[RFC PATCH v2 5/8] qemu: Add command line and validation for TDX type

Thursday, 15 July 2021

QEMU will provides 'tdx-guest' object which is used to launch encrypted
VMs on Intel platform using TDX feature. A typical TDX guest launch
command line looks like:

$QEMU ... \
  -object tdx-guest,id=tdx0,debug=on \
  -machine q35,confidential-guest-support=tdx0,kvm-type=tdx

Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt;
---
 src/qemu/qemu_command.c   | 33 +++++++++++++++++++++++++++++++++
 src/qemu/qemu_firmware.c  |  1 +
 src/qemu/qemu_namespace.c |  1 +
 src/qemu/qemu_process.c   |  1 +
 src/qemu/qemu_validate.c  | 10 ++++++++++
 5 files changed, 46 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index db78deb122..2bc8173d58 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6979,6 +6979,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
             virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
             break;
+        case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+            virBufferAddLit(&buf,
",confidential-guest-support=lsec0,kvm-type=tdx");
+            break;
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -9897,6 +9900,33 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
 }
 
 
+static int
+qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
+                        virDomainTDXDef *tdx)
+{
+    g_autoptr(virJSONValue) props = NULL;
+    g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+    qemuDomainObjPrivate *priv = vm->privateData;
+
+    VIR_DEBUG("policy=0x%x", tdx->policy);
+
+    if (qemuMonitorCreateObjectProps(&props, "tdx-guest",
"lsec0",
+                                     "B:debug", !!(tdx->policy & 1),
+                                     "S:mrconfigid", tdx->mrconfigid,
+                                     "S:mrowner", tdx->mrowner,
+                                     "S:mrownerconfig", tdx->mrownerconfig,
+                                     NULL) < 0)
+        return -1;
+
+    if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
+        return -1;
+
+    virCommandAddArg(cmd, "-object");
+    virCommandAddArgBuffer(cmd, &buf);
+    return 0;
+}
+
+
 static int
 qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
                         virDomainSecDef *sec)
@@ -9911,6 +9941,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
         return qemuBuildPVCommandLine(vm, cmd);
         break;
+    case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+        return qemuBuildTDXCommandLine(vm, cmd, &sec->data.tdx);
+        break;
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 77c452746f..e144b36f94 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1070,6 +1070,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
             }
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+        case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 42865a6497..e902f0eecc 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -608,6 +608,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
         VIR_DEBUG("Set up launch security for SEV");
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+    case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f2a523e4f7..b5324c85a1 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6706,6 +6706,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
         return qemuProcessPrepareSEVGuestInput(vm);
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+    case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 7482bedee6..309d48e62f 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1234,6 +1234,16 @@ qemuValidateDomainDef(const virDomainDef *def,
                 return -1;
             }
             break;
+         case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT)
||
+                !virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST) ||
+                !virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps)) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("INTEL TDX launch security is not supported with
"
+                                 "this QEMU binary"));
+                return -1;
+            }
+            break;
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[RFC PATCH v2 5/8] qemu: Add command line and validation for TDX type