QEMU provides support for launching an encrypted VMs on Intel x86 platform using Trust Domain Extension (TDX) feature. This patch adds support to query the TDX capabilities from the QEMU. Currently there is no elements in TDX capabilities except a placeholder. Signed-off-by: Chenyi Qiang <chenyi.qiang(a)intel.com&gt; Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; --- src/conf/domain_capabilities.c | 8 +++++ src/conf/domain_capabilities.h | 10 +++++++ src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 30 +++++++++++++++++++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_monitor.c | 8 +++++ src/qemu/qemu_monitor.h | 3 ++ src/qemu/qemu_monitor_json.c | 53 ++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 3 ++ 9 files changed, 117 insertions(+) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index cb90ae0176..31577095e9 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -76,6 +76,14 @@ virSEVCapabilitiesFree(virSEVCapability *cap) g_free(cap); } +void +virTDXCapabilitiesFree(virTDXCapability *cap) +{ + if (!cap) + return; + + VIR_FREE(cap); +} static void virDomainCapsDispose(void *obj) diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index b6433b20c9..e099788da9 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -173,6 +173,12 @@ struct _virSEVCapability { unsigned int reduced_phys_bits; }; +typedef struct _virTDXCapability virTDXCapability; +struct _virTDXCapability { + /* no elements for Intel TDX for now, just put a placeholder */ + uint64_t placeholder; +}; + typedef enum { VIR_DOMAIN_CAPS_FEATURE_IOTHREADS = 0, VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO, @@ -254,3 +260,7 @@ void virSEVCapabilitiesFree(virSEVCapability *capabilities); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree); + +void virTDXCapabilitiesFree(virTDXCapability *capabilities); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virTDXCapability, virTDXCapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 2efa787664..8cbb60b577 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -218,6 +218,7 @@ virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; virSEVCapabilitiesFree; +virTDXCapabilitiesFree; # conf/domain_conf.h diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 059d6badf2..a143e453f4 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -636,6 +636,7 @@ VIR_ENUM_IMPL(virQEMUCaps, /* 405 */ "confidential-guest-support", "query-display-options", + "tdx-guest", ); @@ -716,6 +717,8 @@ struct _virQEMUCaps { virSEVCapability *sevCapabilities; + virTDXCapability *tdxCapabilities; + /* Capabilities which may differ depending on the accelerator. */ virQEMUCapsAccel kvm; virQEMUCapsAccel tcg; @@ -1354,6 +1357,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "input-linux", QEMU_CAPS_INPUT_LINUX }, { "virtio-gpu-gl-pci", QEMU_CAPS_VIRTIO_GPU_GL_PCI }, { "virtio-vga-gl", QEMU_CAPS_VIRTIO_VGA_GL }, + { "tdx-guest", QEMU_CAPS_TDX_GUEST}, }; @@ -2027,6 +2031,7 @@ void virQEMUCapsDispose(void *obj) g_free(qemuCaps->gicCapabilities); virSEVCapabilitiesFree(qemuCaps->sevCapabilities); + virTDXCapabilitiesFree(qemuCaps->tdxCapabilities); virQEMUCapsAccelClear(&qemuCaps->kvm); virQEMUCapsAccelClear(&qemuCaps->tcg); @@ -3354,6 +3359,29 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuCaps, return 0; } +static int +virQEMUCapsProbeQMPTDXCapabilities(virQEMUCaps *qemuCaps, + qemuMonitor *mon) +{ + int rc = -1; + virTDXCapability *caps = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST)) + return 0; + + if ((rc = qemuMonitorGetTDXCapabilities(mon, &caps)) < 0) + return -1; + + /* TDX isn't actually supported */ + if (rc == 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_TDX_GUEST); + return 0; + } + + virTDXCapabilitiesFree(qemuCaps->tdxCapabilities); + qemuCaps->tdxCapabilities = caps; + return 0; +} /* * Filter for features which should never be passed to QEMU. Either because @@ -5316,6 +5344,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps, return -1; if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPTDXCapabilities(qemuCaps, mon) < 0) + return -1; virQEMUCapsInitProcessCaps(qemuCaps); diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index b2878312ac..a51bd9a256 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -616,6 +616,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ /* 405 */ QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT, /* -machine confidential-guest-support */ QEMU_CAPS_QUERY_DISPLAY_OPTIONS, /* 'query-display-options' qmp command present */ + QEMU_CAPS_TDX_GUEST, /* -object