Hi,

This series brings libvirt the x86 TDX support.

* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from
the virtual-machine manager (VMM)/hypervisor and any other software on
the platform.

This patchset extends libvirt to support TDX, with which one can start a TDX
guest from high level rather than running qemu directly.

* Misc
As QEMU use a software emulated way to reset guest which isn't supported by TDX
guest for security reason. We simulate reboot for TDX guest by kill and create a
new one in FakeReboot framework.

Complete code can be found at [1].

* Test
Tested with upstream qemu v10.0.0-1724-gf9a3def17b
shutdown/reboot/reset with virsh
shutdown/reboot trigger in guest
shutdown with on_poweroff=destroy/restart
reboot with on_reboot=destroy/restart
GUEST_PANICKED event processing
auto firmware matching

* Patch organization
- patch 1-4:   Some preparing work
- patch 5-6:   Support query of TDX capabilities
- patch 7-15:  Add TDX type to launchsecurity framework
- patch 16-21: Add reboot/reset support to TDX guest
- patch 22:    Add conf test dump/cases for '+inteltdx' variant
- patch 23:    Add docs

TODO:
- add reconnect logic in virsh command

[1] https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_v4

Thanks
Zhenzhong

Changelog:
v4:
- add QGS config to qemuxmlconftest (Daniel)
- use 0x10000000 policy value in test as debug isn't supported yet (Daniel)
- s/mrowner/mrOwner/ s/mrownerconfig/mrOwnerConfig/ (Daniel)
- s/quoteGenerationSocket/quoteGenerationService/ (Daniel)
- handle "GUEST_PANICKED" event of type tdx (Daniel)
- add automatic firmware matching (Daniel)

v3:
- fix a hiden failure in qemuBuildTDXQGSCommandLine() (Peter Krempa)
- avoid the use of the ternary operator (Peter Krempa)
- add capability test dump before capability introduced (Peter Krempa)
- change tests version number from 11.0.0 to 10.1.0 (Peter Krempa)

v2:
- add capability and xmlconf test (Peter Krempa)

v1:
- s/virQEMUCapsKVMSupportsSecureGuestINTEL/virQEMUCapsKVMSupportsSecureGuestTDX (Daniel)
- make policy element optional and expose to QEMU directly (Daniel)
- s/qemuProcessSecFakeReboot/qemuProcessFakeRebootViaRecreate (Daniel)
- simplify QGS element schema by supporting only UNIX socket (Daniel)
- add new events VIR_DOMAIN_EVENT_[STOPPED|STARTED] for control plane (Daniel)
- s/quoteGenerationService/quoteGenerationSocket as QEMU
- add virsh reset support

rfcv4:
- add a check to tools/virt-host-validate-qemu.c (Daniel)
- remove check of q35 (Daniel)
- model 'SocktetAddress' QAPI in xml schema (Daniel)
- s/Quote-Generation-Service/quoteGenerationService/ (Daniel)
- define bits in tdx->policy and add validating logic (Daniel)
- presume QEMU choose split kernel irqchip for TDX guest by default (Daniel)
- utilize existing FakeReboot framework to do reboot for TDX guest (Daniel)
- drop patch11 'conf: Add support to keep same domid for hard reboot' (Daniel)
- add test in tests/ to validate parsing and formatting logic (Daniel)
- add doc in docs/formatdomain.rst (Daniel)
- add R-B

rfcv3:
- Change to generate qemu cmdline with -bios
- drop firmware auto match as -bios is used
- add a hard reboot method to reboot TDX guest

rfcv3: https://www.mail-archive.com/devel@lists.libvirt.org/msg00385.html

rfcv2:
- give up using qmp cmd and check TDX directly on host for TDX capabilities.
- use launchsecurity framework to support TDX
- use <os>.<loader> for general loader
- add auto firmware match feature for TDX

A example TDVF fimware description file 70-edk2-x86_64-tdx.json:
{
    "description": "UEFI firmware for x86_64, supporting Intel TDX",
    "interface-types": [
        "uefi"
    ],
    "mapping": {
        "device": "generic",
        "filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd"
    },
    "targets": [
        {
            "architecture": "x86_64",
            "machines": [
                "pc-q35-*"
            ]
        }
    ],
    "features": [
        "intel-tdx",
        "verbose-dynamic"
    ],
    "tags": [

