RE: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation Service(QGS) support
-----Original Message-----
From: Daniel P. Berrangé <berrange(a)redhat.com>
Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation
Service(QGS) support
On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote:
> Add element "quoteGenerationSocket" to tdx launch security type.
> It contains only an optional unix socket address attribute,
> when omitted, libvirt will use default QGS server address
> "/var/run/tdx-qgs/qgs.socket".
>
> UNIX sockets offer the required functionality with greater
> security than vsock, so libvirt only provides support for unix
> socket.
>
> XML example:
>
> <launchSecurity type='tdx'>
> <policy>0x0</policy>
> <mrConfigId>xxx</mrConfigId>
> <mrOwner>xxx</mrOwner>
> <mrOwnerConfig>xxx</mrOwnerConfig>
> <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>
Minor nitpick - lets call the element 'quoteGenerationService'
still.
QAPI exposes quote-generation-socket, do we really want a different name?
# @quote-generation-socket: socket address for Quote Generation
# Service (QGS). QGS is a daemon running on the host. Without
# it, the guest will not be able to get a TD quote for
# attestation.
Thanks
Zhenzhong