tdx-guest,... */ QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 8f35b4240f..f2a3badeec 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3946,6 +3946,14 @@ qemuMonitorNBDServerStart(qemuMonitor *mon, return qemuMonitorJSONNBDServerStart(mon, server, tls_alias); } +int +qemuMonitorGetTDXCapabilities(qemuMonitor *mon, + virTDXCapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetTDXCapabilities(mon, capabilities); +} int qemuMonitorNBDServerAdd(qemuMonitor *mon, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 6a25def78b..48c18c5220 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -859,6 +859,9 @@ int qemuMonitorGetGICCapabilities(qemuMonitor *mon, int qemuMonitorGetSEVCapabilities(qemuMonitor *mon, virSEVCapability **capabilities); +int qemuMonitorGetTDXCapabilities(qemuMonitor *mon, + virTDXCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND = 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK = 1 << 1, /* migration with non-shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 223777739d..c58152e86f 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -7028,6 +7028,59 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, return ret; } +/** + * qemuMonitorJSONGetTDXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a TDX capability structure to be filled + * + * Returns -1 on error, 0 if TDX is not supported, and 1 if TDX is supported on + * the platform. + */ +int +qemuMonitorJSONGetTDXCapabilities(qemuMonitor *mon, + virTDXCapability **capabilities) +{ + int ret = -1; + virJSONValue *cmd; + virJSONValue *reply = NULL; + g_autoptr(virTDXCapability) capability = NULL; + + *capabilities = NULL; + + if (!(cmd = qemuMonitorJSONMakeCommand("query-tdx-capabilities", + NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + /* QEMU has only compiled-in support of TDX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) { + ret = 0; + goto cleanup; + } + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + if (!virJSONValueObjectGetObject(reply, "return")) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-tdx-capabilities reply was missing return")); + return -1; + } + + capability = g_new0(virTDXCapability, 1); + + *capabilities = g_steal_pointer(&capability); + + ret = 1; + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + + return ret; +} + static virJSONValue * qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port) diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 01a3ba25f1..3fe6a34c4c 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -157,6 +157,9 @@ int qemuMonitorJSONGetGICCapabilities(qemuMonitor *mon, int qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, virSEVCapability **capabilities); +int qemuMonitorJSONGetTDXCapabilities(qemuMonitor *mon, + virTDXCapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitor *mon, unsigned int flags, const char *uri); -- 2.25.1

Sorry, I didn't fully understand which part to preserve. Do you mean removing placeholder from struct virTDXCapability or removing virTDXCapability as it's empty? virDomainCapsFeatureTDXFormat(virTDXCapability *tdx) shows '<tdx supported='yes'/>' based on the value of tdx. If virTDXCapability is empty, tdx is always NULL and '<tdx supported='no'/>' showed. Thanks Zhenzhong

Extend hypervisor capabilities to include tdx feature. When available, hypervisor can launch an encrypted VM on Intel platform. Signed-off-by: Chenyi Qiang <chenyi.qiang(a)intel.com&gt; Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; --- docs/formatdomaincaps.html.in | 16 ++++++++++++++++ docs/schemas/domaincaps.rng | 9 +++++++++ src/conf/domain_capabilities.c | 14 ++++++++++++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 12 ++++++++++++ tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + 97 files changed, 144 insertions(+) diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in index 62f1940e6a..0e679b19b7 100644 --- a/docs/formatdomaincaps.html.in +++ b/docs/formatdomaincaps.html.in @@ -566,6 +566,7 @@ &lt;genid supported='yes'/&gt; &lt;backingStoreInput supported='yes'/&gt; &lt;backup supported='yes'/&gt; + &lt;tdx supported='yes'/&gt; &lt;sev&gt; &lt;cbitpos&gt;47&lt;/cbitpos&gt; &lt;reduced-phys-bits&gt;1&lt;/reduced-phys-bits&gt; @@ -620,6 +621,21 @@ <code>virDomainUndefine</code> is supported. </p> + <h4><a id="featureTDX">TDX capabilities</a></h4> + <p>Trust Domain Extensions(TDX) capabilities are exposed under the + <code>tdx</code> element. + TDX is an Intel technology that extends Virtual Machines Extensions (VMX) + to with a new kind of virtual machine guest called Trust Domain (TD). A TD + runs in a CPU model which protects the confidentiality of its memory contents + and its CPU state from any other software, including the hosting Virtual Machine + Monitor (VMM), unless explicitly shared by the TD itself.