Add element "quoteGenerationSocket" to tdx launch security type.
It contains only an optional unix socket address attribute,
when omitted, libvirt will use default QGS server address
"/var/run/tdx-qgs/qgs.socket".

UNIX sockets offer the required functionality with greater
security than vsock, so libvirt only provides support for unix
socket.

XML example:

  <launchSecurity type='tdx'>
    <policy>0x0</policy>
    <mrConfigId>xxx</mrConfigId>
    <mrOwner>xxx</mrOwner>
    <mrOwnerConfig>xxx</mrOwnerConfig>
    <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>
  </launchSecurity>

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
 src/conf/domain_conf.c            | 35 ++++++++++++++++++++++++++++++-
 src/conf/domain_conf.h            |  2 ++
 src/conf/schemas/domaincommon.rng |  9 ++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d2f01a9397..8e36ea60fe 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3963,6 +3963,7 @@ virDomainSecDefFree(virDomainSecDef *def)
         g_free(def->data.tdx.mrconfigid);
         g_free(def->data.tdx.mrowner);
         g_free(def->data.tdx.mrownerconfig);
+        g_free(def->data.tdx.qgs_unix_path);
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -14210,6 +14211,33 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def,
 }
 
 
+static int
+virDomainTDXQGSDefParseXML(virDomainTDXDef *def, xmlXPathContextPtr ctxt)
+{
+    g_autofree xmlNodePtr *nodes = NULL;
+    xmlNodePtr node;
+    int n;
+
+    if ((n = virXPathNodeSet("./quoteGenerationSocket", ctxt, &nodes)) < 0)
+        return -1;
+
+    if (!n)
+        return 0;
+
+    if (n > 1) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("only a single QGS element is supported"));
+        return -1;
+    }
+    node = nodes[0];
+
+    def->haveQGS = true;
+    def->qgs_unix_path = virXMLPropString(node, "path");
+
+    return 0;
+}
+
+
 static int
 virDomainTDXDefParseXML(virDomainTDXDef *def,
                         xmlXPathContextPtr ctxt)
@@ -14229,7 +14257,7 @@ virDomainTDXDefParseXML(virDomainTDXDef *def,
     def->mrowner = virXPathString("string(./mrOwner)", ctxt);
     def->mrownerconfig = virXPathString("string(./mrOwnerConfig)", ctxt);
 
-    return 0;
+    return virDomainTDXQGSDefParseXML(def, ctxt);
 }
 
 
@@ -27746,6 +27774,11 @@ virDomainTDXDefFormat(virBuffer *childBuf, virDomainTDXDef *def)
     virBufferEscapeString(childBuf, "<mrConfigId>%s</mrConfigId>\n", def->mrconfigid);
     virBufferEscapeString(childBuf, "<mrOwner>%s</mrOwner>\n", def->mrowner);
     virBufferEscapeString(childBuf, "<mrOwnerConfig>%s</mrOwnerConfig>\n", def->mrownerconfig);
+    if (def->haveQGS) {
+        virBufferAddLit(childBuf, "<quoteGenerationSocket");
+        virBufferEscapeString(childBuf, " path='%s'", def->qgs_unix_path);
+        virBufferAddLit(childBuf, "/>\n");
+    }
 }
 
 
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 51c05a3f18..cf5437f642 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3005,6 +3005,8 @@ struct _virDomainTDXDef {
     char *mrconfigid;
     char *mrowner;
     char *mrownerconfig;
+    bool haveQGS;
+    char *qgs_unix_path;
 };
 
 
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 56dbddcb43..3f5cc9ca05 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -673,6 +673,15 @@
           <data type="string"/>
         </element>
       </optional>
+      <optional>
+        <element name="quoteGenerationSocket">
+          <optional>
+            <attribute name="path">
+              <ref name="absFilePath"/>
+            </attribute>
+          </optional>
+        </element>
+      </optional>
     </interleave>
   </define>
 
-- 
2.34.1

On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote:
> Add element "quoteGenerationSocket" to tdx launch security type.
> It contains only an optional unix socket address attribute,
> when omitted, libvirt will use default QGS server address
> "/var/run/tdx-qgs/qgs.socket".
> 
> UNIX sockets offer the required functionality with greater
> security than vsock, so libvirt only provides support for unix
> socket.
> 
> XML example:
> 
>   <launchSecurity type='tdx'>
>     <policy>0x0</policy>
>     <mrConfigId>xxx</mrConfigId>
>     <mrOwner>xxx</mrOwner>
>     <mrOwnerConfig>xxx</mrOwnerConfig>
>     <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>

Minor nitpick - lets call the element 'quoteGenerationService'
still.



