is reported > + to the guest TD by TDG.VP.INFO and as part of TDREPORT_STRUCT returned by > + TDG.MR.REPORT. The guest policy is 64bit unsigned with the fields shown > + in Table: > + > + ====== =============================================================== ===================== > + Bit(s) Description > + ====== =============================================================== ===================== > + 0 Guest TD runs in off-TD debug mode when set > + 1:27 reserved > + 28 Disable EPT violation conversion to #VE on guest TD access of PENDING pages when set > + 29:63 reserved > + ====== =============================================================== ===================== > + > +``mrConfigId`` > + The optional ``mrConfigId`` element provides ID for non-owner-defined > + configuration of the guest TD, e.g., run-time or OS configuration > + (base64 encoded SHA384 digest). > + > +``@mrowner`` > + The optional ``@mrowner`` element provides ID for the guest TD’s owner s/mrowner/mrOwner/ > + (base64 encoded SHA384 digest). > + > +``mrownerconfig`` > + The optional ``mrownerconfig`` element provides ID for owner-defined s/mrownerconfig/mrOwnerConfig/ > + configuration of the guest TD, e.g., specific to the workload rather than > + the run-time or OS (base64 encoded SHA384 digest). > + > +``quoteGenerationSocket`` > + The optional ``quoteGenerationSocket`` subelement provides Quote Generation s/quoteGenerationSocket/quoteGenerationService/