RE: [RFC PATCH 0/7] LIBVIRT: X86: TDX support

-----Original Message----- From: Peter Krempa <pkrempa(a)redhat.com&gt; Sent: Friday, June 18, 2021 7:07 PM To: Duan, Zhenzhong <zhenzhong.duan(a)intel.com&gt; Cc: libvir-list(a)redhat.com; Yamahata, Isaku <isaku.yamahata(a)intel.com>; Tian, Jun J <jun.j.tian(a)intel.com>; Qiang, Chenyi <chenyi.qiang(a)intel.com&gt; Subject: Re: [RFC PATCH 0/7] LIBVIRT: X86: TDX support On Fri, Jun 18, 2021 at 16:50:45 +0800, Zhenzhong Duan wrote: > * What's TDX? > TDX stands for Trust Domain Extensions which isolates VMs from the > virtual-machine manager (VMM)/hypervisor and any other software on the > platform. > > To support TDX, multiple software components, not only KVM but also > QEMU, guest Linux and virtual bios, need to be updated. For more > details, please check link[1], there are TDX spec links and public > repository link at github for each software component. > > This patchset is another software component to extend libvirt to > support TDX, with which one can start a VM from high level rather than running qemu directly. > > > * The goal of this RFC patch > The purpose of this post is to get feedback early on high level design > issue of libvirt enhancement for TDX. Referenced much on AMD SEV implemention at link[2]. > > > * Patch organization > > - patch 1-2: Support query of TDX capabilities. > - patch 3-6: Add a new xml element 'TrustDomain' for TDX support. > - patch 7: Sure kvmSupportsSecureGuest cache updated. > > Using these patches we have succesfully booted and tested a guest both > with and without TDX enabled. > > > [1] https://lkml.org/lkml/2020/11/16/1106 > [2] https://github.com/codomania/libvirt/commits/v9 Could you please also point to the relevant qemu patches? The first commit mentions 'query-tdx-capabilities' which is not in qemu upstream yet.