TDX attestation support

[RFC PATCH 0/3] TDX attestation support

Paolo Bonzini posted 3 patches 4 months, 4 weeks ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20250619203351.393786-1-pbonzini@redhat.com

Maintainers: "Michael S. Tsirkin" <mst@redhat.com>, Cornelia Huck <cohuck@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, "Daniel P. Berrangé" <berrange@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>

There is a newer version of this series

qapi/qom.json                                 |   8 +-
include/standard-headers/asm-x86/setup_data.h |  13 +-
include/standard-headers/drm/drm_fourcc.h     |  45 +++
include/standard-headers/linux/ethtool.h      | 124 ++++----
include/standard-headers/linux/fuse.h         |   6 +-
.../linux/input-event-codes.h                 |   3 +-
include/standard-headers/linux/pci_regs.h     |  12 +-
include/standard-headers/linux/virtio_gpu.h   |   3 +-
include/standard-headers/linux/virtio_pci.h   |   1 +
linux-headers/asm-arm64/kvm.h                 |   9 +-
linux-headers/asm-x86/kvm.h                   |   1 +
linux-headers/linux/bits.h                    |   4 +-
linux-headers/linux/kvm.h                     |  25 ++
linux-headers/linux/vhost.h                   |   4 +-
target/i386/kvm/tdx-quote-generator.h         |  82 +++++
target/i386/kvm/tdx.h                         |  19 ++
target/i386/kvm/kvm.c                         |  15 +
target/i386/kvm/tdx-quote-generator.c         | 300 ++++++++++++++++++
target/i386/kvm/tdx-stub.c                    |   8 +
target/i386/kvm/tdx.c                         | 186 +++++++++++
target/i386/kvm/meson.build                   |   2 +-
21 files changed, 795 insertions(+), 75 deletions(-)
create mode 100644 target/i386/kvm/tdx-quote-generator.h
create mode 100644 target/i386/kvm/tdx-quote-generator.c

Expand all Fold all

[RFC PATCH 0/3] TDX attestation support

Posted by Paolo Bonzini 4 months, 4 weeks ago

This is my update of Binbin's patches from
https://github.com/intel-staging/qemu-tdx/commits/binbinwu/GetTdVmCallInfo_fixup/,
updated for the proposed userspace API at
https://lore.kernel.org/kvm/20250619180159.187358-1-pbonzini@redhat.com/T/
and with a few tweaks to drop the remains of the
quote generator QOM object.

I am not sure of the state of Daniel's patch to parse the
GET_QUOTE request and repack it for the quote generation
service.  Here I have just squashed it into patch 3.

I have not tested this beyond compilation, but I wanted
to send it out before going on vacation---and possibly
even include patches 1-2 in a pull request.

Paolo


Binbin Wu (1):
  i386/tdx: handle TDG.VP.VMCALL<GetTdVmCallInfo>

Isaku Yamahata (1):
  i386/tdx: handle TDG.VP.VMCALL<GetQuote>

Paolo Bonzini (1):
  update Linux headers to v6.16-rc3

 qapi/qom.json                                 |   8 +-
 include/standard-headers/asm-x86/setup_data.h |  13 +-
 include/standard-headers/drm/drm_fourcc.h     |  45 +++
 include/standard-headers/linux/ethtool.h      | 124 ++++----
 include/standard-headers/linux/fuse.h         |   6 +-
 .../linux/input-event-codes.h                 |   3 +-
 include/standard-headers/linux/pci_regs.h     |  12 +-
 include/standard-headers/linux/virtio_gpu.h   |   3 +-
 include/standard-headers/linux/virtio_pci.h   |   1 +
 linux-headers/asm-arm64/kvm.h                 |   9 +-
 linux-headers/asm-x86/kvm.h                   |   1 +
 linux-headers/linux/bits.h                    |   4 +-
 linux-headers/linux/kvm.h                     |  25 ++
 linux-headers/linux/vhost.h                   |   4 +-
 target/i386/kvm/tdx-quote-generator.h         |  82 +++++
 target/i386/kvm/tdx.h                         |  19 ++
 target/i386/kvm/kvm.c                         |  15 +
 target/i386/kvm/tdx-quote-generator.c         | 300 ++++++++++++++++++
 target/i386/kvm/tdx-stub.c                    |   8 +
 target/i386/kvm/tdx.c                         | 186 +++++++++++
 target/i386/kvm/meson.build                   |   2 +-
 21 files changed, 795 insertions(+), 75 deletions(-)
 create mode 100644 target/i386/kvm/tdx-quote-generator.h
 create mode 100644 target/i386/kvm/tdx-quote-generator.c

