
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Friday, June 18, 2021 8:34 PM To: Duan, Zhenzhong <zhenzhong.duan@intel.com> Cc: libvir-list@redhat.com; Yamahata, Isaku <isaku.yamahata@intel.com>; Tian, Jun J <jun.j.tian@intel.com>; Qiang, Chenyi <chenyi.qiang@intel.com> Subject: Re: [RFC PATCH 5/7] qemu: add support to TDVF firmware loader
On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote:
TDX guest need a specific firmware TDVF to bootup, add a new element in TrustDomain element for that purpose, like below:
<TrustDomain type='tdx'> <policy>0x0001</policy> <loader>/path/to/TDVF-binary</loader> </TrustDomain>
Looking into QEMU patches and if I understand it correctly this loader is supposed to be used instead of UEFI or BIOS? Yes.
If that's true I don't think it should be here as we already have XML bits to specify VM loader.
We could use something like this:
<os> <loader type='generic'>/path/to/TDVF-binary</loader> </os>
Currently supported types are:
- `rom` which is translated to
-bios /path/to/bios.bin
- `pflash` which is translated to
-drive file=/path/to/uefi.fd,if=pflash,format=raw,...
And we could add a new type called 'generic', 'device', 'binary' or something else which would be translated to:
-device loader,file=/path/to/TDVF-binary,...
Thanks for your suggestion, the main reason is I see only TDX guest using firmware in such a special way, So I move <loader> in TDX specific element <TrustDomain>. I'll change to <os>.<loader> if you think it's better. Thanks Zhenzhong