Re: [PATCH rfcv3 06/11] qemu: force special parameters enabled for TDX guest
On Mon, Nov 27, 2023 at 04:55:16PM +0800, Zhenzhong Duan wrote:
TDX guest requires some special parameters to boot, They are:
"-machine pc-q35-*"
"kernel_irqchip=split"
Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com>
---
src/qemu/qemu_validate.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 5a9173e8ff..c4f386fe99 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1329,6 +1329,16 @@ qemuValidateDomainDef(const virDomainDef *def,
_("INTEL TDX launch security is not supported with
this QEMU binary"));
return -1;
}
+ if (!qemuDomainIsQ35(def)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Intel TDX is supported with q35 machine types
only"));
+ return -1;
+ }
Ideally QMP 'MachineInfo' struct would report whether TDX is supported
so we don't need to hardcode that.
+ if (def->features[VIR_DOMAIN_FEATURE_IOAPIC] !=
VIR_DOMAIN_IOAPIC_QEMU) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("INTEL TDX launch security needs split kernel
irqchip"));
s/INTEL/Intel/
Ideally QEMU would automatically use the correct ioapic impl when no
args are given to QEMU. That would let us do
if (def->features[VIR_DOMAIN_FEATURE_IOAPIC] == VIR_DOMAIN_IOAPIC_KVM) {
thus allowing IOAPIC_NONE (ie QEMU's default) or IOAPIC_QEMU (explicitly
requested config). This will make TDX guest "just work" in more scenarios.
+ return -1;
+ }
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
--
2.34.1
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|