-- 
2.49.0

Re: [RFC PATCH 0/3] TDX attestation support

Posted by Xiaoyao Li 4 months, 4 weeks ago

On 6/20/2025 4:33 AM, Paolo Bonzini wrote:
> This is my update of Binbin's patches from
> https://github.com/intel-staging/qemu-tdx/commits/binbinwu/GetTdVmCallInfo_fixup/,
> updated for the proposed userspace API at
> https://lore.kernel.org/kvm/20250619180159.187358-1-pbonzini@redhat.com/T/
> and with a few tweaks to drop the remains of the
> quote generator QOM object.
> 
> I am not sure of the state of Daniel's patch to parse the
> GET_QUOTE request and repack it for the quote generation
> service.  Here I have just squashed it into patch 3.

That looks good to me except one issue of the check of 
QGS_MSG_LIB_MINOR_VER, as I commented in patch 3. But that's instead a 
QGS issue, as I think.

> I have not tested this beyond compilation, but I wanted
> to send it out before going on vacation---and possibly
> even include patches 1-2 in a pull request.

I tested it, and only found some small issues and commented in patch 3.

I think maybe we can pull all the series with the issue I reported 
fixed? since it's in the development cycle of QEMU 10.1. If any new 
issue appears, we still have chance to fix.

> Paolo
> 
> 
> Binbin Wu (1):
>    i386/tdx: handle TDG.VP.VMCALL<GetTdVmCallInfo>
> 
> Isaku Yamahata (1):
>    i386/tdx: handle TDG.VP.VMCALL<GetQuote>
> 
> Paolo Bonzini (1):
>    update Linux headers to v6.16-rc3
> 
>   qapi/qom.json                                 |   8 +-
>   include/standard-headers/asm-x86/setup_data.h |  13 +-
>   include/standard-headers/drm/drm_fourcc.h     |  45 +++
>   include/standard-headers/linux/ethtool.h      | 124 ++++----
>   include/standard-headers/linux/fuse.h         |   6 +-
>   .../linux/input-event-codes.h                 |   3 +-
>   include/standard-headers/linux/pci_regs.h     |  12 +-
>   include/standard-headers/linux/virtio_gpu.h   |   3 +-
>   include/standard-headers/linux/virtio_pci.h   |   1 +
>   linux-headers/asm-arm64/kvm.h                 |   9 +-
>   linux-headers/asm-x86/kvm.h                   |   1 +
>   linux-headers/linux/bits.h                    |   4 +-
>   linux-headers/linux/kvm.h                     |  25 ++
>   linux-headers/linux/vhost.h                   |   4 +-
>   target/i386/kvm/tdx-quote-generator.h         |  82 +++++
>   target/i386/kvm/tdx.h                         |  19 ++
>   target/i386/kvm/kvm.c                         |  15 +
>   target/i386/kvm/tdx-quote-generator.c         | 300 ++++++++++++++++++
>   target/i386/kvm/tdx-stub.c                    |   8 +
>   target/i386/kvm/tdx.c                         | 186 +++++++++++
>   target/i386/kvm/meson.build                   |   2 +-
>   21 files changed, 795 insertions(+), 75 deletions(-)
>   create mode 100644 target/i386/kvm/tdx-quote-generator.h
>   create mode 100644 target/i386/kvm/tdx-quote-generator.c
>