From nobody Sat May 30 17:44:14 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1778576326; cv=none; d=zohomail.com; s=zohoarc; b=hp03qcYB4NuP2ODuWOv+dO8BLGblyC6Y8geuVPjy7zoRrW6ajYXql2CUcZUypW/WDMz1dQr14w2VWmrnAbrOd0XbdI2esGTDpdV63DJbUDh6Uce74uFHY+gkw93p+WC1nIHHzXHQj9nuVnVoX+ustKxJhoi2fBY+ds+TVJarz/s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778576326; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=53KxDfz18/SvW6SEY+vchty21qqREeX/H33E5fdssqE=; b=ZNXeZ3FcWnWywgdIiOBeOp/UE4WIwrWCIfZLb91YDT4RiO7Mg02MhV3STkkLQxsM2k082PfV5fWZFXQgYyjBxNCQTcSG4Dz+LBYoQBJOLDs5lNgKtdsTsTciYcl8FK9NbMO8gMgUQFKKLefS/EXllNMZieHKVoD/iUsjQznS7do= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778576325887654.0031284309586; Tue, 12 May 2026 01:58:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMiwJ-0000r1-1O; Tue, 12 May 2026 04:58:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwH-0000q8-Ll for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:05 -0400 Received: from mgamail.intel.com ([192.198.163.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwE-0007RW-VK for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:05 -0400 Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2026 01:58:01 -0700 Received: from lxy-clx-4s.sh.intel.com ([10.239.48.22]) by orviesa004.jf.intel.com with ESMTP; 12 May 2026 01:58:00 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1778576283; x=1810112283; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4oGdRsgYcFCJIGOUQkkzhU5cQ9VCQ2JvsyjXjqkYgmU=; b=U/FW5kliZ7zBC6/iB8qhEfxMenzvaefHtMbM0rP5MPkrqKZOr2K1W1nN klH8M/rKBYANNKtirBZOb6ESCiT8LjjlWauPgaGqbztf4EfHJtV6yfx7f +VxiRWemKZPw3hvNaEI971eoNy4Vjqw/mtiNwUwlvcK1uGGsvh5513DkA OGajVXMmv25WeYIFivx3G7uibcRuqdM60Inl67Tzet4P/kag8TEQNeJe5 U90WC+1/5Zk8IF/VF8C4TUuKw7L9Tn1TQmlpo/pWSYM97V4GpZXrYpka8 48kbNooIUzRIPfr0WsKso+dgps1MMvMhEvlrgLjUtuHUUitN+2p84ftjk Q==; X-CSE-ConnectionGUID: JS0V1cidQTiYcoK8O7u+uQ== X-CSE-MsgGUID: NCKiL4mwTTuv1jWfdoFn4A== X-IronPort-AV: E=McAfee;i="6800,10657,11783"; a="78510921" X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="78510921" X-CSE-ConnectionGUID: bE34/gy4Ty+4h4ENBRkhqg== X-CSE-MsgGUID: i7Uo5vGDSeSh3cQJONYo+A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="242065519" From: Xiaoyao Li To: Paolo Bonzini , Pierrick Bouvier Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org, =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , xiaoyao.li@intel.com Subject: [PATCH v2 1/5] i386/sev: Remove the example that references memory-encryption Date: Tue, 12 May 2026 16:44:54 +0800 Message-ID: <20260512084458.622465-2-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260512084458.622465-1-xiaoyao.li@intel.com> References: <20260512084458.622465-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=192.198.163.19; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.999, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1778576327977158500 "confidential-guest-support" is the recommended property to configure sev for the machine, and amd-memory-encryption.rst has already switched to use "confidential-guest-support" in the example. Instead of changing "memory-encryption" to "confidential-guest-support" in the comment of struct SevGuestState, just drop the example for simplicity. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Xiaoyao Li --- target/i386/sev.