From nobody Tue Feb 10 16:18:35 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1626405552612972.1558246736945;
 Thu, 15 Jul 2021 20:19:12 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-271-drrspKcZP1qCJVCPxbTTIw-1; Thu, 15 Jul 2021 23:19:09 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 468B31084F54;
	Fri, 16 Jul 2021 03:19:03 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4496E60871;
	Fri, 16 Jul 2021 03:19:02 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 823B24E9F4;
	Fri, 16 Jul 2021 03:19:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 16G3BiNr005873 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 15 Jul 2021 23:11:45 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id CDFEE20B899C; Fri, 16 Jul 2021 03:11:44 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C936020B8999
	for <libvir-list@redhat.com>; Fri, 16 Jul 2021 03:11:43 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E6464800B35
	for <libvir-list@redhat.com>; Fri, 16 Jul 2021 03:11:42 +0000 (UTC)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (Using
	TLS) by relay.mimecast.com with ESMTP id
	us-mta-275-Xvic8ftOPrWqrAlBFvGBKg-1; Thu, 15 Jul 2021 23:11:40 -0400
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
	by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
	15 Jul 2021 20:11:38 -0700
Received: from duan-server-s2600bt.bj.intel.com ([10.240.192.114])
	by fmsmga003-auth.fm.intel.com with
	ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jul 2021 20:11:35 -0700
X-MC-Unique: drrspKcZP1qCJVCPxbTTIw-1
X-MC-Unique: Xvic8ftOPrWqrAlBFvGBKg-1
X-IronPort-AV: E=McAfee;i="6200,9189,10046"; a="271779108"
X-IronPort-AV: E=Sophos;i="5.84,244,1620716400"; d="scan'208";a="271779108"
X-IronPort-AV: E=Sophos;i="5.84,244,1620716400"; d="scan'208";a="495774341"
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
To: libvir-list@redhat.com
Subject: [RFC PATCH v2 1/8] qemu: Check if INTEL Trust Domain Extention
	support is enabled
Date: Fri, 16 Jul 2021 11:10:29 +0800
Message-Id: <20210716031036.189228-2-zhenzhong.duan@intel.com>
In-Reply-To: <20210716031036.189228-1-zhenzhong.duan@intel.com>
References: <20210716031036.189228-1-zhenzhong.duan@intel.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: isaku.yamahata@intel.com, pkrempa@redhat.com, jun.j.tian@intel.com,
	chenyi.qiang@intel.com, phrdina@redhat.com, zhenzhong.duan@intel.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1626405553948100001
Content-Type: text/plain; charset="utf-8"

Implement TDX check in order to generate domain feature capability
correctly in case the availability of the feature changed.

For INTEL TDX the verification is:
 - checking if /sys/firmware/tdx_seam/vendor_id contains the
   value "0x8086": meaning TDX is enabled in the host kernel.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
 src/qemu/qemu_capabilities.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 0d93cc2052..9085c0b875 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4748,6 +4748,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
 }
=20
=20
+/*
+ * Check whether INTEL Trust Domain Extention (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestINTEL(void)
+{
+    g_autofree char *modValue =3D NULL;
+
+    if (virFileReadValueString(&modValue, "/sys/firmware/tdx_seam/vendor_i=
d") < 0)
+        return false;
+
+    if (STRNEQ(modValue,"0x8086"))
+        return false;
+
+    return true;
+}
+
+
 /*
  * Check whether the secure guest functionality is enabled.
  * See the specific architecture function for details on the verifications=
 made.
@@ -4761,7 +4779,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
         return virQEMUCapsKVMSupportsSecureGuestS390();
=20
     if (ARCH_IS_X86(arch))
-        return virQEMUCapsKVMSupportsSecureGuestAMD();
+        return virQEMUCapsKVMSupportsSecureGuestAMD() ||
+               virQEMUCapsKVMSupportsSecureGuestINTEL();
=20
     return false;
 }
--=20
2.25.1