    ]
}

rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html


Zhenzhong Duan (23):
  tools: Secure guest check for Intel in virt-host-validate
  qemu: Check if INTEL Trust Domain Extention support is enabled
  qemucapabilitiesdata: Document '+inteltdx' variant
  qemucapabilitiestest: Add data for the qemu-10.1.0 dev cycle on x86_64
    for the '+inteltdx' variant
  qemu: Add QEMU_CAPS_TDX_GUEST capability
  conf: Expose TDX feature in domain capabilities
  conf: Add tdx as launch security type
  conf: Validate TDX launchSecurity element
    mrConfigId/mrOwner/mrOwnerConfig
  qemu: Add command line and validation for TDX type
  conf: Expose TDX type in domain launch security capability
  qemu: Force special parameters enabled for TDX guest
  qemu: log the crash information for TDX
  qemu_firmware: Pick the right firmware for TDX guests
  conf: Add Intel TDX Quote Generation Service(QGS) support
  qemu: Add command line for TDX Quote Generation Service(QGS)
  qemu: Add FakeReboot support for TDX guest
  qemu: Support reboot command in guest
  qemu: Avoid duplicate FakeReboot for secure guest
  qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation
  qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot
  qemu: Support domain reset command for TDX guest
  qemuxmlconftest: Add latest version of 'launch-security-tdx*' test
    data
  docs: domain: Add documentation for Intel TDX guest

 docs/formatdomain.rst                         |    63 +
 docs/formatdomaincaps.rst                     |     1 +
 examples/c/misc/event-test.c                  |     6 +
 include/libvirt/libvirt-domain.h              |     2 +
 src/conf/domain_capabilities.c                |     1 +
 src/conf/domain_capabilities.h                |     1 +
 src/conf/domain_conf.c                        |    82 +
 src/conf/domain_conf.h                        |    21 +
 src/conf/domain_validate.c                    |    11 +
 src/conf/schemas/domaincaps.rng               |     9 +
 src/conf/schemas/domaincommon.rng             |    41 +
 src/conf/virconftypes.h                       |     2 +
 src/qemu/qemu_capabilities.c                  |    38 +-
 src/qemu/qemu_capabilities.h                  |     1 +
 src/qemu/qemu_cgroup.c                        |     1 +
 src/qemu/qemu_command.c                       |    43 +
 src/qemu/qemu_domain.h                        |     1 +
 src/qemu/qemu_driver.c                        |    11 +-
 src/qemu/qemu_firmware.c                      |    20 +
 src/qemu/qemu_monitor.c                       |    50 +-
 src/qemu/qemu_monitor.h                       |    13 +-
 src/qemu/qemu_monitor_json.c                  |    38 +-
 src/qemu/qemu_namespace.c                     |     1 +
 src/qemu/qemu_process.c                       |   104 +-
 src/qemu/qemu_process.h                       |     2 +
 src/qemu/qemu_validate.c                      |    45 +
 src/security/security_dac.c                   |     2 +
 .../qemu_10.1.0-q35.x86_64+inteltdx.xml       |   783 +
 .../domaincapsdata/qemu_10.1.0-q35.x86_64.xml |     7 +-
 .../qemu_10.1.0-tcg.x86_64+inteltdx.xml       |  1830 +
 .../domaincapsdata/qemu_10.1.0-tcg.x86_64.xml |     6 +-
 .../qemu_10.1.0.x86_64+inteltdx.xml           |   783 +
 tests/domaincapsdata/qemu_10.1.0.x86_64.xml   |     7 +-
 tests/domaincapsmock.c                        |     3 +-
 tests/qemucapabilitiesdata/README.rst         |     5 +
 .../caps_10.1.0_x86_64+inteltdx.replies       | 44552 ++++++++++++++++
 .../caps_10.1.0_x86_64+inteltdx.xml           |  3585 ++
 .../caps_10.1.0_x86_64.xml                    |     1 +
 .../caps.x86_64+inteltdx.xml                  |    29 +
 .../firmware/60-edk2-ovmf-x64-inteltdx.json   |     1 +
 ...h-security-tdx.x86_64-latest+inteltdx.args |    44 +
 ...ch-security-tdx.x86_64-latest+inteltdx.xml |    75 +
 tests/qemuxmlconfdata/launch-security-tdx.xml |    28 +
 tests/qemuxmlconftest.c                       |     3 +
 tools/virsh-domain-event.c                    |     6 +-
 tools/virt-host-validate-common.c             |    31 +-
 tools/virt-host-validate-common.h             |     1 +
 47 files changed, 52372 insertions(+), 18 deletions(-)
 create mode 100644 tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
 create mode 100644 tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
 create mode 100644 tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
 create mode 100644 tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.replies
 create mode 100644 tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
 create mode 100644 tests/qemucaps2xmloutdata/caps.x86_64+inteltdx.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml

