From nobody Sat Nov 15 05:28:17 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linux.intel.com ARC-Seal: i=1; a=rsa-sha256; t=1755177526; cv=none; d=zohomail.com; s=zohoarc; b=Ex3x25xMKLlsrdiTLq8ImN2ab4DsfPzXIwLEiSCc09+Ig0VRCsFRYrQwceb6xulkOgsE91HPfYkDMgkBj8cJG50ywly1QpLBFY+mBd1OodunJdRzUmuh7IAFF+eVXNczGuRAKgRi3XRoznwwIAMI2fQSdGlDitDBzYiuhr4ze5E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1755177526; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=1sqJBzUsXRPDM17LgRG6857o38HxQAYcW5aRkmik4OI=; b=nNuY/J9jAS7e5ngbbmJA6cTjIzDQdKxE/pJazHg5AyQhmhoFcg//D1vXj1U3PlkmP6OK/4SDo8Q+vekUbOsg/Bzz5GTgxgHjeYn8K0ZAF7FiErZ3qpBe9G116p6UsRBvPirjpcJ+4CU8xeHSrV+Xz+zce4DUYwE7Q+Drs6nV7lk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1755177525962742.3874800289195; Thu, 14 Aug 2025 06:18:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1umXiY-0003GS-E1; Thu, 14 Aug 2025 09:10:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1umX81-00057e-8H for qemu-devel@nongnu.org; Thu, 14 Aug 2025 08:32:21 -0400 Received: from mgamail.intel.com ([192.198.163.10]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1umX7r-0000D3-Ta for qemu-devel@nongnu.org; Thu, 14 Aug 2025 08:32:20 -0400 Received: from orviesa008.jf.intel.com ([10.64.159.148]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2025 05:32:01 -0700 Received: from agladkov-desk.ger.corp.intel.com (HELO himmelriiki.intel.com) ([10.245.244.92]) by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2025 05:32:00 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1755174732; x=1786710732; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=bevTCByl6UBAESZRwEE97NINll5vS1LciZXikIHEC8o=; b=mnWTkhhmN9SHyYuLA0xFR99a9HVWWagHBUPfVFMQ6ODfcIa2wbEzVWbg UlSzY9EAwUfjLlZCwx/THmx3ftZ8ppCp8H5GjB8VKTDtMVI9+zEvvfO6q m1z8mM36NvuruehVzPcSFLNRHwlC/wJ2lvQbjyXobZ89bQR6SxdPTtyuO N9McNB9ln80qFiSNJDKIKea3/Js5ZKCHl+U+ks9pd7wNug+bt1cS6nQ4q lWTLYVsyusjcapZT2t0Gftibcva9GpRlV3H9UdY9iX/7QJxtNTx2+24KG zTF41vmVpeQXpCZGCihFtTlEdVtjqe2ElzF2liVLDaawEWL6HcRYlMVzO w==; X-CSE-ConnectionGUID: 3b/TJLF3StOHn28pnNH/Gw== X-CSE-MsgGUID: M6gaE4Q+QvGYma7/SNlH3Q== X-IronPort-AV: E=McAfee;i="6800,10657,11520"; a="68863810" X-IronPort-AV: E=Sophos;i="6.17,287,1747724400"; d="scan'208";a="68863810" X-CSE-ConnectionGUID: aWJQV8pFSzygInbYZWH79A== X-CSE-MsgGUID: DG5HGnljTY65IlL+BV7JTA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.17,287,1747724400"; d="scan'208";a="167010450" From: Mikko Ylinen To: qemu-devel@nongnu.org Cc: xiaoyao.li@intel.com Subject: [PATCH] docs/system/i386: document TDG.VP.VMCALL and TD attestation Date: Thu, 14 Aug 2025 15:31:44 +0300 Message-ID: <20250814123144.136966-1-mikko.ylinen@linux.intel.com> X-Mailer: git-send-email 2.50.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=192.198.163.10; envelope-from=mikko.ylinen@linux.intel.com; helo=mgamail.intel.com X-Spam_score_int: -42 X-Spam_score: -4.3 X-Spam_bar: ---- X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Thu, 14 Aug 2025 09:09:26 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1755177527167124100 Content-Type: text/plain; charset="utf-8" TD attestation has been supported since the handling of TDG.VP.VMCALL was added. However, the documentation still states that TD attestation is future work. Update TDX documention to match with the code and move the TD attestation section up to the feature configuration section. In addition, add a link to TDX Enabling Guide that gives further details on how to setup the platform for attestation to work. Fixes: 40da501d8989 ("i386/tdx: handle TDG.VP.VMCALL") Reported-by: Benny Fuhry Signed-off-by: Mikko Ylinen Reviewed-by: Xiaoyao Li --- docs/system/i386/tdx.rst | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/docs/system/i386/tdx.rst b/docs/system/i386/tdx.rst index 8131750b64..47d8fd023f 100644 --- a/docs/system/i386/tdx.rst +++ b/docs/system/i386/tdx.rst @@ -97,6 +97,28 @@ if the fixed-1 feature is requested to be disabled expli= citly. This is newly added to QEMU for TDX because TDX has fixed-1 features that are forcibly e= nabled by TDX module and VMM cannot disable them. =20 +TD attestation +~~~~~~~~~~~~~~ + +In TD guest, the attestation process is used to verify the TDX guest +trustworthiness to other entities before provisioning secrets to the guest. + +TD attestation is initiated first by calling TDG.MR.REPORT inside TD to ge= t the +REPORT. Then the REPORT data needs to be converted into a remotely verifia= ble +TD-Quote signed by a service hosting TD-Quoting Enclave operating on the h= ost. + +The guest issues TDG.VP.VMCALL which is forwarded to user space = by KVM. +QEMU handles the request and sends the REPORT further to a Quote Generatio= n Service +(QGS) for signing. On success, a TD-Quote is returned back to the guest. + +To enable TD attestation, QGS destination must be configured using a +"quote-generation-socket" property. Intel reference TDX QGS supports the +following socket addresses: `{"type":"unix", "path":"/var/run/tdx-qgs/qgs.= socket"}` +or `{"type": "vsock", "cid":"2","port":""}`. + +See TDX Enabling Guide for details on how to provision the platform for +TD attestation to work. + Launching a TD (TDX VM) ----------------------- =20 @@ -112,6 +134,9 @@ split kernel-irqchip, as below: -machine ...,confidential-guest-support=3Dtdx0 \\ -bios OVMF.fd \\ =20 +Additional properties and their descriptions are documented in the QAPI +schema for the 'tdx-guest' object. + Restrictions ------------ =20 @@ -135,19 +160,6 @@ SEAMCALLs and corresonponding QEMU change. =20 It's targeted as future work. =20 -TD attestation --------------- - -In TD guest, the attestation process is used to verify the TDX guest -trustworthiness to other entities before provisioning secrets to the guest. - -TD attestation is initiated first by calling TDG.MR.REPORT inside TD to ge= t the -REPORT. Then the REPORT data needs to be converted into a remotely verifia= ble -Quote by SGX Quoting Enclave (QE). - -It's a future work in QEMU to add support of TD attestation since it lacks -support in current KVM. - Live Migration -------------- =20 @@ -158,4 +170,4 @@ References =20 - `TDX Homepage `__ =20 -- `SGX QE `__ +- `TDX Enabling Guide `__ --=20 2.50.1