[PATCH rfcv4 00/13] LIBVIRT: X86: TDX support

Zhenzhong Duan posted 13 patches 6 months, 1 week ago
Failed in applying to current master (apply log)
There is a newer version of this series
docs/formatdomain.rst                         |  68 ++++
docs/formatdomaincaps.rst                     |   1 +
src/conf/domain_capabilities.c                |   1 +
src/conf/domain_capabilities.h                |   1 +
src/conf/domain_conf.c                        | 312 ++++++++++++++++++
src/conf/domain_conf.h                        |  75 +++++
src/conf/schemas/domaincaps.rng               |   9 +
src/conf/schemas/domaincommon.rng             | 135 ++++++++
src/conf/virconftypes.h                       |   2 +
src/qemu/qemu_capabilities.c                  |  36 +-
src/qemu/qemu_capabilities.h                  |   1 +
src/qemu/qemu_command.c                       | 139 ++++++++
src/qemu/qemu_firmware.c                      |   1 +
src/qemu/qemu_monitor.c                       |  28 +-
src/qemu/qemu_monitor.h                       |   2 +-
src/qemu/qemu_monitor_json.c                  |   6 +-
src/qemu/qemu_namespace.c                     |   1 +
src/qemu/qemu_process.c                       |  75 +++++
src/qemu/qemu_validate.c                      |  44 +++
...unch-security-tdx-qgs-fd.x86_64-latest.xml |  77 +++++
.../launch-security-tdx-qgs-fd.xml            |  30 ++
...ch-security-tdx-qgs-inet.x86_64-latest.xml |  77 +++++
.../launch-security-tdx-qgs-inet.xml          |  30 ++
...ch-security-tdx-qgs-unix.x86_64-latest.xml |  77 +++++
.../launch-security-tdx-qgs-unix.xml          |  30 ++
...h-security-tdx-qgs-vsock.x86_64-latest.xml |  77 +++++
.../launch-security-tdx-qgs-vsock.xml         |  30 ++
tests/qemuxmlconftest.c                       |  24 ++
tools/virt-host-validate-common.c             |  22 +-
tools/virt-host-validate-common.h             |   1 +
30 files changed, 1407 insertions(+), 5 deletions(-)
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.xml
[PATCH rfcv4 00/13] LIBVIRT: X86: TDX support
Posted by Zhenzhong Duan 6 months, 1 week ago
Hi,

This series brings libvirt the x86 TDX support.

* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from
the virtual-machine manager (VMM)/hypervisor and any other software on
the platform.

To support TDX, multiple software components, not only KVM but also QEMU,
guest Linux and virtual bios, need to be updated. For more details, please
check link[1].

This patchset is another software component to extend libvirt to support TDX,
with which one can start a TDX guest from high level rather than running qemu
directly.

* Misc
As QEMU use a software emulated way to reset guest which isn't supported by TDX
guest for security reason. We simulate reboot for TDX guest by kill and create a
new one in FakeReboot framework.

Complete code can be found at [2], matching qemu code can be found at [3].

There is a 'debug' property for tdx-guest object which isn't in matching qemu[3]
yet. I keep them intentionally as they will be implemented in qemu as extention
series of [3].

* Test
start/stop/reboot with virsh
stop/reboot trigger in guest
stop with on_poweroff=destroy/restart
reboot with on_reboot=destroy/restart

* Patch organization
- patch 1-4:   Support query of TDX capabilities.
- patch 5-8:   Add TDX type to launchsecurity framework.
- patch 9-11:  Add reboot support to TDX guest
- patch 12-13: Add test and docs

TODO:
- update QEMU capabilities data in tests, depending on qemu TDX merged beforehand
- add reconnect logic in virsh command

[1] https://lore.kernel.org/kvm/cover.1708933498.git.isaku.yamahata@intel.com
[2] https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_rfcv4
[3] https://github.com/intel/qemu-tdx/tree/tdx-qemu-upstream-v5

