On Thu, Jul 10, 2025 at 03:21:16AM -0400, Zhenzhong Duan wrote:
Add element "quoteGenerationService" to tdx launch security type. It contains only an optional unix socket address attribute, when omitted, libvirt will use default QGS server address "/var/run/tdx-qgs/qgs.socket".
UNIX sockets offer the required functionality with greater security than vsock, so libvirt only provides support for unix socket.
XML example:
<launchSecurity type='tdx'> <policy>0x10000001</policy> <mrConfigId>xxx</mrConfigId> <mrOwner>xxx</mrOwner> <mrOwnerConfig>xxx</mrOwnerConfig> <quoteGenerationService path='/var/run/tdx-qgs/qgs.socket'/> </launchSecurity>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- src/conf/domain_conf.c | 35 ++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 2 ++ src/conf/schemas/domaincommon.rng | 9 ++++++++ 3 files changed, 45 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|