-- 
2.47.1

FYI, QEMU soft freeze is next week, and rc0 release
is Jul 22nd. I proposed we merge this series once
the QEMU rc0 release is out, so this is likely ready
for the libvirt August 1st release.

On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote:
> Hi,
> 
> This series brings libvirt the x86 TDX support.
> 
> * What's TDX?
> TDX stands for Trust Domain Extensions which isolates VMs from
> the virtual-machine manager (VMM)/hypervisor and any other software on
> the platform.
> 
> This patchset extends libvirt to support TDX, with which one can start a TDX
> guest from high level rather than running qemu directly.
> 
> * Misc
> As QEMU use a software emulated way to reset guest which isn't supported by TDX
> guest for security reason. We simulate reboot for TDX guest by kill and create a
> new one in FakeReboot framework.
> 
> Complete code can be found at [1].
> 
> * Test
> Tested with upstream qemu v10.0.0-1724-gf9a3def17b
> shutdown/reboot/reset with virsh
> shutdown/reboot trigger in guest
> shutdown with on_poweroff=destroy/restart
> reboot with on_reboot=destroy/restart
> GUEST_PANICKED event processing
> auto firmware matching
> 
> * Patch organization
> - patch 1-4:   Some preparing work
> - patch 5-6:   Support query of TDX capabilities
> - patch 7-15:  Add TDX type to launchsecurity framework
> - patch 16-21: Add reboot/reset support to TDX guest
> - patch 22:    Add conf test dump/cases for '+inteltdx' variant
> - patch 23:    Add docs
> 
> TODO:
> - add reconnect logic in virsh command
> 
> [1] https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_v4
> 
> Thanks
> Zhenzhong
> 
> Changelog:
> v4:
> - add QGS config to qemuxmlconftest (Daniel)
> - use 0x10000000 policy value in test as debug isn't supported yet (Daniel)
> - s/mrowner/mrOwner/ s/mrownerconfig/mrOwnerConfig/ (Daniel)
> - s/quoteGenerationSocket/quoteGenerationService/ (Daniel)
> - handle "GUEST_PANICKED" event of type tdx (Daniel)
> - add automatic firmware matching (Daniel)
> 
> v3:
> - fix a hiden failure in qemuBuildTDXQGSCommandLine() (Peter Krempa)
> - avoid the use of the ternary operator (Peter Krempa)
> - add capability test dump before capability introduced (Peter Krempa)
> - change tests version number from 11.0.0 to 10.1.0 (Peter Krempa)
> 
> v2:
> - add capability and xmlconf test (Peter Krempa)
> 
> v1:
> - s/virQEMUCapsKVMSupportsSecureGuestINTEL/virQEMUCapsKVMSupportsSecureGuestTDX (Daniel)
> - make policy element optional and expose to QEMU directly (Daniel)
> - s/qemuProcessSecFakeReboot/qemuProcessFakeRebootViaRecreate (Daniel)
> - simplify QGS element schema by supporting only UNIX socket (Daniel)
> - add new events VIR_DOMAIN_EVENT_[STOPPED|STARTED] for control plane (Daniel)
> - s/quoteGenerationService/quoteGenerationSocket as QEMU
> - add virsh reset support
> 
> rfcv4:
> - add a check to tools/virt-host-validate-qemu.c (Daniel)
> - remove check of q35 (Daniel)
> - model 'SocktetAddress' QAPI in xml schema (Daniel)
> - s/Quote-Generation-Service/quoteGenerationService/ (Daniel)
> - define bits in tdx->policy and add validating logic (Daniel)
> - presume QEMU choose split kernel irqchip for TDX guest by default (Daniel)
> - utilize existing FakeReboot framework to do reboot for TDX guest (Daniel)
> - drop patch11 'conf: Add support to keep same domid for hard reboot' (Daniel)
> - add test in tests/ to validate parsing and formatting logic (Daniel)
> - add doc in docs/formatdomain.rst (Daniel)
> - add R-B
> 
> rfcv3:
> - Change to generate qemu cmdline with -bios
> - drop firmware auto match as -bios is used
> - add a hard reboot method to reboot TDX guest
> 
> rfcv3: https://www.mail-archive.com/devel@lists.libvirt.org/msg00385.html
> 
> rfcv2:
> - give up using qmp cmd and check TDX directly on host for TDX capabilities.
> - use launchsecurity framework to support TDX
> - use <os>.<loader> for general loader
> - add auto firmware match feature for TDX
> 
> A example TDVF fimware description file 70-edk2-x86_64-tdx.json:
> {
>     "description": "UEFI firmware for x86_64, supporting Intel TDX",
>     "interface-types": [
>         "uefi"
>     ],
>     "mapping": {
>         "device": "generic",
>         "filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd"
>     },
>     "targets": [
>         {
>             "architecture": "x86_64",
>             "machines": [
>                 "pc-q35-*"
>             ]
>         }
>     ],
>     "features": [
>         "intel-tdx",
>         "verbose-dynamic"
>     ],
>     "tags": [
> 
>     ]
> }
> 
> rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html
> 
> 
> Zhenzhong Duan (23):
>   tools: Secure guest check for Intel in virt-host-validate
>   qemu: Check if INTEL Trust Domain Extention support is enabled
>   qemucapabilitiesdata: Document '+inteltdx' variant
