RE: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation Service(QGS) support

-----Original Message----- From: Daniel P. Berrangé <berrange(a)redhat.com&gt; Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation Service(QGS) support On Wed, Jul 09, 2025 at 02:52:05AM +0000, Duan, Zhenzhong wrote: > > > >-----Original Message----- > >From: Daniel P. Berrangé <berrange(a)redhat.com&gt; > >Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation > >Service(QGS) support > > > >On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote: > >> Add element "quoteGenerationSocket" to tdx launch security type. > >> It contains only an optional unix socket address attribute, > >> when omitted, libvirt will use default QGS server address > >> "/var/run/tdx-qgs/qgs.socket". > >> > >> UNIX sockets offer the required functionality with greater > >> security than vsock, so libvirt only provides support for unix > >> socket. > >> > >> XML example: > >> > >> <launchSecurity type='tdx'> > >> <policy>0x0</policy> > >> <mrConfigId>xxx</mrConfigId> > >> <mrOwner>xxx</mrOwner> > >> <mrOwnerConfig>xxx</mrOwnerConfig> > >> <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/> > > > >Minor nitpick - lets call the element 'quoteGenerationService' > >still. > > QAPI exposes quote-generation-socket, do we really want a different name? Matching QAPI naming is a non-goal. The 'quote-generation-socket' property at the QAPI level actually maps to the 'path' attribute in the XML. The existence of the XML element, without any path set, indicates a request to enable use of QGS, and that makes more sense with a name 'quoteGenerationService' as there's no socket being specified in that case.