On Fri, Jun 18, 2021 at 16:50:45 +0800, Zhenzhong Duan wrote:
* What's TDX? TDX stands for Trust Domain Extensions which isolates VMs from the virtual-machine manager (VMM)/hypervisor and any other software on the platform.
To support TDX, multiple software components, not only KVM but also QEMU, guest Linux and virtual bios, need to be updated. For more details, please check link[1], there are TDX spec links and public repository link at github for each software component.
This patchset is another software component to extend libvirt to support TDX, with which one can start a VM from high level rather than running qemu directly.
* The goal of this RFC patch The purpose of this post is to get feedback early on high level design issue of libvirt enhancement for TDX. Referenced much on AMD SEV implemention at link[2].
* Patch organization
- patch 1-2: Support query of TDX capabilities. - patch 3-6: Add a new xml element 'TrustDomain' for TDX support. - patch 7: Sure kvmSupportsSecureGuest cache updated.
Using these patches we have succesfully booted and tested a guest both with and without TDX enabled.
[1] https://lkml.org/lkml/2020/11/16/1106 [2] https://github.com/codomania/libvirt/commits/v9
Could you please also point to the relevant qemu patches? The first commit mentions 'query-tdx-capabilities' which is not in qemu upstream yet.