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index b44b5a1c2b94..f70f2ab4497f 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -160,10 +160,6 @@ struct SevCommonStateClass { * * The SevGuestState object is used for creating and managing a SEV * guest. - * - * # $QEMU \ - * -object sev-guest,id=3Dsev0 \ - * -machine ...,memory-encryption=3Dsev0 */ struct SevGuestState { SevCommonState parent_obj; --=20 2.43.0 From nobody Sat May 30 17:44:14 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1778576359; cv=none; d=zohomail.com; s=zohoarc; b=K3GvjOKJ0Hq2lbdNp+wym1tXmPkgGWksosZUXZIMmb16dnmmt88Vu92aqgb0B9P/qHHy+6cSFGUpuUq5to/HzV+bEySc9d5wveqS/SR1mfWfy9XJs6jcqi4BxZzw8+6M3N3YKuL44eh8YmA7onEQfyhPlq0K4Vo4llc9Gpp33EI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778576359; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2V6HH8oE83/b2wuVa7qXQTMCA5vHz+MPZ1+9F6mN5ek=; b=C5jrcUig0kUWClXkVuCZsgN8qGd/QrP/WmINTqoP+nCMU63cjFjmCKRJWJwgSjJjrWhwn8cEARERqRFdALhI5pWKUzlQ+PdBb88qEeunn2yuZkYowCgm3+OBskPltRpYpveZCXdyJV4elgDOHZm0lYBnPve8Ktzm3X0NsWqG0Qs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778576359740623.487454228303; Tue, 12 May 2026 01:59:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMiwK-0000s8-Fb; Tue, 12 May 2026 04:58:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwI-0000qP-7q for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:06 -0400 Received: from mgamail.intel.com ([192.198.163.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwG-0007SD-OG for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:05 -0400 Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2026 01:58:03 -0700 Received: from lxy-clx-4s.sh.intel.com ([10.239.48.22]) by orviesa004.jf.intel.com with ESMTP; 12 May 2026 01:58:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1778576285; x=1810112285; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=e3vqDuzn5CebKXoD/rL/+POqcwdYe7Qne4/lWzZcVGk=; b=IRBXkImqCemO8Eebc3/h+KkyWvWveMpcAH29lOe7vZxKiFJfiuiGUKrt 8nFeJkeQXHmuqCnAqCOOBvOrLA+4SGD3XjntHYu826X9hFGoh47475yZy nkWxjjMnAol+Kl6I5IT5/5H4b/bFKG/u80riQS+lOK9h6FXBx7H9GUmJa nxWLxyDUPb99V13fciSQq0Rj7BxxM4XfNh8b0OuaKJc8S7w9ikX4+hAyC jqX6zIDzjUc0uwmsCEHhIksx7UnVAsFY5q1Wfc6jN5w5aNgNx2xxdZNIj ibhoZWEb33CI3u77vXrGj/RFShsjpqKYyZ9SP6k4hwh7xqmehc41NJSqJ Q==; X-CSE-ConnectionGUID: w+CxC1AnSTiZrdlw3GrD3g== X-CSE-MsgGUID: PqrWfA3kS8ycS1LgBJ38wQ== X-IronPort-AV: E=McAfee;i="6800,10657,11783"; a="78510925" X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="78510925" X-CSE-ConnectionGUID: 98H/RvNqQpSpmZjDKe/now== X-CSE-MsgGUID: mLd74FrjSdKEiBrhQlzKYQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="242065530" From: Xiaoyao Li To: Paolo Bonzini , Pierrick Bouvier Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org, =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , xiaoyao.li@intel.com Subject: [PATCH v2 2/5] qemu-options: Change memory-encryption to confidential-guest-support in the example Date: Tue, 12 May 2026 16:44:55 +0800 Message-ID: <20260512084458.622465-3-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260512084458.622465-1-xiaoyao.li@intel.com> References: <20260512084458.622465-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=192.198.163.19; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.999, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1778576362812154100 "confidential-guest-support" is the recommended property instead of "memory-encryption". Switch to "confidential-guest-support" in the example of sev-guest. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Xiaoyao Li --- qemu-options.hx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu-options.hx b/qemu-options.hx index 96ae41f787ba..25ed486ff5d2 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -6343,7 +6343,7 @@ SRST # |qemu_system_x86| \\ ...... \\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bit= s=3D1 \\ - -machine ...,memory-encryption=3Dsev0 \\ + -machine ...,confidential-guest-support=3Dsev0 \\ ..... =20 ``-object igvm-cfg,file=3Dfile`` --=20 2.43.0 From nobody Sat May 30 17:44:14 