From nobody Tue Sep 9 19:03:25 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail header.i=@intel.com; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752132347805638.6556824201723; Thu, 10 Jul 2025 00:25:47 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id DE31112CC; Thu, 10 Jul 2025 03:25:46 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 057E8110D; Thu, 10 Jul 2025 03:22:43 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 86C92C7F; Thu, 10 Jul 2025 03:22:36 -0400 (EDT) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 0FA7311A7 for ; Thu, 10 Jul 2025 03:22:13 -0400 (EDT) Received: from orviesa002.jf.intel.com ([10.64.159.142]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2025 00:22:10 -0700 Received: from unknown (HELO gnr-sp-2s-612.sh.intel.com) ([10.112.230.229]) by orviesa002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2025 00:22:07 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1752132134; x=1783668134; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Rbd+/c0vmpfbRCCrZce5GCz78tcGeE1z4FUXwcpBJoI=; b=m9pZc18SZcL2WiUgEBw+V/nuK54FbbCPcke2RDp0ZsQryZ2DMwLPgDrQ DcsMQx2qpB4SInt+tdRYHq8gyHOpxMGhONfseNX9BsGwlNar0KhBHls+e EKrRuKFM+R84KCH3FmEY6cBMRI8wXNL0exbkPdyN5wBmJ6wwOA1nLflNu VArGUkKOFnji65w787LTry3fVt2MTpLSgTjEsJm2rQZWPEM6vK6vJ3tI9 /2VIlhnuy5TFcIqqYMjq6bvtPtH5sUAigxKaju8oAz/D2cQp7YqrjfE1m Sx222tczie8qOpyo0h9rgmRYPTp9mOfcf++amkpvZzkWr1F6A4lZay3aL w==; X-CSE-ConnectionGUID: 97qdtUR2Sgq/yaxU20M24A== X-CSE-MsgGUID: ql6JN7cbT0+v63/VcJ1Gyg== X-IronPort-AV: E=McAfee;i="6800,10657,11489"; a="54257026" X-IronPort-AV: E=Sophos;i="6.16,300,1744095600"; d="scan'208";a="54257026" X-CSE-ConnectionGUID: p9ykb6r9QQOAcbNXelHSRQ== X-CSE-MsgGUID: ZmTJTZvHS++Jv2UTkuG5rA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,300,1744095600"; d="scan'208";a="186997154" From: Zhenzhong Duan To: devel@lists.libvirt.org Subject: [PATCH v4 07/23] conf: Add tdx as launch security type Date: Thu, 10 Jul 2025 03:21:09 -0400 Message-ID: <20250710072127.695558-8-zhenzhong.duan@intel.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250710072127.695558-1-zhenzhong.duan@intel.com> References: <20250710072127.695558-1-zhenzhong.duan@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: RMECV4SNU73F3SDYEGB46KRDIWEQ7RH3 X-Message-ID-Hash: RMECV4SNU73F3SDYEGB46KRDIWEQ7RH3 X-MailFrom: zhenzhong.duan@intel.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: phrdina@redhat.com, pkrempa@redhat.com, jjongsma@redhat.com, jsuchane@redhat.com, chenyi.qiang@intel.com, isaku.yamahata@intel.com, xiaoyao.li@intel.com, chao.p.peng@intel.com, Zhenzhong Duan X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752132348860116600 Content-Type: text/plain; charset="utf-8" When 'tdx' is used, the VM will be launched with Intel TDX feature enabled. TDX feature supports running encrypted VM (Trust Domain, TD) under the control of KVM. A TD runs in a CPU model which protects the confidentiality of its memory and its CPU state from other software. There are four optional child elements. Element policy is 64bit hex, bit 0 is set to enable TDX debug, bit 28 is set to enable sept-ve-disable, other bits are reserved currently. When policy isn't specified, QEMU will use its own default value 0x10000000. mrConfigId, mrOwner and mrOwnerConfig are base64 encoded SHA384 digest string. For example: 0x10000001 xxx xxx xxx Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrang=C3=A9 --- src/conf/domain_conf.c | 49 +++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 11 +++++++ src/conf/domain_validate.c | 1 + src/conf/schemas/domaincommon.rng | 32 ++++++++++++++++++++ src/conf/virconftypes.h | 2 ++ src/qemu/qemu_cgroup.c | 1 + src/qemu/qemu_command.c | 2 ++ src/qemu/qemu_driver.c | 1 + src/qemu/qemu_firmware.c | 1 + src/qemu/qemu_namespace.c | 1 + src/qemu/qemu_process.c | 2 ++ src/qemu/qemu_validate.c | 1 + src/security/security_dac.c | 2 ++ 13 files changed, 106 