>   qemucapabilitiestest: Add data for the qemu-10.1.0 dev cycle on x86_64
>     for the '+inteltdx' variant
>   qemu: Add QEMU_CAPS_TDX_GUEST capability
>   conf: Expose TDX feature in domain capabilities
>   conf: Add tdx as launch security type
>   conf: Validate TDX launchSecurity element
>     mrConfigId/mrOwner/mrOwnerConfig
>   qemu: Add command line and validation for TDX type
>   conf: Expose TDX type in domain launch security capability
>   qemu: Force special parameters enabled for TDX guest
>   qemu: log the crash information for TDX
>   qemu_firmware: Pick the right firmware for TDX guests
>   conf: Add Intel TDX Quote Generation Service(QGS) support
>   qemu: Add command line for TDX Quote Generation Service(QGS)
>   qemu: Add FakeReboot support for TDX guest
>   qemu: Support reboot command in guest
>   qemu: Avoid duplicate FakeReboot for secure guest
>   qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation
>   qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot
>   qemu: Support domain reset command for TDX guest
>   qemuxmlconftest: Add latest version of 'launch-security-tdx*' test
>     data
>   docs: domain: Add documentation for Intel TDX guest
> 
>  docs/formatdomain.rst                         |    63 +
>  docs/formatdomaincaps.rst                     |     1 +
>  examples/c/misc/event-test.c                  |     6 +
>  include/libvirt/libvirt-domain.h              |     2 +
>  src/conf/domain_capabilities.c                |     1 +
>  src/conf/domain_capabilities.h                |     1 +
>  src/conf/domain_conf.c                        |    82 +
>  src/conf/domain_conf.h                        |    21 +
>  src/conf/domain_validate.c                    |    11 +
>  src/conf/schemas/domaincaps.rng               |     9 +
>  src/conf/schemas/domaincommon.rng             |    41 +
>  src/conf/virconftypes.h                       |     2 +
>  src/qemu/qemu_capabilities.c                  |    38 +-
>  src/qemu/qemu_capabilities.h                  |     1 +
>  src/qemu/qemu_cgroup.c                        |     1 +
>  src/qemu/qemu_command.c                       |    43 +
>  src/qemu/qemu_domain.h                        |     1 +
>  src/qemu/qemu_driver.c                        |    11 +-
>  src/qemu/qemu_firmware.c                      |    20 +
>  src/qemu/qemu_monitor.c                       |    50 +-
>  src/qemu/qemu_monitor.h                       |    13 +-
>  src/qemu/qemu_monitor_json.c                  |    38 +-
>  src/qemu/qemu_namespace.c                     |     1 +
>  src/qemu/qemu_process.c                       |   104 +-
>  src/qemu/qemu_process.h                       |     2 +
>  src/qemu/qemu_validate.c                      |    45 +
>  src/security/security_dac.c                   |     2 +
>  .../qemu_10.1.0-q35.x86_64+inteltdx.xml       |   783 +
>  .../domaincapsdata/qemu_10.1.0-q35.x86_64.xml |     7 +-
>  .../qemu_10.1.0-tcg.x86_64+inteltdx.xml       |  1830 +
>  .../domaincapsdata/qemu_10.1.0-tcg.x86_64.xml |     6 +-
>  .../qemu_10.1.0.x86_64+inteltdx.xml           |   783 +
>  tests/domaincapsdata/qemu_10.1.0.x86_64.xml   |     7 +-
>  tests/domaincapsmock.c                        |     3 +-
>  tests/qemucapabilitiesdata/README.rst         |     5 +
>  .../caps_10.1.0_x86_64+inteltdx.replies       | 44552 ++++++++++++++++
>  .../caps_10.1.0_x86_64+inteltdx.xml           |  3585 ++
>  .../caps_10.1.0_x86_64.xml                    |     1 +
>  .../caps.x86_64+inteltdx.xml                  |    29 +
>  .../firmware/60-edk2-ovmf-x64-inteltdx.json   |     1 +
>  ...h-security-tdx.x86_64-latest+inteltdx.args |    44 +
>  ...ch-security-tdx.x86_64-latest+inteltdx.xml |    75 +
>  tests/qemuxmlconfdata/launch-security-tdx.xml |    28 +
>  tests/qemuxmlconftest.c                       |     3 +
>  tools/virsh-domain-event.c                    |     6 +-
>  tools/virt-host-validate-common.c             |    31 +-
>  tools/virt-host-validate-common.h             |     1 +
>  47 files changed, 52372 insertions(+), 18 deletions(-)
>  create mode 100644 tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
>  create mode 100644 tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
>  create mode 100644 tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
>  create mode 100644 tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.replies
>  create mode 100644 tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
>  create mode 100644 tests/qemucaps2xmloutdata/caps.x86_64+inteltdx.xml
>  create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args
>  create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
>  create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml
> 
> -- 
> 2.47.1
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