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1778576340; cv=none; d=zohomail.com; s=zohoarc; b=Fu843prmwRWGcbO6lL5+2gR3aU2qXPy7Hk5NeBvIb6p1anDtm6ryMy3ZwYDFg52UDMF/S1pUEot0aZr59H2TLxB5CmJr9x7tlTJeYoy1HT64LZMGP5V5o0RgW8hm96ZL0IKj2N04nRcCrRHTYIuSvh3hcVXh9UxcDs9jwnywQs8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778576340; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Z70bL1erdstY/WueNMIWSO7cKWn/qmDDkx6PIRUSd38=; b=Yxra6D0IatdKojgce42+BYHr9Qdz2E0gwTeoGzH9mXLTITKA4YC811iOJOftDvkUdmQLRQS3jvPGLnfMhjdFLXnxbvDaTovMQFQpsmmZ+Dfjt45BUV9t/F4n79Idl+FRY3L4ejHEDCzQHIvoxkDanKUsGOVfoBGm84A9nEIv6jY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778576340495780.8081639677202; Tue, 12 May 2026 01:59:00 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMiwM-0000sv-RZ; Tue, 12 May 2026 04:58:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwJ-0000rq-Ja for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:07 -0400 Received: from mgamail.intel.com ([192.198.163.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwI-0007RW-0A for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:07 -0400 Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2026 01:58:05 -0700 Received: from lxy-clx-4s.sh.intel.com ([10.239.48.22]) by orviesa004.jf.intel.com with ESMTP; 12 May 2026 01:58:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1778576286; x=1810112286; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=GrJus0A4zvxhjKK+Vj0V4r2iRoInyrdrtEk8Go8i9cY=; b=O+3iNw2rXbvy1rh993A90daIEoEMQP/ovVHzvI9TVOtb38NnyTOz+4Ni aw/ZrQLX4yVzshSboAjYdqroVBQQ3h6UluXwO2ProZPdpZZbOsk62d3HP H1VUl53lYhIpUmQy5cA1QYqFlgzXvDUhL7k00r6yR/a7dik10nFw2dVW+ Li1v8ScDBlxEFH8p5xHsHyl/pT6ulB2waj5YAMJH8sKkgIYxIm0h966Xi Rd8YrusqWbecrlrkHMMKvLNIy0J2yuWsgBc5Zhsm0BSBY1m0ITG1lWHrY Vt3A4acXP+ljb8w1kWO78I5AzFzyx1NZn4Sl8+7BKhHA+1eDp/Buz2uqr w==; X-CSE-ConnectionGUID: EUyua/4DTQOur9jlbMfO8Q== X-CSE-MsgGUID: c3aXfmYNSaSYWnLbnP0Z1Q== X-IronPort-AV: E=McAfee;i="6800,10657,11783"; a="78510929" X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="78510929" X-CSE-ConnectionGUID: gATt+gYTS3ekOKS4y4UQvg== X-CSE-MsgGUID: OLjcu8x7TtmIvrpCjVL4Rw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="242065539" From: Xiaoyao Li To: Paolo Bonzini , Pierrick Bouvier Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org, =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , xiaoyao.li@intel.com Subject: [PATCH v2 3/5] qemu-options: Add confidential-guest-support to machine options Date: Tue, 12 May 2026 16:44:56 +0800 Message-ID: <20260512084458.622465-4-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260512084458.622465-1-xiaoyao.li@intel.com> References: <20260512084458.622465-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=192.198.163.19; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.999, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1778576342610154100 "confidential-guest-support" is the recommended property to configure machine with confidential computing technology instead of "memory-encryption". Add "confidential-guest-support" to machine options and call out explicitly "memory-encryption" is the alias of it and not recommended. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Xiaoyao Li --- qemu-options.hx | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu-options.hx b/qemu-options.hx index 25ed486ff5d2..ea4ae26b8d72 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -36,7 +36,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \ " dea-key-wrap=3Don|off controls support for DEA key wr= apping (default=3Don)\n" " suppress-vmdesc=3Don|off disables self-describing mig= ration (default=3Doff)\n" " nvdimm=3Don|off controls NVDIMM support (default=3Dof= f)\n" - " memory-encryption=3D memory encryption object to = use (default=3Dnone)\n" + " confidential-guest-support=3D specifies confident= ial guest support object (default=3Dnone)\n" + " memory-encryption=3D (memory-encryption is the al= ias of confidential-guest-support, recommend to use confidential-guest-supp= ort)\n" " hmat=3Don|off controls ACPI HMAT support (default=3Do= ff)\n" " spcr=3Don|off controls ACPI SPCR support (default=3Do= n)\n" #ifdef CONFIG_POSIX @@ -100,8 +101,12 @@ SRST ``nvdimm=3Don|off`` Enables or disables NVDIMM support. The default is off. =20 + ``confidential-guest-support=3D`` + confidential guest support object to use. The default is none. + ``memory-encryption=3D`` - Memory encryption object to use. The default is none. + The alias of ``confidential-guest-support``. Recommend to use + confidential-guest-support. =20 ``hmat=3Don|off`` Enables or disables ACPI Heterogeneous Memory Attribute Table --=20 2.43.0 From nobody Sat May 30 17:44:14 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1778576333; cv=none; d=zohomail.com; s=zohoarc; b=J4R1dIIFREmWj2/mNy9TbZaIgR8IcaxIDHBevZIhcSS1pklYMcsa9p7/oxbdAKx4o0zgcyUSf4WDbzkUpWl7UvU0A/PM83vXpJX8hGa05Sp+Y/4h3gWsOMhcICu9CDkb1Mn1696jyjHR+Ci7WHj88X9n6D4IV/AATe7xqhD+IeY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778576333; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=R0FasbSHc4dvMxQgOd8UCeOPLjeTrxXqB2qW0nH5ZPM=; b=HvLvhTiOXQsmUsU1TrclJB44EVmHJ76r8Sy0vXrbjhjnZbLjV/GViFWSjM2/n76BxqqwAT6qG4Q5JSnFHHZMugi5Nu55hLlThMdOW3swRUevmwDMqR5YvFgShz/dA6Y3p2lBcOzzO2Un1N+tJcKrsUonKHsu/JZPPbYMw5rV42M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778576333754611.4841922752237; Tue, 12 May 2026 01:58:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMiwN-0000tG-9f; Tue, 12 May 2026 04:58:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwL-0000sP-IP for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:09 -0400 Received: from mgamail.intel.com ([192.198.163.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwJ-0007RW-Vr for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:09 -0400 Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2026 01:58:07 -0700 Received: from lxy-clx-4s.sh.intel.com ([10.239.48.22]) by orviesa004.jf.intel.com with ESMTP; 12 May 2026 01:58:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1778576288; x=1810112288; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ccTxULIS1GySBSoFJkKx4mBbmknXtDaG4L2R2ogo9cQ=; b=f5OOw7c6UmoijNPco/AIexJxrwvlz3JK1PDJzCEaDAbtANeALwW2NCMF 2nUE7rYio0wvPFeirG/MtWniF+GFfLJOdLvonXTT04kCxI1xVBI902T0e UDmjAZs4Jf1hCy62UoowMvayJigYMjzhvD70k4uoq+El7kdACH26/Uq3i DfrftiwcwwiN8VOH3SMM1SGhH16KOXmUZx25JTSkqBoicuFaI1SCHLBol vaU/8ljFKUtLZpMTSQElrPflZm+DBD9NBLUrUYwFx3okvmwLqwgg3mRvB chT4voQgF0ZZpWmGfe30MiXf4rYlGwrizasA8VGLDZzPx/an1bKUO7Ast g==; X-CSE-ConnectionGUID: B+YuZEj9S968/UOocvoptw== X-CSE-MsgGUID: VMKtPY/2QZWhV2KLcnZBZg== X-IronPort-AV: E=McAfee;i="6800,10657,11783"; a="78510933" X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="78510933" X-CSE-ConnectionGUID: icoK65rAS46hwQ+dE1NtcA== X-CSE-MsgGUID: 6Vo1KRwlTOSHG8b/KS349Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="242065547" From: Xiaoyao Li To: Paolo Bonzini , Pierrick Bouvier Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org, =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , xiaoyao.li@intel.com Subject: [PATCH v2 4/5] qemu-options: Add description of tdx-guest object Date: Tue, 12 May 2026 16:44:57 +0800 Message-ID: <20260512084458.622465-5-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260512084458.622465-1-xiaoyao.li@intel.com> References: <20260512084458.622465-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=192.198.163.19; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.999, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1778576335551158500 