</p> + + <p> + For more details on the TDX feature, please follow resources in the + Intel developer's document. In order to use TDX with libvirt have + a look at <a href="formatdomain.html#launchSecurity">TDX in domain XML</a> + </p> + <h4><a id="elementsSEV">SEV capabilities</a></h4> <p>AMD Secure Encrypted Virtualization (SEV) capabilities are exposed under diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng index fc668e0c78..0e61d38923 100644 --- a/docs/schemas/domaincaps.rng +++ b/docs/schemas/domaincaps.rng @@ -250,6 +250,9 @@ <optional> <ref name="sev"/> </optional> + <optional> + <ref name="tdx"/> + </optional> </element> </define> @@ -298,6 +301,12 @@ </element> </define> + <define name="tdx"> + <element name="tdx"> + <ref name="supported"/> + </element> + </define> + <define name="value"> <zeroOrMore> <element name="value"> diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 31577095e9..709ef6ab9e 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -97,6 +97,7 @@ virDomainCapsDispose(void *obj) virObjectUnref(caps->cpu.custom); virCPUDefFree(caps->cpu.hostModel); virSEVCapabilitiesFree(caps->sev); + virTDXCapabilitiesFree(caps->tdx); values = &caps->os.loader.values; for (i = 0; i < values->nvalues; i++) @@ -590,6 +591,17 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf, return; } +static void +virDomainCapsFeatureTDXFormat(virBuffer *buf, + const virTDXCapability *tdx) +{ + if (tdx) + virBufferAddLit(buf, "<tdx supported='yes'/>\n"); + else + virBufferAddLit(buf, "<tdx supported='no'/>\n"); + + return; +} static void virDomainCapsFormatFeatures(const virDomainCaps *caps, @@ -611,6 +623,8 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureTDXFormat(&childBuf, caps->tdx); + virXMLFormatElement(buf, "features", NULL, &childBuf); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index e099788da9..17b59b699a 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -213,6 +213,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapability *sev; /* add new domain features here */ + virTDXCapability *tdx; virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; }; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index a143e453f4..5e54d7e306 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -6332,6 +6332,17 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qemuCaps, domCaps->sev->reduced_phys_bits = cap->reduced_phys_bits; } +static void +virQEMUCapsFillDomainFeatureTDXCaps(virQEMUCaps *qemuCaps, + virDomainCaps *domCaps) +{ + virTDXCapability *cap = qemuCaps->tdxCapabilities; + + if (!cap) + return; + + domCaps->tdx = g_new0(virTDXCapability, 1); +} int virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, @@ -6379,6 +6390,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, virQEMUCapsFillDomainDeviceFSCaps(qemuCaps, filesystem); virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainFeatureTDXCaps(qemuCaps, domCaps); return 0; } diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml b/tests/domaincapsdata/bhyve_basic.x86_64.xml index 745f325531..40e853c560 100644 --- a/tests/domaincapsdata/bhyve_basic.x86_64.xml +++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml @@ -33,5 +33,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml index bb11c02ae9..87f98b6bba 100644 --- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml +++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml @@ -50,5 +50,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml b/tests/domaincapsdata/bhyve_uefi.x86_64.xml index dfd2360d74..9409257887 100644 --- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml +++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml @@ -42,5 +42,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml index d3e2d89b60..ba47d8c5be 100644 --- a/tests/domaincapsdata/empty.xml +++ b/tests/domaincapsdata/empty.xml @@ -13,5 +13,6 @@ </devices> <features> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/libxl-xenfv.xml index cc5b3847e2..4c335ab7ee 100644 --- a/tests/domaincapsdata/libxl-xenfv.xml +++ b/tests/domaincapsdata/libxl-xenfv.xml @@ -76,5 +76,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/libxl-xenpv.xml index 325f1e50b3..c2fa55472b 100644 --- a/tests/domaincapsdata/libxl-xenpv.xml +++ b/tests/domaincapsdata/libxl-xenpv.xml @@ -66,5 +66,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml index f5714298c1..6eb612ea05 100644 --- a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml @@ -172,5 +172,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml index 1392f7c50e..2bce2140e7 100644 --- a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml index cd3ab38bc4..c6f1d26d8f 100644 --- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml index 0dde7c65c6..1e86efe77d 100644 --- a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml @@ -172,5 +172,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml index f7db0b4cc7..b85b1b3ada 100644 --- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml @@ -189,5 +189,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml index cb26512256..20201dd795 100644 --- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml @@ -199,5 +199,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml index de41f9c859..27c66b49d6 100644 --- a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml @@ -160,5 +160,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml index 0d2ed1058e..bc99972431 100644 --- a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml @@ -154,5 +154,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml index e01f2c6fec..0598a24191 100644 --- a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml @@ -124,5 +124,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.s390x.xml b/tests/domaincapsdata/qemu_2.12.0.s390x.xml index 418db98294..5c6f3f7e93 100644 --- a/tests/domaincapsdata/qemu_2.12.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.12.0.s390x.xml @@ -206,5 +206,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml index 1ce380cea7..761b436f0a 100644 --- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml @@ -189,5 +189,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml index 3ae03de391..608bed8bdd 100644 --- a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml index 461cc4c102..0afd91ea7b 100644 --- a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml index e1af5b6622..cafa271e87 100644 --- a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml index f46991ca27..a361bc3343 100644 --- a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml index 82edcbfac6..182814b589 100644 --- a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml index 57f9f9b41b..86edf760cb 100644 --- a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml index 8bcd8f92ab..dcbff499f1 100644 --- a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml index 2a7b46f775..bdfbf4b5de 100644 --- a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml index 14cab3f557..3af9d4d305 100644 --- a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml @@ -145,5 +145,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml index f84e648a15..44bc9f74e4 100644 --- a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml @@ -139,5 +139,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml index 7f9372a359..b9a18e64be 100644 --- a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml @@ -112,5 +112,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml index 4eeec1a22b..c03140a147 100644 --- a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml index 537941561b..63cfb38d65 100644 --- a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml @@ -148,5 +148,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml index 79f5fba212..4d35f5d249 100644 --- a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml @@ -144,5 +144,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.s390x.xml b/tests/domaincapsdata/qemu_2.7.0.s390x.xml index f76564a9bc..0b6310751b 100644 --- a/tests/domaincapsdata/qemu_2.7.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.7.0.s390x.xml @@ -104,5 +104,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml index 1dd19dfc37..5a54c5290a 100644 --- a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml @@ -148,5 +148,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml index e0bb1b1eee..1fba86335b 100644 --- a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml @@ -148,5 +148,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml index 1829fbda60..0c3f5b55cc 100644 --- a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml @@ -144,5 +144,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.s390x.xml b/tests/domaincapsdata/qemu_2.8.0.s390x.xml index 2c075d7cdb..9a01625f53 100644 --- a/tests/domaincapsdata/qemu_2.8.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.8.0.s390x.