[PATCH rfcv4 13/13] docs: domain: Add documentation for Intel TDX guest

Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; --- docs/formatdomain.rst | 68 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 83c1405c17..5ee9f3a426 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8851,6 +8851,74 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf>`__ session blob defined in the SEV API spec. See SEV spec LAUNCH_START section for the session blob format. + +The contents of the ``<launchSecurity type='tdx'>`` element is used to provide +the guest owners input used for creating an encrypted VM using the Intel TDX +(Trusted Domain eXtensions). Intel TDX refers to an Intel technology that +extends Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption +(MKTME) with a new kind of virtual machine guest called a Trust Domain (TD). +A TD runs in a CPU mode that is designed to protect the confidentiality of its +memory contents and its CPU state from any other software, including the hosting +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. + +:: + + <domain> + ... + <launchSecurity type='tdx'> + <policy>0x10000001</policy> + <mrConfigId>xxx</mrConfigId> + <mrOwner>xxx</mrOwner> + <mrOwnerConfig>xxx</mrOwnerConfig> + <quoteGenerationService> + <SocketAddress type='vsock' cid='xxx' port='xxx'/> + </quoteGenerationService> + ... + </domain> + +``policy`` + The required ``policy`` element provides the guest TD attributes which is + passed by the host VMM as a guest TD initialization parameter as part of + TD_PARAMS, it exactly matches the definition of TD_PARAMS.ATTRIBUTES in + (Intel TDX Module Spec Table 22.2: ATTRIBUTES Definition). It is reported + to the guest TD by TDG.VP.INFO and as part of TDREPORT_STRUCT returned by + TDG.MR.REPORT. The guest policy is a 8 unsigned byte with the fields shown + in Table: + + ====== ==================================================================================== + Bit(s) Description + ====== ==================================================================================== + 0 Guest TD runs in off-TD debug mode when set + 1:27 reserved + 28 Disable EPT violation conversion to #VE on guest TD access of PENDING pages when set + 29:63 reserved + ====== ==================================================================================== + +``mrConfigId`` + The optional ``mrConfigId`` element provides ID for non-owner-defined + configuration of the guest TD, e.g., run-time or OS configuration + (base64 encoded SHA384 digest). + +``@mrowner`` + The optional ``@mrowner`` element provides ID for the guest TD’s owner + (base64 encoded SHA384 digest). + +``mrownerconfig`` + The optional ``mrownerconfig`` element provides ID for owner-defined + configuration of the guest TD, e.g., specific to the workload rather than + the run-time or OS (base64 encoded SHA384 digest). + +``quoteGenerationService`` + The optional ``quoteGenerationService`` subelement provides Quote + Generation Service(QGS) related configuration. QGS is a daemon running + on the host. User in TD guest cannot get TD quoting for attestation if + QGS is not provided. Currently only one subelement ``SocketAddress``. + + ``SocketAddress`` + The required ``SocketAddress`` element provides socket address for QGS. + Different properties of ``SocketAddress`` are supported depending on + value of ``type`` property which can be "inet", "unix", "vsock" and "fd". + Example configs =============== -- 2.34.1