From nobody Sun Dec 14 12:13:21 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail header.i=@intel.com; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1751264772505860.3305107379446; Sun, 29 Jun 2025 23:26:12 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 8CC901566; Mon, 30 Jun 2025 02:26:11 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 6968A1519; Mon, 30 Jun 2025 02:22:28 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id EC545148E; Mon, 30 Jun 2025 02:22:19 -0400 (EDT) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 215E513CC for ; Mon, 30 Jun 2025 02:21:59 -0400 (EDT) Received: from orviesa007.jf.intel.com ([10.64.159.147]) by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2025 23:21:59 -0700 Received: from spr-s2600bt.bj.intel.com ([10.240.192.127]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2025 23:21:56 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1751264519; x=1782800519; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=LQbJ5UYuhMqYN978+u7jPbuYtT0iRNFMjWaQ+elgOwI=; b=VZ6yElP2TF4UlYs+J271Fj3ufYhO3apHhxvx3c3ZJYyK19eMS7zQz3A9 950CydoCgjbkeP8fmcydWiqq3DrkO7DUtHQnIsc+i7LwAq+aiZ04EyZIj RxVW/CSLk/Gqqkn9l3Jxn37WKjSQkCKStFCU8CnAs+lUS/ku5tcO6eRaM qo1NkJOILmRidpPZ6lEciGJl8+bmIKqzeAUFqkJL8Zza4/BWTQnGqY0O/ POhCi2zBumJghFGparSLDdIYA6MvILw8riVcN+53C3MqbaNg8m4hExjEY XejRA0DGgsMQQyGS2Z2/AzHiXXVHj/kX11PbXX+k11PmfeeuLY9zfSeRQ A==; X-CSE-ConnectionGUID: XjTKNVGpTqKK4dmOrD6X0g== X-CSE-MsgGUID: 9bbDB872Tn6udGlxiMbM7w== X-IronPort-AV: E=McAfee;i="6800,10657,11479"; a="70912529" X-IronPort-AV: E=Sophos;i="6.16,277,1744095600"; d="scan'208";a="70912529" X-CSE-ConnectionGUID: A7c1tac7TMWk25sIhYawzw== X-CSE-MsgGUID: c9axqqGtTcmzY27LsNZpZQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,277,1744095600"; d="scan'208";a="153549342" From: Zhenzhong Duan To: devel@lists.libvirt.org Subject: [PATCH v3 09/21] qemu: Add command line and validation for TDX type Date: Mon, 30 Jun 2025 14:17:20 +0800 Message-Id: <20250630061732.303374-10-zhenzhong.duan@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250630061732.303374-1-zhenzhong.duan@intel.com> References: <20250630061732.303374-1-zhenzhong.duan@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 7EK2WXTDRHPT3RQAACCY63ALAEAE3BW4 X-Message-ID-Hash: 7EK2WXTDRHPT3RQAACCY63ALAEAE3BW4 X-MailFrom: zhenzhong.duan@intel.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: phrdina@redhat.com, pkrempa@redhat.com, jjongsma@redhat.com, jsuchane@redhat.com, chenyi.qiang@intel.com, isaku.yamahata@intel.com, xiaoyao.li@intel.com, chao.p.peng@intel.com, Zhenzhong Duan X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1751264773871116600 Content-Type: text/plain; charset="utf-8" QEMU will provides 'tdx-guest' object which is used to launch encrypted VMs on Intel platform using TDX feature. Command line looks like: $QEMU ... \ -object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"xxx","mrowner= ":"xxx","mrownerconfig":"xxx","attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=3Dlsec0 Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrang=C3=A9 --- src/conf/domain_conf.h | 5 +++++ src/qemu/qemu_command.c | 27 +++++++++++++++++++++++++++ src/qemu/qemu_validate.c | 12 ++++++++++++ 3 files changed, 44 insertions(+) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index e216c63018..51c05a3f18 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -3008,6 +3008,11 @@ struct _virDomainTDXDef { }; =20 =20 +#define VIR_DOMAIN_TDX_POLICY_DEBUG 0x1 +#define VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE 0x10000000 +#define VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK (VIR_DOMAIN_TDX_POLICY_DE= BUG | \ + VIR_DOMAIN_TDX_POLICY_SE= PT_VE_DISABLE) + struct _virDomainSecDef { virDomainLaunchSecurity sectype; union { diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 363bee5c8c..3081636c24 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9945,6 +9945,32 @@ qemuBuildPVCommandLine(virCommand *cmd) } =20 =20 +static int +qemuBuildTDXCommandLine(virCommand *cmd, virDomainTDXDef *tdx) +{ + g_autoptr(virJSONValue) props =3D NULL; + + if (tdx->havePolicy) + VIR_DEBUG("policy=3D0x%llx", tdx->policy); + + if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0", + "S:mrconfigid", tdx->mrconfigid, + "S:mrowner", tdx->mrowner, + "S:mrownerconfig", tdx->mrownerconfig, + NULL) < 0) + return -1; + + if (tdx->havePolicy && + virJSONValueObjectAdd(&props, "U:attributes", tdx->policy, NULL) <= 0) + return -1; + + if (qemuBuildObjectCommandlineFromJSON(cmd, props) < 0) + return -1; + + return 0; +} + + static int qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, virDomainSecDef *sec) @@ -9963,6 +9989,7 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand = *cmd, return qemuBuildPVCommandLine(cmd); =20 case VIR_DOMAIN_LAUNCH_SECURITY_TDX: + return qemuBuildTDXCommandLine(cmd, &sec->data.tdx); case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype); diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 93e191dd13..ef9f326a9b 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1414,6 +1414,18 @@ qemuValidateDomainDef(const virDomainDef *def, } break; case VIR_DOMAIN_LAUNCH_SECURITY_TDX: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Intel TDX launch security is not support= ed with this QEMU binary")); + return -1; + } + if (def->sec->data.tdx.havePolicy && + def->sec->data.tdx.policy & ~VIR_DOMAIN_TDX_POLICY_ALLOWED= _MASK) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Only bit0(debug) and bit28(sept-ve-disab= le) are supported intel TDX launch security policy")); + return -1; + } + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sec= type); --=20 2.34.1