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml index 5f55b0730d..d828088d3d 100644 --- a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml @@ -148,5 +148,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml index 797b970040..ef36127e42 100644 --- a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml @@ -162,5 +162,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml index b47c426f1b..79f5fe264f 100644 --- a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml @@ -181,5 +181,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml index 2523d6ec6b..ad4a226c17 100644 --- a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml @@ -112,5 +112,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.s390x.xml b/tests/domaincapsdata/qemu_2.9.0.s390x.xml index d5b58a786d..abefc63400 100644 --- a/tests/domaincapsdata/qemu_2.9.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.9.0.s390x.xml @@ -186,5 +186,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml index 7716e9d381..410fb1ad1a 100644 --- a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml @@ -162,5 +162,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml index 6dfb6135b3..bdc93a8055 100644 --- a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml @@ -187,5 +187,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml index 3c12f79f3a..c1248a8135 100644 --- a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml @@ -199,5 +199,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml index 86dd4a0c39..2227523c5c 100644 --- a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml @@ -126,5 +126,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.s390x.xml b/tests/domaincapsdata/qemu_3.0.0.s390x.xml index d4443bde20..9d8e356c67 100644 --- a/tests/domaincapsdata/qemu_3.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_3.0.0.s390x.xml @@ -213,5 +213,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml index 1abdc89c38..aa40eb31ff 100644 --- a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml @@ -187,5 +187,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml index fd7fe4794a..07fccfee25 100644 --- a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml index 424c3e4e51..4fab773a8a 100644 --- a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml @@ -202,5 +202,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml index 65dc3fbd72..521c426ee7 100644 --- a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml @@ -126,5 +126,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml index 409fd223bd..726a284b57 100644 --- a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml index 89440e9312..572691bb48 100644 --- a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml index 43eaa1c6aa..d6ddc8a46c 100644 --- a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml @@ -203,5 +203,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml index 7f8a3ef8cd..de6b2f0f44 100644 --- a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml @@ -167,5 +167,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml index 3570d5eec2..5dd7908379 100644 --- a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml @@ -161,5 +161,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml index c33967e51f..43958b8dcc 100644 --- a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml @@ -127,5 +127,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.s390x.xml b/tests/domaincapsdata/qemu_4.0.0.s390x.xml index e0ff109ead..0401f50e64 100644 --- a/tests/domaincapsdata/qemu_4.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.0.0.s390x.xml @@ -223,5 +223,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml index a4739c721a..51213283a0 100644 --- a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml index 4d3659bce9..fc077b4ce6 100644 --- a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml index 887c07d28f..545ec5a3e8 100644 --- a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml @@ -205,5 +205,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml index 4e07afd3d9..25a39b430b 100644 --- a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml index 39646c7d1e..58a0ad469e 100644 --- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml @@ -204,5 +204,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml index 5d7cea0f41..8102c2621d 100644 --- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml @@ -212,5 +212,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml index 740dc1f15e..d3f219a105 100644 --- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml @@ -169,5 +169,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml index a923d30e76..ecfccc6110 100644 --- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml @@ -163,5 +163,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml index b09e401d5c..ed41c9835c 100644 --- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml @@ -128,5 +128,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml index a610c417f7..79f3cf2930 100644 --- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml @@ -238,5 +238,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml index 36e8bd2ff3..dc1c11a58a 100644 --- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml @@ -204,5 +204,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml index 4f7d1bdbbc..c98efaa0c9 100644 --- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml @@ -206,5 +206,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml index 97d1819482..36d39541e1 100644 --- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml @@ -213,5 +213,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml index dcad3b3833..b53a80e437 100644 --- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml @@ -170,5 +170,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml index ada3ebdb2b..6c4d4679c1 100644 --- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml @@ -164,5 +164,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml index 650188606c..18313f57f0 100644 --- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml @@ -129,5 +129,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml index 2bb72027ba..3c1b73e111 100644 --- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml @@ -206,5 +206,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml index 95d44575fd..84c5395ef5 100644 --- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml index 3a4ec231f3..36bab4379f 100644 --- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml @@ -213,5 +213,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsdata/qemu_5.1.0.sparc.xml index 6f85a768e2..ef61bf8c13 100644 --- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml +++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml @@ -105,5 +105,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml index 98dfb971a2..882ceb73de 100644 --- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml index 1712c2113b..a7df147e44 100644 --- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml index 754046fb6d..2a71d94ec8 100644 --- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml @@ -213,5 +213,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml index 27776a667b..b5ddfdbbf7 100644 --- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml @@ -170,5 +170,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml index ada3ebdb2b..6c4d4679c1 100644 --- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml @@ -164,5 +164,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml index 211f7b8ac6..105f9bd3c5 100644 --- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml @@ -129,5 +129,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsdata/qemu_5.2.0.s390x.xml index 43905a6a85..f2e756fc23 100644 --- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml @@ -240,5 +240,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml index daf43d222c..fef5abef40 100644 --- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml index 98edd3e37d..580f0a6778 100644 --- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml @@ -211,5 +211,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml index 7b4cd0160a..f8c552a1be 100644 --- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml @@ -217,5 +217,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsdata/qemu_6.0.0.s390x.xml index d384f0859b..d69ac0c9f3 100644 --- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml @@ -241,5 +241,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml index 7122c89497..f4b4a2bf25 100644 --- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml @@ -211,5 +211,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml index 057824d795..d8d6ac64f7 100644 --- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml @@ -211,5 +211,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml index 6c84207231..d5938428d7 100644 --- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml @@ -214,5 +214,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml index 1934035547..2ab68a6bd4 100644 --- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml @@ -211,5 +211,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <tdx supported='no'/> </features> </domainCapabilities> -- 2.25.1

