RE: [RFC PATCH 3/7] conf: introduce TrustDomain element in domain

-----Original Message----- From: Pavel Hrdina <phrdina(a)redhat.com&gt; Sent: Friday, June 18, 2021 8:09 PM To: Duan, Zhenzhong <zhenzhong.duan(a)intel.com&gt; Cc: libvir-list(a)redhat.com; Yamahata, Isaku <isaku.yamahata(a)intel.com>; Tian, Jun J <jun.j.tian(a)intel.com>; Qiang, Chenyi <chenyi.qiang(a)intel.com&gt; Subject: Re: [RFC PATCH 3/7] conf: introduce TrustDomain element in domain On Fri, Jun 18, 2021 at 04:50:48PM +0800, Zhenzhong Duan wrote: > The TrustDomain element can be used to define the security model to > use when launching a domain. Only type 'tdx' is supported currently. > > When 'tdx' is used, the VM will launched with Intel TDX feature enabled. > TDX feature supports running encrypted VM (Trust Domain, TD) under the > control of KVM. A TD runs in a CPU model which protects the > confidentiality of its memory and its CPU state from other software > > There is a child element 'policy' in TrustDomain. In 'policy', bit 0 > is used to enable TDX debug, other bits are reserved currently. > > For example: > > <TrustDomain type='tdx'> > <policy>0x0001</policy> > </TrustDomain> Any reason why you are adding a new element that basically copies exactly what <launchSecurity> is doing? In libvirt it will essentially use `confidential-guest-support` which is used for launchSecurity so there is no need to duplicate the code and the XML element. It could look like this: <launchSecurity type='tdx'> <policy>0x0001</policy> </launchSecurity> We would have to reorganize the <launchSecurity> documentation a little bit but otherwise there is nothing blocking us to have single element to specify different type of encrypted/confidential/secure/... VMs.

We already have patches for similar feature for s390 which will also reuse this element and in the future any other CPU architecture can reuse it.