-----Original Message----- From: Daniel P. Berrangé <berrange@redhat.com> Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support
On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote:
Hi,
This series brings libvirt the x86 TDX support.
* What's TDX? TDX stands for Trust Domain Extensions which isolates VMs from the virtual-machine manager (VMM)/hypervisor and any other software on the platform.
This patchset extends libvirt to support TDX, with which one can start a TDX guest from high level rather than running qemu directly.
* Misc As QEMU use a software emulated way to reset guest which isn't supported by TDX guest for security reason. We simulate reboot for TDX guest by kill and create a new one in FakeReboot framework.
Complete code can be found at [1].
* Test Tested with upstream qemu v10.0.0-1724-gf9a3def17b shutdown/reboot/reset with virsh shutdown/reboot trigger in guest shutdown with on_poweroff=destroy/restart reboot with on_reboot=destroy/restart GUEST_PANICKED event processing auto firmware matching
For the whole series
Tested-by: Daniel P. Berrangé <berrange@redhat.com>
I've created a VM using
virt-install \ --graphics none \ --import \ --file /var/lib/libvirt/images/f42tdxalt.qcow2 \ --memory 4096 \ --launchSecurity=tdx,quoteGenerationService=on \ --boot uefi \ --machine q35 \ --osinfo fedora41
relying on this
https://github.com/virt-manager/virt-manager/pull/948
and acquired attestation report with SGX 2.26, QEMU current git master, and upstream LKML (with the patch to enable to build with kexec)
Thanks Daniel. BRs, Zhenzhong