Thanks
Zhenzhong

Changelog:
rfcv4:
- add a check to tools/virt-host-validate-qemu.c (Daniel)
- remove check of q35 (Daniel)
- model 'SocktetAddress' QAPI in xml schema (Daniel)
- s/Quote-Generation-Service/quoteGenerationService/ (Daniel)
- define bits in tdx->policy and add validating logic (Daniel)
- presume QEMU choose split kernel irqchip for TDX guest by default (Daniel)
- utilize existing FakeReboot framework to do reboot for TDX guest (Daniel)
- drop patch11 'conf: Add support to keep same domid for hard reboot' (Daniel)
- add test in tests/ to validate parsing and formatting logic (Daniel)
- add doc in docs/formatdomain.rst (Daniel)
- add R-B

rfcv3:
- Change to generate qemu cmdline with -bios
- drop firmware auto match as -bios is used
- add a hard reboot method to reboot TDX guest

rfcv3: https://www.mail-archive.com/devel@lists.libvirt.org/msg00385.html

rfcv2:
- give up using qmp cmd and check TDX directly on host for TDX capabilities.
- use launchsecurity framework to support TDX
- use <os>.<loader> for general loader
- add auto firmware match feature for TDX

A example TDVF fimware description file 70-edk2-x86_64-tdx.json:
{
    "description": "UEFI firmware for x86_64, supporting Intel TDX",
    "interface-types": [
        "uefi"
    ],
    "mapping": {
        "device": "generic",
        "filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd"
    },
    "targets": [
        {
            "architecture": "x86_64",
            "machines": [
                "pc-q35-*"
            ]
        }
    ],
    "features": [
        "intel-tdx",
        "verbose-dynamic"
    ],
    "tags": [

    ]
}

rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html

Zhenzhong Duan (13):
  tools: Secure guest check for Intel in virt-host-validate
  qemu: Check if INTEL Trust Domain Extention support is enabled
  qemu: Add TDX capability
  conf: expose TDX feature in domain capabilities
  conf: add tdx as launch security type
  qemu: Add command line and validation for TDX type
  qemu: force special parameters enabled for TDX guest
  Add Intel TDX Quote Generation Service(QGS) support
  qemu: add FakeReboot support for TDX guest
  qemu: Support reboot command in guest
  qemu: Avoid duplicate FakeReboot for secure guest
  Add test cases for Intel TDX
  docs: domain: Add documentation for Intel TDX guest

 docs/formatdomain.rst                         |  68 ++++
 docs/formatdomaincaps.rst                     |   1 +
 src/conf/domain_capabilities.c                |   1 +
 src/conf/domain_capabilities.h                |   1 +
 src/conf/domain_conf.c                        | 312 ++++++++++++++++++
 src/conf/domain_conf.h                        |  75 +++++
 src/conf/schemas/domaincaps.rng               |   9 +
 src/conf/schemas/domaincommon.rng             | 135 ++++++++
 src/conf/virconftypes.h                       |   2 +
 src/qemu/qemu_capabilities.c                  |  36 +-
 src/qemu/qemu_capabilities.h                  |   1 +
 src/qemu/qemu_command.c                       | 139 ++++++++
 src/qemu/qemu_firmware.c                      |   1 +
 src/qemu/qemu_monitor.c                       |  28 +-
 src/qemu/qemu_monitor.h                       |   2 +-
 src/qemu/qemu_monitor_json.c                  |   6 +-
 src/qemu/qemu_namespace.c                     |   1 +
 src/qemu/qemu_process.c                       |  75 +++++
 src/qemu/qemu_validate.c                      |  44 +++
 ...unch-security-tdx-qgs-fd.x86_64-latest.xml |  77 +++++
 .../launch-security-tdx-qgs-fd.xml            |  30 ++
 ...ch-security-tdx-qgs-inet.x86_64-latest.xml |  77 +++++
 .../launch-security-tdx-qgs-inet.xml          |  30 ++
 ...ch-security-tdx-qgs-unix.x86_64-latest.xml |  77 +++++
 .../launch-security-tdx-qgs-unix.xml          |  30 ++
 ...h-security-tdx-qgs-vsock.x86_64-latest.xml |  77 +++++
 .../launch-security-tdx-qgs-vsock.xml         |  30 ++
 tests/qemuxmlconftest.c                       |  24 ++
 tools/virt-host-validate-common.c             |  22 +-
 tools/virt-host-validate-common.h             |   1 +
 30 files changed, 1407 insertions(+), 5 deletions(-)
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.x86_64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.x86_64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.x86_64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.x86_64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.xml

-- 
2.34.1