On Thu, Jul 10, 2025 at 05:22:15PM +0100, Daniel P. Berrangé via Devel wrote:
> FYI, QEMU soft freeze is next week, and rc0 release
> is Jul 22nd. I proposed we merge this series once
> the QEMU rc0 release is out, so this is likely ready
> for the libvirt August 1st release.

I have now merged this series.

Thanks to all who worked on getting TDX integrated in libvirt.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

>-----Original Message-----
>From: Daniel P. Berrangé <berrange@redhat.com>
>Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support
>
>FYI, QEMU soft freeze is next week, and rc0 release
>is Jul 22nd. I proposed we merge this series once
>the QEMU rc0 release is out, so this is likely ready
>for the libvirt August 1st release.

After QEMU rc0 release and before this merge, should I send a v5
with test data update from rc0 release?

Should I send a test data update for each 10.1.0-rcX release or only 10.1.0 release?

Thanks
Zhenzhong

On Fri, Jul 11, 2025 at 06:23:46 +0000, Duan, Zhenzhong wrote:
> 
> 
> >-----Original Message-----
> >From: Daniel P. Berrangé <berrange@redhat.com>
> >Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support
> >
> >FYI, QEMU soft freeze is next week, and rc0 release
> >is Jul 22nd. I proposed we merge this series once
> >the QEMU rc0 release is out, so this is likely ready
> >for the libvirt August 1st release.
> 
> After QEMU rc0 release and before this merge, should I send a v5
> with test data update from rc0 release?
> 
> Should I send a test data update for each 10.1.0-rcX release or only 10.1.0 release?

It's okay to just update the caps to the final release state once it's
out.

You can, if you want, send an updated/replacement version of the patch
adding the caps before it will be pushed. Or perhaps if something
related to TDX changed. But that's extra work which is not necessary in
any way. The most of the changes are tracked by the default variant of
the test.