Content-Type: text/plain; charset="utf-8" Add description of tdx-guest object so that QEMU doc page can have the description. Signed-off-by: Xiaoyao Li --- Changes in v2: - fix typo and add property after each property name; (Daniel) - include how 'quote-generation-socket' is configured in the example; (Dani= el) --- qemu-options.hx | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/qemu-options.hx b/qemu-options.hx index ea4ae26b8d72..f13ce0a3aa22 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -6351,6 +6351,47 @@ SRST -machine ...,confidential-guest-support=3Dsev0 \\ ..... =20 + ``-object tdx-guest,id=3Did,[attributes=3Dattrs,sept-ve-disable=3Don|o= ff,mrconfigid=3Dsha384_digest,mrowner=3Dsha384_digest,mrownerconfig=3Dsha38= 4_digest,quote-generation-socket=3Dsocketaddr]`` + Create an Intel Trusted Domain eXtensions (TDX) guest object, whic= h is + the type of ``confidential-guest-support`` object. When pass the o= bject + ID to machine's ``confidential-guest-support`` property, it can cr= eate + a TDX guest. + + The ``attributes`` property is a 64-bit integer, which specifies t= he + TD attributes of the TD. + + The ``sept-ve-disable`` property controls the bit 28 of TD attribu= tes + specifically. When it's on, the EPT violation conversion to #VE on + guest access of PENDING pages is disabled. Some guest OS (e.g., Li= nux + TD guest) may require this to be set, otherwise they refuse to boo= t. + The default value is on. + + The ``mrconfigid`` property is base64 encoded SHA384 digest, which + provides the ID for non-owner-defined configuration of the guest T= D, + e.g., run-time or OS configuration. The default value is all zeros. + + The ``mrowner`` property is base64 encoded SHA384 digest, which + provides the ID for guest TD's owner. The default value is all zer= os. + + The ``mrownerconfig`` property is base64 encoded SHA384 digest, wh= ich + provides the ID for owner-defined configuration of the guest TD, e= .g., + the configuration specific to the workload rather than the run-tim= e of + OS. The default value is all zeros. + + The ``quote-generation-socket`` property specifies the socket addr= ess + of the Quote Generation Service (QGS). QGS is a daemon running on = the + host. QEMU forwards the request from TD guest to QGS and + sents the reply (which contains generated QUOTE on success) from Q= GS + to guest TD. + + .. parsed-literal:: + + # |qemu_system_x86| \\ + ...... \\ + -object '{"qom-type":"tdx-guest","id":"tdx","quote-genera= tion-socket":{"type":"unix","path":"/var/run/qgs.socket"}}' \\ + -machine ...,confidential-guest-support=3Dtdx \\ + ...... + ``-object igvm-cfg,file=3Dfile`` Create an IGVM configuration object that defines the initial state of the guest using a file in that conforms to the Independent Guest --=20 2.43.0 From nobody Sat May 30 17:44:14 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1778576334; cv=none; d=zohomail.com; s=zohoarc; b=GA8X3GrxbQeVaE6nPo4q3wuvXUBrnTLfOqY12O88oMRdI094ELbZiU2qOulFZHFk/KZu/Z9xXP19UqJY2WXcLjRu5z7lLHOQA3nu7mq7ISqLHoBVXlqOenqcC/91cnrAetHT5H/I6Ck6M/Y+RPcTXKfQxL4sHdffl0Xv83QEt7Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778576334; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=W5A3FdBji01hiFp8TYjsZ6CnIqtdRNo/+KvkS20K8G8=; b=VkNKfCZ9IPSAExHHOGdOPZSSQb1+gIsOBcjzNf+8sGlZoMwPqJy6rvqBaNUcjTFbBm9v4AVu2Yv1sO3icXIiNn7g+KG0mNYSV52PYZx/hU3CrFmElvGfOhqCschPz7b3/w1AIf7jTlu+sJRJ1yh6xlOnGHjT3RlN5lZd+ZsPRpY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778576334064102.60326266483844; Tue, 12 May 2026 01:58:54 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMiwO-0000tO-PX; Tue, 12 May 2026 04:58:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwN-0000t8-1X for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:11 -0400 Received: from mgamail.intel.com ([192.198.163.