From nobody Sun Dec 14 12:17:04 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail header.i=@intel.com; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 17512650575361021.5922233398313; Sun, 29 Jun 2025 23:30:57 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 826671377; Mon, 30 Jun 2025 02:30:56 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 14E6815B0; Mon, 30 Jun 2025 02:23:09 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id F25F415B0; Mon, 30 Jun 2025 02:23:02 -0400 (EDT) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E8C8D12E2 for ; Mon, 30 Jun 2025 02:22:37 -0400 (EDT) Received: from orviesa007.jf.intel.com ([10.64.159.147]) by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2025 23:22:38 -0700 Received: from spr-s2600bt.bj.intel.com ([10.240.192.127]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2025 23:22:35 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1751264558; x=1782800558; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=zOAbK/hJ+FG2diLZuZEhhLTLW95AcUxdDwr5GXhFLXo=; b=Y27vCfOfkZQFTWrNZB4GSQ1l+QWpp2bwrra3gtA71cMH9EBIeRCx4UjN MKZLJHu5K/UNVyWNcq1jK6nUTNtlRlzjE4vkTDIEpF9sdzv3kHn9A/Je4 juw94u8chBdo44yLHxvBQhqpI3VgdZZdc7lxL4HW6nxUH23eii1yCL3xA qLDFqTyxv3Z564bWWZQG8EgQnx1nmiVVoacCzJv1Pc9u+vp2VjLPEUK3b R1JiX5sp2RqldI5+ISn6BOFDW74ZWHOsnn7erlwxchbG9ZxDt1La2io39 +lIoPIBCdH18hSVjoDySd5TsaqYBgE9yYYSPFrjZ/ebXzUYD/SXKmbG0y A==; X-CSE-ConnectionGUID: AIPH3wznT0S9zqOciskqcw== X-CSE-MsgGUID: BQMTVZaxR3+jokjkW7z91g== X-IronPort-AV: E=McAfee;i="6800,10657,11479"; a="70912609" X-IronPort-AV: E=Sophos;i="6.16,277,1744095600"; d="scan'208";a="70912609" X-CSE-ConnectionGUID: SaMRcm6mQSqZXaHruojP7w== X-CSE-MsgGUID: cl+JrrCYTmyBl6nZw7SmsQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,277,1744095600"; d="scan'208";a="153549487" From: Zhenzhong Duan To: devel@lists.libvirt.org Subject: [PATCH v3 21/21] docs: domain: Add documentation for Intel TDX guest Date: Mon, 30 Jun 2025 14:17:32 +0800 Message-Id: <20250630061732.303374-22-zhenzhong.duan@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250630061732.303374-1-zhenzhong.duan@intel.com> References: <20250630061732.303374-1-zhenzhong.duan@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: KBBDZ5M2X7XIRXSEL4PYN5FAJZUCA6YG X-Message-ID-Hash: KBBDZ5M2X7XIRXSEL4PYN5FAJZUCA6YG X-MailFrom: zhenzhong.duan@intel.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: phrdina@redhat.com, pkrempa@redhat.com, jjongsma@redhat.com, jsuchane@redhat.com, chenyi.qiang@intel.com, isaku.yamahata@intel.com, xiaoyao.li@intel.com, chao.p.peng@intel.com, Zhenzhong Duan X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1751265059035116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Zhenzhong Duan --- docs/formatdomain.rst | 63 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9a2f065590..5acebefec0 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -9528,6 +9528,69 @@ The ```` element then accepts the f= ollowing child elements: the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. =20 =20 +The contents of the ```` element is used to p= rovide +the guest owners input used for creating an encrypted VM using the Intel T= DX +(Trusted Domain eXtensions). Intel TDX refers to an Intel technology that +extends Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryp= tion +(MKTME) with a new kind of virtual machine guest called a Trust Domain (TD= ). +A TD runs in a CPU mode that is designed to protect the confidentiality of= its +memory contents and its CPU state from any other software, including the h= osting +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. +Example configuration: + +:: + + + ... + + 0x10000001 + xxx + xxx + xxx + + + ... + + +``policy`` + The optional ``policy`` element provides the guest TD attributes which = is + passed by the host VMM as a guest TD initialization parameter as part of + TD_PARAMS, it exactly matches the definition of TD_PARAMS.ATTRIBUTES in + (Intel TDX Module Spec Table 22.2: ATTRIBUTES Definition). It is report= ed + to the guest TD by TDG.VP.INFO and as part of TDREPORT_STRUCT returned = by + TDG.MR.REPORT. The guest policy is 64bit unsigned with the fields shown + in Table: + + =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + Bit(s) Description + =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + 0 Guest TD runs in off-TD debug mode when set + 1:27 reserved + 28 Disable EPT violation conversion to #VE on guest TD access of PE= NDING pages when set + 29:63 reserved + =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +``mrConfigId`` + The optional ``mrConfigId`` element provides ID for non-owner-defined + configuration of the guest TD, e.g., run-time or OS configuration + (base64 encoded SHA384 digest). + +``@mrowner`` + The optional ``@mrowner`` element provides ID for the guest TD=E2=80=99= s owner + (base64 encoded SHA384 digest). + +``mrownerconfig`` + The optional ``mrownerconfig`` element provides ID for owner-defined + configuration of the guest TD, e.g., specific to the workload rather th= an + the run-time or OS (base64 encoded SHA384 digest). + +``quoteGenerationSocket`` + The optional ``quoteGenerationSocket`` subelement provides Quote Genera= tion + Service(QGS) daemon socket address configuration. It includes an option= al + ``path`` attribute to determine the UNIX socket address, when omitted, + ``/var/run/tdx-qgs/qgs.socket`` is used as default. User in TD guest ca= nnot + get TD quoting for attestation if this subelement is not provided. + Example configs =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 --=20 2.34.1