[v1] LIBVIRT: X86: TDX support

[PATCH rfcv4 07/13] qemu: force special parameters enabled for TDX guest

Posted by Zhenzhong Duan 6 months, 2 weeks ago

TDX guest requires some special parameters to boot, currently:

 "kernel_irqchip=split"
 "pmu!=on"
 "smm!=on"
 "-bios"

If not specified explicitly, QEMU should configure this option implicitly
when start a TDX guest.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
 src/qemu/qemu_validate.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index db8493be68..8a3a64227e 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1333,6 +1333,38 @@ qemuValidateDomainDef(const virDomainDef *def,
                                _("Only bit0(debug) and bit28(sept-ve-disable) are supported intel TDX launch security policy"));
                 return -1;
             }
+            if (def->features[VIR_DOMAIN_FEATURE_IOAPIC] == VIR_DOMAIN_IOAPIC_KVM) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("Intel TDX launch security needs split kernel irqchip"));
+                return -1;
+            }
+            /* Current KVM doesn't support PMU for TD guest. It returns
+             * error if TD is created with PMU bit being set in attributes.
+             * By default, QEMU disable PMU for TD guest.
+             */
+            if (def->features[VIR_DOMAIN_FEATURE_PMU] == VIR_TRISTATE_SWITCH_ON) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("Intel TDX launch security is not supported with PMU enabled"));
+                return -1;
+            }
+            /* TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs
+             * because VMM cannot manipulate TDX VM's memory.
+             * By default, QEMU disable SMM for TD guest.
+             */
+            if (def->features[VIR_DOMAIN_FEATURE_SMM] == VIR_TRISTATE_SWITCH_ON) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("Intel TDX launch security is not supported with SMM enabled"));
+                return -1;
+            }
+            /* TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot
+             * support pflash device since it doesn't support read-only private memory.
+             * Thus load TDVF(OVMF) with -bios option for TDs.
+             */
+            if (def->os.loader && def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("Intel TDX launch security is not supported with pflash loader"));
+                return -1;
+            }
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
-- 
2.34.1

Re: [PATCH rfcv4 07/13] qemu: force special parameters enabled for TDX guest

Posted by Daniel P. Berrangé 6 months ago

On Fri, May 24, 2024 at 02:21:22PM +0800, Zhenzhong Duan wrote:
> TDX guest requires some special parameters to boot, currently:
> 
>  "kernel_irqchip=split"
>  "pmu!=on"
>  "smm!=on"
>  "-bios"
> 
> If not specified explicitly, QEMU should configure this option implicitly
> when start a TDX guest.
> 
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
> ---
>  src/qemu/qemu_validate.c | 32 ++++++++++++++++++++++++++++++++
>  1 file changed, 32 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|