Re: [PATCH rfcv4 05/13] conf: add tdx as launch security type

>-----Original Message----- >From: Daniel P. Berrangé <berrange(a)redhat.com&gt; >Subject: Re: [PATCH rfcv4 05/13] conf: add tdx as launch security type > >On Fri, May 24, 2024 at 02:21:20PM +0800, Zhenzhong Duan wrote: >> When 'tdx' is used, the VM will launched with Intel TDX feature enabled. >> TDX feature supports running encrypted VM (Trust Domain, TD) under the >> control of KVM. A TD runs in a CPU model which protects the >> confidentiality of its memory and its CPU state from other software >> >> There is a child element 'policy' and three optional element for tdx type. >> In 'policy', bit 0 is set to enable TDX debug, bit 28 set to enable >> sept-ve-disable, other bits are reserved currently. mrConfigId, mrOwner >> and mrOwnerConfig are base64 encoded SHA384 digest. >> >> For example: >> >> <launchSecurity type='tdx'> >> <policy>0x10000001</policy> >> <mrConfigId>xxx</mrConfigId> >> <mrOwner>xxx</mrOwner> >> <mrOwnerConfig>xxx</mrOwnerConfig> >> </launchSecurity> >> >> Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; >> --- >> src/conf/domain_conf.c | 42 +++++++++++++++++++++++++++++++ >> src/conf/domain_conf.h | 9 +++++++ >> src/conf/schemas/domaincommon.rng | 29 +++++++++++++++++++++ >> src/conf/virconftypes.h | 2 ++ >> src/qemu/qemu_command.c | 2 ++ >> src/qemu/qemu_firmware.c | 1 + >> src/qemu/qemu_namespace.c | 1 + >> src/qemu/qemu_process.c | 1 + >> src/qemu/qemu_validate.c | 1 + >> 9 files changed, 88 insertions(+) >> >> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c >> index a0912062ff..c557da0c65 100644 >> --- a/src/conf/domain_conf.c >> +++ b/src/conf/domain_conf.c > > >> @@ -13649,6 +13654,24 @@ virDomainSEVDefParseXML(virDomainSEVDef >*def, >> } >> >> >> +static int >> +virDomainTDXDefParseXML(virDomainTDXDef *def, >> + xmlXPathContextPtr ctxt) >> +{ >> + if (virXPathULongLongBase("string(./policy)", ctxt, 16, &def->policy) < 0) { >> + virReportError(VIR_ERR_XML_ERROR, "%s", >> + _("failed to get launch security policy for launch security type >TDX")); >> + return -1; >> + } > >This makes the 'policy' attribute mandatory, but QEMU is quite happy >with it being unset, so we should not require this in libvirt either. Yes, but I am trying to align with SEV which has same issue. So aligning with SEV vs. making TDX's 'policy' optional, you prefer the 2nd? Pls confirm.