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 1e24e41a48..d2f01a9397 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1543,6 +1543,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, "sev", "sev-snp", "s390-pv", + "tdx", ); =20 VIR_ENUM_IMPL(virDomainPstoreBackend, @@ -3958,6 +3959,11 @@ virDomainSecDefFree(virDomainSecDef *def) g_free(def->data.sev_snp.id_auth); g_free(def->data.sev_snp.host_data); break; + case VIR_DOMAIN_LAUNCH_SECURITY_TDX: + g_free(def->data.tdx.mrconfigid); + g_free(def->data.tdx.mrowner); + g_free(def->data.tdx.mrownerconfig); + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -14204,6 +14210,29 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def, } =20 =20 +static int +virDomainTDXDefParseXML(virDomainTDXDef *def, + xmlXPathContextPtr ctxt) +{ + int rc; + + rc =3D virXPathULongLongBase("string(./policy)", ctxt, 16, &def->polic= y); + if (rc =3D=3D 0) { + def->havePolicy =3D true; + } else if (rc =3D=3D -2) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("failed to get launch security policy for launch = security type TDX")); + return -1; + } + + def->mrconfigid =3D virXPathString("string(./mrConfigId)", ctxt); + def->mrowner =3D virXPathString("string(./mrOwner)", ctxt); + def->mrownerconfig =3D virXPathString("string(./mrOwnerConfig)", ctxt); + + return 0; +} + + static virDomainSecDef * virDomainSecDefParseXML(xmlNodePtr lsecNode, xmlXPathContextPtr ctxt) @@ -14227,6 +14256,10 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, if (virDomainSEVSNPDefParseXML(&sec->data.sev_snp, ctxt) < 0) return NULL; break; + case VIR_DOMAIN_LAUNCH_SECURITY_TDX: + if (virDomainTDXDefParseXML(&sec->data.tdx, ctxt) < 0) + return NULL; + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: @@ -27704,6 +27737,18 @@ virDomainSEVSNPDefFormat(virBuffer *attrBuf, } =20 =20 +static void +virDomainTDXDefFormat(virBuffer *childBuf, virDomainTDXDef *def) +{ + if (def->havePolicy) + virBufferAsprintf(childBuf, "0x%llx\n", def->poli= cy); + + virBufferEscapeString(childBuf, "%s\n", def->= mrconfigid); + virBufferEscapeString(childBuf, "%s\n", def->mrowne= r); + virBufferEscapeString(childBuf, "%s\n",= def->mrownerconfig); +} + + static void virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec) { @@ -27725,6 +27770,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSec= Def *sec) virDomainSEVSNPDefFormat(&attrBuf, &childBuf, &sec->data.sev_snp); break; =20 + case VIR_DOMAIN_LAUNCH_SECURITY_TDX: + virDomainTDXDefFormat(&childBuf, &sec->data.tdx); + break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 6997cf7c09..e216c63018 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2964,6 +2964,7 @@ typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_SEV, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP, VIR_DOMAIN_LAUNCH_SECURITY_PV, + VIR_DOMAIN_LAUNCH_SECURITY_TDX, =20 VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2998,11 +2999,21 @@ struct _virDomainSEVSNPDef { }; =20 =20 +struct _virDomainTDXDef { + bool havePolicy; + unsigned long long policy; + char *mrconfigid; + char *mrowner; + char *mrownerconfig; +}; + + struct _virDomainSecDef { virDomainLaunchSecurity sectype; union { virDomainSEVDef sev; virDomainSEVSNPDef sev_snp; + virDomainTDXDef tdx; } data; }; =20 diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index b28af7fa56..7d68ea2478 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -1936,6 +1936,7 @@ virDomainDefLaunchSecurityValidate(const virDomainDef= *def) case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_SEV: case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_TDX: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: break; } diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index 183dd5db5e..56dbddcb43 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -549,6 +549,9 @@ s390-pv + + + @@ -644,6 +647,35 @@ + + + + tdx + + + + + + + + + + + + + + + + + + + + + + + + +