>-----Original Message-----
>From: Peter Krempa <pkrempa@redhat.com>
>Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support
>
>On Fri, Jul 11, 2025 at 06:23:46 +0000, Duan, Zhenzhong wrote:
>>
>>
>> >-----Original Message-----
>> >From: Daniel P. Berrangé <berrange@redhat.com>
>> >Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support
>> >
>> >FYI, QEMU soft freeze is next week, and rc0 release
>> >is Jul 22nd. I proposed we merge this series once
>> >the QEMU rc0 release is out, so this is likely ready
>> >for the libvirt August 1st release.
>>
>> After QEMU rc0 release and before this merge, should I send a v5
>> with test data update from rc0 release?
>>
>> Should I send a test data update for each 10.1.0-rcX release or only 10.1.0
>release?
>
>It's okay to just update the caps to the final release state once it's
>out.
>
>You can, if you want, send an updated/replacement version of the patch
>adding the caps before it will be pushed. Or perhaps if something
>related to TDX changed. But that's extra work which is not necessary in
>any way. The most of the changes are tracked by the default variant of
>the test.

Clear.

Thanks
Zhenzhong

On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote:
> Hi,
> 
> This series brings libvirt the x86 TDX support.
> 
> * What's TDX?
> TDX stands for Trust Domain Extensions which isolates VMs from
> the virtual-machine manager (VMM)/hypervisor and any other software on
> the platform.
> 
> This patchset extends libvirt to support TDX, with which one can start a TDX
> guest from high level rather than running qemu directly.
> 
> * Misc
> As QEMU use a software emulated way to reset guest which isn't supported by TDX
> guest for security reason. We simulate reboot for TDX guest by kill and create a
> new one in FakeReboot framework.
> 
> Complete code can be found at [1].
> 
> * Test
> Tested with upstream qemu v10.0.0-1724-gf9a3def17b
> shutdown/reboot/reset with virsh
> shutdown/reboot trigger in guest
> shutdown with on_poweroff=destroy/restart
> reboot with on_reboot=destroy/restart
> GUEST_PANICKED event processing
> auto firmware matching

For the whole series

 Tested-by: Daniel P. Berrangé <berrange@redhat.com>
 
I've created a VM using

  virt-install \
      --graphics none \
      --import \
      --file /var/lib/libvirt/images/f42tdxalt.qcow2 \
      --memory 4096 \
      --launchSecurity=tdx,quoteGenerationService=on \
      --boot uefi \
      --machine q35 \
      --osinfo fedora41

relying on this

  https://github.com/virt-manager/virt-manager/pull/948

and acquired attestation report with SGX 2.26, QEMU current git master, and
upstream LKML (with the patch to enable to build with kexec)

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

>-----Original Message-----
>From: Daniel P. Berrangé <berrange@redhat.com>
>Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support
>
>On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote:
>> Hi,
>>
>> This series brings libvirt the x86 TDX support.
>>
>> * What's TDX?
>> TDX stands for Trust Domain Extensions which isolates VMs from
>> the virtual-machine manager (VMM)/hypervisor and any other software on
>> the platform.
>>
>> This patchset extends libvirt to support TDX, with which one can start a TDX
>> guest from high level rather than running qemu directly.
>>
>> * Misc
>> As QEMU use a software emulated way to reset guest which isn't supported
>by TDX
>> guest for security reason. We simulate reboot for TDX guest by kill and
>create a
>> new one in FakeReboot framework.
>>
>> Complete code can be found at [1].
>>
>> * Test
>> Tested with upstream qemu v10.0.0-1724-gf9a3def17b
>> shutdown/reboot/reset with virsh
>> shutdown/reboot trigger in guest
>> shutdown with on_poweroff=destroy/restart
>> reboot with on_reboot=destroy/restart
>> GUEST_PANICKED event processing
>> auto firmware matching
>
>For the whole series
>
> Tested-by: Daniel P. Berrangé <berrange@redhat.com>
>
>I've created a VM using
>
>  virt-install \
>      --graphics none \
>      --import \
>      --file /var/lib/libvirt/images/f42tdxalt.qcow2 \
>      --memory 4096 \
>      --launchSecurity=tdx,quoteGenerationService=on \
>      --boot uefi \
>      --machine q35 \
>      --osinfo fedora41
>
>relying on this
>
>  https://github.com/virt-manager/virt-manager/pull/948
>
>and acquired attestation report with SGX 2.26, QEMU current git master, and
>upstream LKML (with the patch to enable to build with kexec)

Thanks Daniel.

BRs,
Zhenzhong