-----Original Message----- From: Peter Krempa <pkrempa@redhat.com> Subject: Re: [PATCH v1 00/18] LIBVIRT: X86: TDX support
On Thu, Apr 03, 2025 at 18:28:23 +0800, Zhenzhong Duan wrote:
[...]
Zhenzhong Duan (18): tools: Secure guest check for Intel in virt-host-validate qemu: Check if INTEL Trust Domain Extention support is enabled qemu: Add TDX capability conf: Expose TDX feature in domain capabilities conf: Add tdx as launch security type conf: Validate TDX launchSecurity element mrConfigId/mrOwner/mrOwnerConfig qemu: Add command line and validation for TDX type conf: Expose TDX type in domain launch security capability qemu: Force special parameters enabled for TDX guest conf: Add Intel TDX Quote Generation Service(QGS) support qemu: Add command line for TDX Quote Generation Service(QGS)
[1]
qemu: Add FakeReboot support for TDX guest qemu: Support reboot command in guest qemu: Avoid duplicate FakeReboot for secure guest qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot qemu: Support domain reset command for TDX guest docs: domain: Add documentation for Intel TDX guest
docs/formatdomain.rst | 63 ++++++++++++++++++ docs/formatdomaincaps.rst | 1 + examples/c/misc/event-test.c | 6 ++ include/libvirt/libvirt-domain.h | 2 + src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + src/conf/domain_conf.c | 82 +++++++++++++++++++++++ src/conf/domain_conf.h | 21 ++++++ src/conf/domain_validate.c | 11 ++++ src/conf/schemas/domaincaps.rng | 9 +++ src/conf/schemas/domaincommon.rng | 41 ++++++++++++ src/conf/virconftypes.h | 2 + src/qemu/qemu_capabilities.c | 38 ++++++++++- src/qemu/qemu_capabilities.h | 1 +
I'm seeing a capability being added but it's not detected anywhere.
src/qemu/qemu_cgroup.c | 1 + src/qemu/qemu_command.c | 54 +++++++++++++++ src/qemu/qemu_driver.c | 7 ++ src/qemu/qemu_firmware.c | 1 + src/qemu/qemu_monitor.c | 28 +++++++- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 6 +- src/qemu/qemu_namespace.c | 1 + src/qemu/qemu_process.c | 105 ++++++++++++++++++++++++++++-- src/qemu/qemu_process.h | 2 + src/qemu/qemu_validate.c | 45 +++++++++++++ src/security/security_dac.c | 2 + tools/virsh-domain-event.c | 6 +- tools/virt-host-validate-common.c | 31 ++++++++- tools/virt-host-validate-common.h | 1 + 29 files changed, 558 insertions(+), 13 deletions(-)
Also there are no qemuxmlconftest cases to be seen, while there are commandline changes [1].
IIUC the qemu patches are not merged yet, but
See commits 0e58c04fc98c93482ce63589bf2b3042e7b5dd6c and 17945b8ec979fcc93232d55d3111cfc363e3cacc
on how to add a variant of capability test data and how the caps dump looks. See also tests/qemucapabilitiesdata/README.rst
You then can add qemuxmlconftest test cases based on the capability data:
8a852c3a909f0d11a61e1e3cd3bae89937e3a07c
Note that if you create the capability dump based on a in-development qemu version (which is acceptable after the patches are merged upstream) you will be expected to update the capability dump on the same hardware once the qemu version becomes released:
b0527a8f8e00f30911b6ffc5ac93d9d9bba6bff0
Thanks for your guidance, I have added test in v2 candidate, see https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_v2.wip But I'd like to collect more comments before send v2. Thanks Zhenzhong