RE: [PATCH v1 00/18] LIBVIRT: X86: TDX support

-----Original Message----- From: Peter Krempa <pkrempa(a)redhat.com&gt; Subject: Re: [PATCH v1 00/18] LIBVIRT: X86: TDX support On Thu, Apr 03, 2025 at 18:28:23 +0800, Zhenzhong Duan wrote: [...] > > Zhenzhong Duan (18): > tools: Secure guest check for Intel in virt-host-validate > qemu: Check if INTEL Trust Domain Extention support is enabled > qemu: Add TDX capability > conf: Expose TDX feature in domain capabilities > conf: Add tdx as launch security type > conf: Validate TDX launchSecurity element > mrConfigId/mrOwner/mrOwnerConfig > qemu: Add command line and validation for TDX type > conf: Expose TDX type in domain launch security capability > qemu: Force special parameters enabled for TDX guest > conf: Add Intel TDX Quote Generation Service(QGS) support > qemu: Add command line for TDX Quote Generation Service(QGS) [1] > qemu: Add FakeReboot support for TDX guest > qemu: Support reboot command in guest > qemu: Avoid duplicate FakeReboot for secure guest > qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation > qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot > qemu: Support domain reset command for TDX guest > docs: domain: Add documentation for Intel TDX guest > > docs/formatdomain.rst | 63 ++++++++++++++++++ > docs/formatdomaincaps.rst | 1 + > examples/c/misc/event-test.c | 6 ++ > include/libvirt/libvirt-domain.h | 2 + > src/conf/domain_capabilities.c | 1 + > src/conf/domain_capabilities.h | 1 + > src/conf/domain_conf.c | 82 +++++++++++++++++++++++ > src/conf/domain_conf.h | 21 ++++++ > src/conf/domain_validate.c | 11 ++++ > src/conf/schemas/domaincaps.rng | 9 +++ > src/conf/schemas/domaincommon.rng | 41 ++++++++++++ > src/conf/virconftypes.h | 2 + > src/qemu/qemu_capabilities.c | 38 ++++++++++- > src/qemu/qemu_capabilities.h | 1 + I'm seeing a capability being added but it's not detected anywhere. > src/qemu/qemu_cgroup.c | 1 + > src/qemu/qemu_command.c | 54 +++++++++++++++ > src/qemu/qemu_driver.c | 7 ++ > src/qemu/qemu_firmware.c | 1 + > src/qemu/qemu_monitor.c | 28 +++++++- > src/qemu/qemu_monitor.h | 2 +- > src/qemu/qemu_monitor_json.c | 6 +- > src/qemu/qemu_namespace.c | 1 + > src/qemu/qemu_process.c | 105 ++++++++++++++++++++++++++++-- > src/qemu/qemu_process.h | 2 + > src/qemu/qemu_validate.c | 45 +++++++++++++ > src/security/security_dac.c | 2 + > tools/virsh-domain-event.c | 6 +- > tools/virt-host-validate-common.c | 31 ++++++++- > tools/virt-host-validate-common.h | 1 + > 29 files changed, 558 insertions(+), 13 deletions(-) Also there are no qemuxmlconftest cases to be seen, while there are commandline changes [1]. IIUC the qemu patches are not merged yet, but See commits 0e58c04fc98c93482ce63589bf2b3042e7b5dd6c and 17945b8ec979fcc93232d55d3111cfc363e3cacc on how to add a variant of capability test data and how the caps dump looks. See also tests/qemucapabilitiesdata/README.rst You then can add qemuxmlconftest test cases based on the capability data: 8a852c3a909f0d11a61e1e3cd3bae89937e3a07c Note that if you create the capability dump based on a in-development qemu version (which is acceptable after the patches are merged upstream) you will be expected to update the capability dump on the same hardware once the qemu version becomes released: b0527a8f8e00f30911b6ffc5ac93d9d9bba6bff0