On Mon, Jun 21, 2021 at 02:14:32 +0000, Duan, Zhenzhong wrote:
-----Original Message----- From: Peter Krempa <pkrempa@redhat.com> Sent: Friday, June 18, 2021 7:07 PM To: Duan, Zhenzhong <zhenzhong.duan@intel.com> Cc: libvir-list@redhat.com; Yamahata, Isaku <isaku.yamahata@intel.com>; Tian, Jun J <jun.j.tian@intel.com>; Qiang, Chenyi <chenyi.qiang@intel.com> Subject: Re: [RFC PATCH 0/7] LIBVIRT: X86: TDX support
On Fri, Jun 18, 2021 at 16:50:45 +0800, Zhenzhong Duan wrote:
* What's TDX? TDX stands for Trust Domain Extensions which isolates VMs from the virtual-machine manager (VMM)/hypervisor and any other software on the platform.
To support TDX, multiple software components, not only KVM but also QEMU, guest Linux and virtual bios, need to be updated. For more details, please check link[1], there are TDX spec links and public repository link at github for each software component.
This patchset is another software component to extend libvirt to support TDX, with which one can start a VM from high level rather than running qemu directly.
* The goal of this RFC patch The purpose of this post is to get feedback early on high level design issue of libvirt enhancement for TDX. Referenced much on AMD SEV implemention at link[2].
* Patch organization
- patch 1-2: Support query of TDX capabilities. - patch 3-6: Add a new xml element 'TrustDomain' for TDX support. - patch 7: Sure kvmSupportsSecureGuest cache updated.
Using these patches we have succesfully booted and tested a guest both with and without TDX enabled.
[1] https://lkml.org/lkml/2020/11/16/1106 [2] https://github.com/codomania/libvirt/commits/v9
Could you please also point to the relevant qemu patches?
The first commit mentions 'query-tdx-capabilities' which is not in qemu upstream yet. Hi Peter,
Sorry, seems qemu patches link is missed in [1]. List all links below for your reference.
kvm TDX branch: https://github.com/intel/tdx/tree/kvm TDX guest branch: https://github.com/intel/tdx/tree/guest TDVF branch: https://github.com/tianocore/edk2-staging/tree/TDVF qemu TDX branch: https://github.com/intel/qemu-tdx/tree/tdx
In my quick search I didn't find any reference to those patches on the qemu-devel mailing list. Please note that libvirt accepts only features which are supported by the upstream releases [1] of the hypervisor in question. Thus if the qemu part indeed wasn't yet posted for review to qemu-devel you should do so if you want this series to be accepted in libvirt. [1] Pushed upstream waiting for the next release is okay.