With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

>-----Original Message-----
>From: Daniel P. Berrangé <berrange@redhat.com>
>Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation
>Service(QGS) support
>
>On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote:
>> Add element "quoteGenerationSocket" to tdx launch security type.
>> It contains only an optional unix socket address attribute,
>> when omitted, libvirt will use default QGS server address
>> "/var/run/tdx-qgs/qgs.socket".
>>
>> UNIX sockets offer the required functionality with greater
>> security than vsock, so libvirt only provides support for unix
>> socket.
>>
>> XML example:
>>
>>   <launchSecurity type='tdx'>
>>     <policy>0x0</policy>
>>     <mrConfigId>xxx</mrConfigId>
>>     <mrOwner>xxx</mrOwner>
>>     <mrOwnerConfig>xxx</mrOwnerConfig>
>>     <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>
>
>Minor nitpick - lets call the element 'quoteGenerationService'
>still.

QAPI exposes quote-generation-socket, do we really want a different name?

# @quote-generation-socket: socket address for Quote Generation
#     Service (QGS).  QGS is a daemon running on the host.  Without
#     it, the guest will not be able to get a TD quote for
#     attestation.

Thanks
Zhenzhong

On Wed, Jul 09, 2025 at 02:52:05AM +0000, Duan, Zhenzhong wrote:
> 
> 
> >-----Original Message-----
> >From: Daniel P. Berrangé <berrange@redhat.com>
> >Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation
> >Service(QGS) support
> >
> >On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote:
> >> Add element "quoteGenerationSocket" to tdx launch security type.
> >> It contains only an optional unix socket address attribute,
> >> when omitted, libvirt will use default QGS server address
> >> "/var/run/tdx-qgs/qgs.socket".
> >>
> >> UNIX sockets offer the required functionality with greater
> >> security than vsock, so libvirt only provides support for unix
> >> socket.
> >>
> >> XML example:
> >>
> >>   <launchSecurity type='tdx'>
> >>     <policy>0x0</policy>
> >>     <mrConfigId>xxx</mrConfigId>
> >>     <mrOwner>xxx</mrOwner>
> >>     <mrOwnerConfig>xxx</mrOwnerConfig>
> >>     <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>
> >
> >Minor nitpick - lets call the element 'quoteGenerationService'
> >still.
> 
> QAPI exposes quote-generation-socket, do we really want a different name?

Matching QAPI naming is a non-goal.  The 'quote-generation-socket'
property at the QAPI level actually maps to the 'path' attribute
in the XML.  The existence of the XML element, without any path
set, indicates a request to enable use of QGS, and that makes
more sense with a name 'quoteGenerationService' as there's no
socket being specified in that case.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

>-----Original Message-----
>From: Daniel P. Berrangé <berrange@redhat.com>
>Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation
>Service(QGS) support
>
>On Wed, Jul 09, 2025 at 02:52:05AM +0000, Duan, Zhenzhong wrote:
>>
>>
>> >-----Original Message-----
>> >From: Daniel P. Berrangé <berrange@redhat.com>
>> >Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation
>> >Service(QGS) support
>> >
>> >On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote:
>> >> Add element "quoteGenerationSocket" to tdx launch security type.
>> >> It contains only an optional unix socket address attribute,
>> >> when omitted, libvirt will use default QGS server address
>> >> "/var/run/tdx-qgs/qgs.socket".
>> >>
>> >> UNIX sockets offer the required functionality with greater
>> >> security than vsock, so libvirt only provides support for unix
>> >> socket.
>> >>
>> >> XML example:
>> >>
>> >>   <launchSecurity type='tdx'>
>> >>     <policy>0x0</policy>
>> >>     <mrConfigId>xxx</mrConfigId>
>> >>     <mrOwner>xxx</mrOwner>
>> >>     <mrOwnerConfig>xxx</mrOwnerConfig>
>> >>     <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>
>> >
>> >Minor nitpick - lets call the element 'quoteGenerationService'
>> >still.
>>
>> QAPI exposes quote-generation-socket, do we really want a different
>name?
>
>Matching QAPI naming is a non-goal.  The 'quote-generation-socket'
>property at the QAPI level actually maps to the 'path' attribute
>in the XML.  The existence of the XML element, without any path
>set, indicates a request to enable use of QGS, and that makes
>more sense with a name 'quoteGenerationService' as there's no
>socket being specified in that case.

Make sense.

Thanks
Zhenzhong