1. Patchew
  2. Libvirt
  3. View series

RE: [RFC PATCH v2 0/8] LIBVIRT: X86: TDX support

Duan, Zhenzhong posted 8 patches 2 years, 9 months ago
Only 0 patches received!
RE: [RFC PATCH v2 0/8] LIBVIRT: X86: TDX support
Posted by Duan, Zhenzhong 2 years, 9 months ago 

> -----Original Message-----
> From: Pavel Hrdina <phrdina@redhat.com>
> Sent: Wednesday, July 21, 2021 10:23 PM
> To: Duan, Zhenzhong <zhenzhong.duan@intel.com>
> Cc: libvir-list@redhat.com; pkrempa@redhat.com; berrange@redhat.com;
> Yamahata, Isaku <isaku.yamahata@intel.com>; Tian, Jun J
> <jun.j.tian@intel.com>; Qiang, Chenyi <chenyi.qiang@intel.com>
> Subject: Re: [RFC PATCH v2 0/8] LIBVIRT: X86: TDX support
> 
> On Fri, Jul 16, 2021 at 11:10:28AM +0800, Zhenzhong Duan wrote:
> > Thanks Peter, Pavel and Daniel's comments on v1 version, now the v2
> comes.
[...]
> > * Misc
> > Just let you know we have released v2 version of TDX qemu in [1], and
> > the API for libvirt is keeping stable. Using these patches we have
> > succesfully booted and tested a guest both with and without TDX enabled.
> 
> Overall looks good. It's missing documentation and the QEMU patches are
> missing documentation as well. I was looking into Intel specification but I
> failed to find the necessary info there as well.
> What are the values `mrconfigid`, `mrowner`, `mrownerconfig` for, what data
> is supposed to be stored there, what are the limitation and so on.
> 
> What I could gather these are exposed in the VM and are used for
> measurement but that's it.
> 
> Another thing that I've missed in v1, QEMU patches are introducing new `-
> machine pic=no` option and for TDX PIC has to be disabled. The libvirt
> patches are putting it on the QEMU command line but it is not reflected in
> the VM XML, so I would say we need to introduce new hypervisor feature [1]:
> 
>   <features>
>     ...
>     <pic state='on|off'/>
>     ...
>   </features>
> 
> [1] <https://libvirt.org/formatdomain.html#hypervisor-features>
> 
> > * Diff to v1:
> > - give up using qmp cmd and check TDX directly on host for TDX capabilities.
> > - use launchsecurity framework to support TDX
> > - use <os>.<loader> for general loader
> > - add auto firmware match feature for TDX
> >
> > A example TDVF fimware description file 70-edk2-x86_64-tdx.json:
> > {
> >     "description": "UEFI firmware for x86_64, supporting Intel TDX",
> >     "interface-types": [
> >         "uefi"
> >     ],
> >     "mapping": {
> >         "device": "generic",
> 
> I think using 'loader' as that's the actual device in QEMU used with this
> firmware will be better. The patches posted to QEMU doesn't extend
> `docs/interop/firmware.json` so this example may change once some specific
> format is accepted by QEMU community.
Hi Pavel,

Just want to clarify you want 'generic' changing to 'loader' only in 70-edk2-x86_64-tdx.json
Or also want all the 'generic' and '_GENERIC' string in ('[RFC PATCH v2 8/8] qemu: Add firmware descriptor support for TDX') to be changed?

Thanks
Zhenzhong

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.