On Fri, Jun 18, 2021 at 16:50:48 +0800, Zhenzhong Duan wrote: All our RNG schema entries ... [...] If you register an autoptr cleanup function for this type you'll be able to avoid the whole 'error' label. [...] ... as well as XML element names don't start with capital letter, so this one shouldn't either. [...] Plase don't mix generic (conf/) changes ... ... with targetted qemu changes like this. [...]

On Fri, Jun 18, 2021 at 04:50:48PM +0800, Zhenzhong Duan wrote: Any reason why you are adding a new element that basically copies exactly what <launchSecurity> is doing? In libvirt it will essentially use `confidential-guest-support` which is used for launchSecurity so there is no need to duplicate the code and the XML element. It could look like this: <launchSecurity type='tdx'> <policy>0x0001</policy> </launchSecurity> We would have to reorganize the <launchSecurity> documentation a little bit but otherwise there is nothing blocking us to have single element to specify different type of encrypted/confidential/secure/... VMs. We already have patches for similar feature for s390 which will also reuse this element and in the future any other CPU architecture can reuse it. Pavel

QEMU will provides 'tdx-guest' object which is used to launch encrypted VMs on Intel platform using TDX feature. The tag <TrustDomain> can be used to launch a TDX guest. A typical TDX guest launch command line looks like: $QEMU ... \ -object tdx-guest,id=tdx0,debug=on \ -machine q35, confidential-guest-support=tdx0,kvm-type=tdx,pic=no,kernel_irqchip=split Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; --- src/qemu/qemu_command.c | 31 +++++++++++++++ .../.trust-domain-tdx.xml.swo | Bin 0 -> 12288 bytes tests/qemuxml2argvdata/trust-domain-tdx.args | 32 ++++++++++++++++ tests/qemuxml2argvdata/trust-domain-tdx.xml | 36 ++++++++++++++++++ tests/qemuxml2argvtest.c | 3 ++ 5 files changed, 102 insertions(+) create mode 100644 tests/qemuxml2argvdata/.trust-domain-tdx.xml.swo create mode 100644 tests/qemuxml2argvdata/trust-domain-tdx.args create mode 100644 tests/qemuxml2argvdata/trust-domain-tdx.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index ea513693f7..1e14c95a49 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6974,6 +6974,9 @@ qemuBuildMachineCommandLine(virCommand *cmd, } } + if (def->tdx) + virBufferAddLit(&buf, ",confidential-guest-support=tdx0,kvm-type=tdx"); + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { if (priv->pflash0) virBufferAsprintf(&buf, ",pflash0=%s", priv->pflash0->nodeformat); @@ -9860,6 +9863,31 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd, return 0; } +static int +qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd, + virDomainTDXDef *tdx) +{ + g_autoptr(virJSONValue) props = NULL; + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivate *priv = vm->privateData; + + if (!tdx) + return 0; + + VIR_DEBUG("policy=0x%x", tdx->policy); + + if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "tdx0", + "B:debug", !!(tdx->policy & 1)) < 0) + return -1; + + if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0) + return -1; + + virCommandAddArg(cmd, "-object"); + virCommandAddArgBuffer(cmd, &buf); + return 0; +} + static int qemuBuildVMCoreInfoCommandLine(virCommand *cmd, const virDomainDef *def) @@ -10562,6 +10590,9 @@ qemuBuildCommandLine(virQEMUDriver *driver, if (qemuBuildSEVCommandLine(vm, cmd, def->sev) < 0) return NULL; + if (qemuBuildTDXCommandLine(vm, cmd, def->tdx) < 0) + return NULL; + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); diff --git a/tests/qemuxml2argvdata/.trust-domain-tdx.xml.swo b/tests/qemuxml2argvdata/.trust-domain-tdx.xml.swo new file mode 100644 index 0000000000000000000000000000000000000000..2835d4a14342651d239657fb1531318de3eff8e8 GIT binary patch literal 12288 zcmeI2zmMER6vrpfAcgR=Ok<8>D&N?f+~!X5x<KKQ2%P{axq{{x&&*~=XM4=dc(Ysa z4<J#~&=4dF#J>Rasc7k;p+lmDH)HSK<#Gt6jChv5^7+kop5J_CeA4M&l^x$ZO7?ei z0@oXa+$f)X`sOEB$#-AALaZ@9g#YW3J#SM{Yt{Pn!_MoEYPCvlW&7EMiA=3JV?C>N zwba(1^d0lcdB;9eO}}dD3AYcIl6%g)?VV4hX}E4vFIT%TdLbD;A^{}uoCL0s8<RYK zmhbMolf3=bgXf%&b|ioVkN^@u0!RP}AOR$R1YTqUzPmy`hXuSeE@EfAU%7A}AMu6+ zkN^@u0!RP}AOR$R1dsp{Kmter3A}&=xP+pw67m=n{{O%E`~Q#E3Hb%|HE0bw1nq#X zgMNRFke@-{gC2vv06hd9f+*-Z=(lTx`~><6RD<q<{(hB^KS57G-+~&@J<ty5Wzb(x z!>^zpK|g>(P2Yg<LIOwt2_OL^fCP{L5<mj~Cjtc<I$=waBn7)4dSh?L*4Pk$P-ki_ z)@8QJvMevy_!!LRyoq0TYDS@%mJWHOT56%(n4?im#p~LbHffAh^^CTrRg{gxy6t*D zrZ`pW%5W=bQuS^|J2$!1)|lR@OFY7~-kQ2rcFflaO%vTpwVKh4Ze9=3G&CS@b3Zdr zOGv++x2g0QTkon%Y)oo*IxG%2aVf2GZY)Szy@b?fnPOdWu~46fE@kCosBd-rVSG0v z8U_<!JEIH9$K{7g&pgibR;a<lz{&0!