On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote:
TDX guest need a specific firmware TDVF to bootup, add a new element in TrustDomain element for that purpose, like below:
<TrustDomain type='tdx'> <policy>0x0001</policy> <loader>/path/to/TDVF-binary</loader> </TrustDomain>
Looking into QEMU patches and if I understand it correctly this loader is supposed to be used instead of UEFI or BIOS? If that's true I don't think it should be here as we already have XML bits to specify VM loader. We could use something like this: <os> <loader type='generic'>/path/to/TDVF-binary</loader> </os> Currently supported types are: - `rom` which is translated to -bios /path/to/bios.bin - `pflash` which is translated to -drive file=/path/to/uefi.fd,if=pflash,format=raw,... And we could add a new type called 'generic', 'device', 'binary' or something else which would be translated to: -device loader,file=/path/to/TDVF-binary,... Pavel
Qemu command line looks like:
$QEMU ... \ -device loader,file= /path/to/TDVF-binary,id=fd0
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c | 6 ++++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 4 ++++ tests/genericxml2xmlindata/trust-domain-tdx.xml | 1 + tests/qemuxml2argvdata/trust-domain-tdx.xml | 1 + 6 files changed, 16 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 2b39a01e84..b439012648 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -530,6 +530,9 @@ <element name="policy"> <ref name="hexuint"/> </element> + <element name="loader"> + <data type="string"/> + </element> </interleave> </element> </define> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index a51db088c1..0513d6d016 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3515,6 +3515,7 @@ virDomainTDXDefFree(virDomainTDXDef *def) if (!def) return;
+ g_free(def->loader); g_free(def); }
@@ -14849,6 +14850,7 @@ virDomainTDXDefParseXML(xmlNodePtr tdxNode, }
def->policy = policy; + def->loader = virXPathString("string(./loader)", ctxt);
return def;
@@ -26950,6 +26952,10 @@ virDomainTDXDefFormat(virBuffer *buf, virDomainTDXDef *tdx) virBufferAsprintf(buf, "<TrustDomain type='tdx'>\n"); virBufferAdjustIndent(buf, 2); virBufferAsprintf(buf, "<policy>0x%04x</policy>\n", tdx->policy); + + if (tdx->loader) + virBufferEscapeString(buf, "<loader>%s</loader>\n", tdx->loader); + virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "</TrustDomain>\n"); } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 7cb5061c8c..cabfc80b4b 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2671,6 +2671,7 @@ typedef enum { struct _virDomainTDXDef { int sectype; /* enum virDomainTrustDomain */ unsigned int policy; /* bit 0 set hint debug enabled, other bit reserved */ + char *loader; /* patch for TDX TDVF firmware */ };
typedef enum { diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 1e14c95a49..891d795b02 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9885,6 +9885,10 @@ qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
virCommandAddArg(cmd, "-object"); virCommandAddArgBuffer(cmd, &buf); + + virCommandAddArg(cmd, "-device"); + virCommandAddArgFormat(cmd, "loader,id=fd0,file=%s", tdx->loader); + return 0; }
diff --git a/tests/genericxml2xmlindata/trust-domain-tdx.xml b/tests/genericxml2xmlindata/trust-domain-tdx.xml index 7a56cf0e92..7422f0c06f 100644 --- a/tests/genericxml2xmlindata/trust-domain-tdx.xml +++ b/tests/genericxml2xmlindata/trust-domain-tdx.xml @@ -16,6 +16,7 @@ </devices> <TrustDomain type='tdx'> <policy>0x0001</policy> + <loader>/path/to/TDVF-binary</loader> </TrustDomain> </domain>
diff --git a/tests/qemuxml2argvdata/trust-domain-tdx.xml b/tests/qemuxml2argvdata/trust-domain-tdx.xml index e0f0b77866..1d8ad45c4c 100644 --- a/tests/qemuxml2argvdata/trust-domain-tdx.xml +++ b/tests/qemuxml2argvdata/trust-domain-tdx.xml @@ -32,5 +32,6 @@ </devices> <TrustDomain type='tdx'> <policy>0x0001</policy> + <loader>/path/to/TDVF-binary</loader> </TrustDomain> </domain> -- 2.25.1