-----Original Message----- From: Daniel P. Berrangé <berrange@redhat.com> Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation Service(QGS) support
On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote:
Add element "quoteGenerationSocket" to tdx launch security type. It contains only an optional unix socket address attribute, when omitted, libvirt will use default QGS server address "/var/run/tdx-qgs/qgs.socket".
UNIX sockets offer the required functionality with greater security than vsock, so libvirt only provides support for unix socket.
XML example:
<launchSecurity type='tdx'> <policy>0x0</policy> <mrConfigId>xxx</mrConfigId> <mrOwner>xxx</mrOwner> <mrOwnerConfig>xxx</mrOwnerConfig> <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>
Minor nitpick - lets call the element 'quoteGenerationService' still.
QAPI exposes quote-generation-socket, do we really want a different name? # @quote-generation-socket: socket address for Quote Generation # Service (QGS). QGS is a daemon running on the host. Without # it, the guest will not be able to get a TD quote for # attestation. Thanks Zhenzhong