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMiwL-0007UU-G5 for qemu-devel@nongnu.org; Tue, 12 May 2026 04:58:10 -0400 Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2026 01:58:09 -0700 Received: from lxy-clx-4s.sh.intel.com ([10.239.48.22]) by orviesa004.jf.intel.com with ESMTP; 12 May 2026 01:58:07 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1778576289; x=1810112289; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=2jrOHcNmmoeG8OYa4BUw32tOAHy5w3m8RmqkoBb0zUo=; b=Zlr4C9SSzzgyGIpLQLc557rHj5nCzID7Uo7vJ3Ix/ofWznm3ciuZBDg/ 3+F71cAluGQ3q+UY2m7sclpcPnGEU4e1G6svETAZVCcbnDErmit0Wafd9 ad8sD3pQVKRRJ40d0OvsXFrIpKClTeBYlkX9wV7WdctbLrKmBDk58LDXb liN+lDNsDoHH46RxsN6NdPfyGapIo6nLUdc+Xshzk6NVKcyZpbllGjoYj XxAaDAtfXuMdrKOBoGhAApX4+pRLJ2ZBiqjL5Pu24+1SkCxhutfYtc9Gr 4hnk3+Vl9fyaLYiA1QOxOIoiO3J7YShoLNzcp93FE4tiF/TNN/lXsiv2T g==; X-CSE-ConnectionGUID: YrFIOY73QGKi5QyXjbA4Gw== X-CSE-MsgGUID: tjPccyNRQtavzF2BVF85Qg== X-IronPort-AV: E=McAfee;i="6800,10657,11783"; a="78510938" X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="78510938" X-CSE-ConnectionGUID: I5ZNqitCSOGs0h4p6z7yAw== X-CSE-MsgGUID: ZoIDPVepTg+N+iWc63EU+Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,230,1770624000"; d="scan'208";a="242065557" From: Xiaoyao Li To: Paolo Bonzini , Pierrick Bouvier Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org, =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , xiaoyao.li@intel.com Subject: [PATCH v2 5/5] machine: Deprecate memory-encryption Date: Tue, 12 May 2026 16:44:58 +0800 Message-ID: <20260512084458.622465-6-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260512084458.622465-1-xiaoyao.li@intel.com> References: <20260512084458.622465-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=192.198.163.19; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.999, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1778576336985154100 We've had 'confidential-guest-support' for long enough that no one should be using 'memory-encryption' anymore. Deprecate 'memory-encryption' by adding notes in docs/about/deprecated.rst and print a warning when 'memory-encryptio' is used. Suggested-by: Daniel P. Berrang=C3=A9 Signed-off-by: Xiaoyao Li Link: https://lore.kernel.org/qemu-devel/aMPYkUsytGxLPIM7@redhat.com/ --- docs/about/deprecated.rst | 7 +++++++ hw/core/machine.c | 2 ++ 2 files changed, 9 insertions(+) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 5551bd12ad83..d60c7206ec4d 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -305,6 +305,13 @@ they want to use and avoids confusion. Existing users= of the ``spike`` machine must ensure that they're setting the ``spike`` machine in the command line (``-M spike``). =20 +``memory-encryption`` machine property (since 11.1) +''''''''''''''''''''''''''''''''''''''''''''''''''' + +Use ``confidential-guest-support`` instead. The ``memory-encryption`` obje= ct +was an early implementation of memory encryption support in QEMU, but it h= as +been superseded by the more comprehensive ``confidential-guest-support`` +object. =20 Backend options --------------- diff --git a/hw/core/machine.c b/hw/core/machine.c index 63baff859f3d..baa275b87dcc 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -490,6 +490,8 @@ static void machine_set_memory_encryption(Object *obj, = const char *value, Object *cgs =3D object_resolve_path_component(object_get_objects_root(), value); =20 + warn_report("memory-encryption is deprecated, use confidential-guest-s= upport instead"); + if (!cgs) { error_setg(errp, "No such memory encryption object '%s'", value); return; --=20 2.43.0