[PATCH v4 10/23] conf: Expose TDX type in domain launch security capability

Thursday, 10 July 2025

As the tdx launch security type support is added, expose it in domain
capabilities so that domain definition validation check can take
effect.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt;
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com&gt;
---
 src/qemu/qemu_capabilities.c                             | 2 ++
 tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml          | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml          | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml     | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0.x86_64.xml              | 6 +++++-
 7 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index f4f77a491c..d2b59ba1f4 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6776,6 +6776,8 @@ virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps,
     if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) &&
         virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT))
         VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype,
VIR_DOMAIN_LAUNCH_SECURITY_PV);
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype,
VIR_DOMAIN_LAUNCH_SECURITY_TDX);
 
     if (launchSecurity->sectype.values == 0) {
         launchSecurity->supported = VIR_TRISTATE_BOOL_NO;
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
index 61aa1aafd0..fafa28ecbe 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
@@ -774,6 +774,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
index d85073300d..4ea6cf920a 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
@@ -1718,6 +1718,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
index 1d2795c4df..eba8023fc8 100644
--- a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
@@ -1821,6 +1821,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml
index 509f4aefe3..fd4ea39d42 100644
--- a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml
@@ -1822,6 +1822,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
index 6048a66b87..9ea7d779b5 100644
--- a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
@@ -774,6 +774,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64.xml
b/tests/domaincapsdata/qemu_10.1.0.x86_64.xml
index 3d69ed3af1..a46ab68b48 100644
--- a/tests/domaincapsdata/qemu_10.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0.x86_64.xml
@@ -1718,6 +1718,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
-- 
2.47.1

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH v4 10/23] conf: Expose TDX type in domain launch security capability