=a28OkKaFfaHofc==_{H)?$;EH?Vo3PZ|n{ z8)^BYjjaf48N*d=#3>EQVRL6RjKuwh+F)|cy|E?hon@77W8Zb^*3PRYUF}a#rZ)?= zb%pbD?u-<sJrS0>MJb^~Yt{wZMuHU{tg2wcN+1asd>kJ`qoFg8lr{7DQz^E=U=pGH z1S~Ef?!6e+2)Q-~HN0ZOcMG64Tq;;t$NhqN!|vZcKHQzlf{g=^8j=Ta3AbV~qr+<9 zuyL`_Er9Aon(t<`Tr8V{1!Me3hPM_=(e+7JbD<jOai39GpVxwx@UexVXcfJ+FnFXI zW7o-WGCt7n(Q=X><XKj*rwnlld~^Te9Y&(5@3kz&ExtFGl}wf7^Yq~6-d=hznetRl l_e4IGRlc7c6f9Z;#c*26v*T2-7$C*)Yh*krr^^OT#y{J@p5y=k literal 0 HcmV?d00001 diff --git a/tests/qemuxml2argvdata/trust-domain-tdx.args b/tests/qemuxml2argvdata/trust-domain-tdx.args new file mode 100644 index 0000000000..45c8ed595f --- /dev/null +++ b/tests/qemuxml2argvdata/trust-domain-tdx.args @@ -0,0 +1,32 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/tmp/lib/domain--1-QEMUGuest1 \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-machine pc-q35-3.0,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=tdx0,\ +kvm-type=tdx,pic=no,kernel_irqchip=split \ +-device loader,file=/path/to/TDVF.fd,id=fd0 \ +-m 214 \ +-realtime mlock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\ +server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-no-acpi \ +-usb \ +-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ +-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \ +-object tdx-guest,policy=0x1,id=tdx0 diff --git a/tests/qemuxml2argvdata/trust-domain-tdx.xml b/tests/qemuxml2argvdata/trust-domain-tdx.xml new file mode 100644 index 0000000000..e0f0b77866 --- /dev/null +++ b/tests/qemuxml2argvdata/trust-domain-tdx.xml @@ -0,0 +1,36 @@ +<domain type='kvm'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc-q35-3.0'>hvm</type> + <boot dev='hd'/> + </os> + <features> + <ioapic driver='qemu'/> + </features> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='hda' bus='ide'/> + <address type='drive' controller='0' bus='0' target='0' unit='0'/> + </disk> + <controller type='usb' index='0'/> + <controller type='ide' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='none'/> + </devices> + <TrustDomain type='tdx'> + <policy>0x0001</policy> + </TrustDomain> +</domain> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 7fed871c9e..ac5dc6b40b 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3456,6 +3456,9 @@ mymain(void) DO_TEST_CAPS_VER("launch-security-sev", "2.12.0"); DO_TEST_CAPS_VER("launch-security-sev", "6.0.0"); DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0"); + DO_TEST("trust-domain-tdx", + QEMU_CAPS_KVM, + QEMU_CAPS_TDX_GUEST); DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory"); DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages"); -- 2.25.1

On Fri, Jun 18, 2021 at 16:50:50 +0800, Zhenzhong Duan wrote: [...] This again mixes config changes with qemu-specific changes.

On Fri, Jun 18, 2021 at 16:50:51 +0800, Zhenzhong Duan wrote: This must be done in a way that will be visible in the XML rather than silently hiding it in the command line generator code. Also it feels very unjustified, it's bad for performance, but is it guaranteed to always be like this? [...] Our coding style usually has boolean operators at the end of the previous line in multi-line statements.

Implement trust domain check for INTEL TDX (Trust Domain eXtention) in order to invalidate the qemu capabilities cache in case the availability of the feature changed. For INTEL TDX the verification is: - checking if /sys/module/kvm_intel/parameters/tdx contains the value 'Y': meaning TDX is enabled in the host kernel. Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; --- src/qemu/qemu_capabilities.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 5e54d7e306..8f8802c121 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -4767,6 +4767,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void) } +/* + * Check whether INTEL Trust Domain Extention (x86) is enabled + */ +static bool +virQEMUCapsKVMSupportsSecureGuestINTEL(void) +{ + g_autofree char *modValue = NULL; + + if (virFileReadValueString(&modValue, "/sys/module/kvm_intel/parameters/tdx") < 0) + return false; + + if (modValue[0] != 'Y') + return false; + + return true; +} + + /* * Check whether the secure guest functionality is enabled. * See the specific architecture function for details on the verifications made. @@ -4782,6 +4800,9 @@ virQEMUCapsKVMSupportsSecureGuest(void) if (ARCH_IS_X86(arch)) return virQEMUCapsKVMSupportsSecureGuestAMD(); + if (ARCH_IS_X86(arch)) + return virQEMUCapsKVMSupportsSecureGuestINTEL(); + return false; } -- 2.25.1