[RFC PATCH v2 4/8] conf: add tdx as launch security type

When 'tdx' is used, the VM will launched with Intel TDX feature enabled. TDX feature supports running encrypted VM (Trust Domain, TD) under the control of KVM. A TD runs in a CPU model which protects the confidentiality of its memory and its CPU state from other software There is a child element 'policy' and three optional element for tdx type. In 'policy', bit 0 is used to enable TDX debug, other bits are reserved currently. mrconfigid, mrowner and mrownerconfig are hex string of 48 * 2 length each. For example: <launchSecurity type='tdx'> <policy>0x0001</policy> <mrconfigid>xxx...xxx</mrconfigid> <mrowner>xxx...xxx</mrowner> <mrownerconfig>xxx...xxx</mrownerconfig> </launchSecurity> Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; --- docs/schemas/domaincommon.rng | 16 ++++++++++++ src/conf/domain_conf.c | 47 +++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 9 +++++++ src/conf/virconftypes.h | 2 ++ 4 files changed, 74 insertions(+) diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index b81c51728d..fd77601886 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -486,6 +486,7 @@ <choice> <value>sev</value> <value>s390-pv</value> + <value>tdx</value> </choice> </attribute> <interleave> @@ -519,6 +520,21 @@ <data type="string"/> </element> </optional> + <optional> + <element name="mrconfigid"> + <data type="string"/> + </element> + </optional> + <optional> + <element name="mrowner"> + <data type="string"/> + </element> + </optional> + <optional> + <element name="mrownerconfig"> + <data type="string"/> + </element> + </optional> </interleave> </element> </define> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 92ab22d3fd..9510aa7b1f 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1402,6 +1402,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, "", "sev", "s390-pv", + "tdx", ); static virClass *virDomainObjClass; @@ -3502,6 +3503,10 @@ virDomainSecDefFree(virDomainSecDef *def) g_free(def->data.sev.dh_cert); g_free(def->data.sev.session); break; + case VIR_DOMAIN_LAUNCH_SECURITY_TDX: + g_free(def->data.tdx.mrconfigid); + g_free(def->data.tdx.mrowner); + g_free(def->data.tdx.mrownerconfig); case VIR_DOMAIN_LAUNCH_SECURITY_PV: case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -14773,6 +14778,29 @@ virDomainSEVDefParseXML(virDomainSEVDef *def, } +static int +virDomainTDXDefParseXML(virDomainTDXDef *def, + xmlXPathContextPtr ctxt) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt) + unsigned long policy; + + if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("failed to get launch security policy for " + "launch security type TDX")); + return -1; + } + + def->policy = policy; + def->mrconfigid = virXPathString("string(./mrconfigid)", ctxt); + def->mrowner = virXPathString("string(./mrowner)", ctxt); + def->mrownerconfig = virXPathString("string(./mrownerconfig)", ctxt); + + return 0; +} + + static virDomainSecDef * virDomainSecDefParseXML(xmlNodePtr lsecNode, xmlXPathContextPtr ctxt) @@ -14792,6 +14820,10 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, if (virDomainSEVDefParseXML(&sec->data.sev, lsecNode, ctxt) < 0) return NULL; break; + case VIR_DOMAIN_LAUNCH_SECURITY_TDX: + if (virDomainTDXDefParseXML(&sec->data.tdx, ctxt) < 0) + return NULL; + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: if ((n = virXPathNodeSet("./*", ctxt, NULL)) < 0) return NULL; @@ -26932,6 +26964,21 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec) break; } + case VIR_DOMAIN_LAUNCH_SECURITY_TDX: { + virDomainTDXDef *tdx = &sec->data.tdx; + + virBufferAsprintf(&childBuf, "<policy>0x%04x</policy>\n", tdx->policy); + + if (tdx->mrconfigid) + virBufferEscapeString(&childBuf, "<mrconfigid>%s</mrconfigid>\n", tdx->mrconfigid); + if (tdx->mrowner) + virBufferEscapeString(&childBuf, "<mrowner>%s</mrowner>\n", tdx->mrowner); + if (tdx->mrownerconfig) + virBufferEscapeString(&childBuf, "<mrownerconfig>%s</mrownerconfig>\n", tdx->mrownerconfig); + + break; + } + case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 5c22f252d0..b29045d0c4 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2646,6 +2646,7 @@ typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, VIR_DOMAIN_LAUNCH_SECURITY_PV, + VIR_DOMAIN_LAUNCH_SECURITY_TDX, VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2661,10 +2662,18 @@ struct _virDomainSEVDef { unsigned int reduced_phys_bits; }; +struct _virDomainTDXDef { + unsigned int policy; + char *mrconfigid; + char *mrowner; + char *mrownerconfig; +}; + struct _virDomainSecDef { virDomainLaunchSecurity sectype; union { virDomainSEVDef sev; + virDomainTDXDef tdx; } data; }; diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 21420ba8ea..e920f9a945 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -202,6 +202,8 @@ typedef struct _virDomainResourceDef virDomainResourceDef; typedef struct _virDomainSEVDef virDomainSEVDef; +typedef struct _virDomainTDXDef virDomainTDXDef; + typedef struct _virDomainSecDef virDomainSecDef; typedef struct _virDomainShmemDef virDomainShmemDef; -- 2.25.1