-----Original Message----- From: Daniel P. Berrangé <berrange@redhat.com> Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data
On Fri, Jul 04, 2025 at 03:10:11AM +0000, Duan, Zhenzhong wrote:
-----Original Message----- From: Daniel P. Berrangé <berrange@redhat.com> Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data
On Mon, Jun 30, 2025 at 02:17:31PM +0800, Zhenzhong Duan wrote:
We now have the '+inteltdx' variant dumped from a modern qemu with
tdx
support,
add qemuxmlconftest data for that variant.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++++++++++ ...ch-security-tdx.x86_64-latest+inteltdx.xml | 74 +++++++++++++++++++ tests/qemuxmlconfdata/launch-security-tdx.xml | 27 +++++++ tests/qemuxmlconftest.c | 3 + 4 files changed, 148 insertions(+) create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml
diff --git a/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml new file mode 100644 index 0000000000..77fada7408 --- /dev/null +++ b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml @@ -0,0 +1,74 @@ +<domain type='qemu'>
+ <launchSecurity type='tdx'> + <policy>0x1</policy> + <mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vnia vN 7wEjRWeJq83v</mrConfigId> + <mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vniav N7 wEjRWeJq83v</mrOwner> + <mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0 Vni avN7wEjRWeJq83v</mrOwnerConfig> + </launchSecurity>
Can you extend this to include the QGS config too.
Got it, have done it internally, look forward to more comments.
Also, IIUC, policy 0x1 is not valid - can you make it use 0x10000000 which seems to be valid with KVM.
Sure. Thanks Zhenzhong