[RFC PATCH 5/7] qemu: add support to TDVF firmware loader

Pavel Hrdina phrdina at redhat.com
Fri Jun 18 12:33:36 UTC 2021 

On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote:
> TDX guest need a specific firmware TDVF to bootup, add a new element
> in TrustDomain element for that purpose, like below:
> 
> <TrustDomain type='tdx'>
>    <policy>0x0001</policy>
>    <loader>/path/to/TDVF-binary</loader>
> </TrustDomain>

Looking into QEMU patches and if I understand it correctly this loader
is supposed to be used instead of UEFI or BIOS? If that's true I don't
think it should be here as we already have XML bits to specify VM
loader.

We could use something like this:

  <os>
    <loader type='generic'>/path/to/TDVF-binary</loader>
  </os>

Currently supported types are:

 - `rom` which is translated to

     -bios /path/to/bios.bin

 - `pflash` which is translated to

     -drive file=/path/to/uefi.fd,if=pflash,format=raw,...

And we could add a new type called 'generic', 'device', 'binary' or
something else which would be translated to:

     -device loader,file=/path/to/TDVF-binary,...

Pavel

> Qemu command line looks like:
> 
> $QEMU ... \
>   -device loader,file= /path/to/TDVF-binary,id=fd0
> 
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan at intel.com>
> ---
>  docs/schemas/domaincommon.rng                   | 3 +++
>  src/conf/domain_conf.c                          | 6 ++++++
>  src/conf/domain_conf.h                          | 1 +
>  src/qemu/qemu_command.c                         | 4 ++++
>  tests/genericxml2xmlindata/trust-domain-tdx.xml | 1 +
>  tests/qemuxml2argvdata/trust-domain-tdx.xml     | 1 +
>  6 files changed, 16 insertions(+)
> 
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 2b39a01e84..b439012648 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -530,6 +530,9 @@
>          <element name="policy">
>            <ref name="hexuint"/>
>          </element>
> +        <element name="loader">
> +          <data type="string"/>
> +        </element>
>        </interleave>
>      </element>
>    </define>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index a51db088c1..0513d6d016 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -3515,6 +3515,7 @@ virDomainTDXDefFree(virDomainTDXDef *def)
>      if (!def)
>          return;
>  
> +    g_free(def->loader);
>      g_free(def);
>  }
>  
> @@ -14849,6 +14850,7 @@ virDomainTDXDefParseXML(xmlNodePtr tdxNode,
>      }
>  
>      def->policy = policy;
> +    def->loader = virXPathString("string(./loader)", ctxt);
>  
>      return def;
>  
> @@ -26950,6 +26952,10 @@ virDomainTDXDefFormat(virBuffer *buf, virDomainTDXDef *tdx)
>      virBufferAsprintf(buf, "<TrustDomain type='tdx'>\n");
>      virBufferAdjustIndent(buf, 2);
>      virBufferAsprintf(buf, "<policy>0x%04x</policy>\n", tdx->policy);
> +
> +    if (tdx->loader)
> +        virBufferEscapeString(buf, "<loader>%s</loader>\n", tdx->loader);
> +
>      virBufferAdjustIndent(buf, -2);
>      virBufferAddLit(buf, "</TrustDomain>\n");
>  }
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 7cb5061c8c..cabfc80b4b 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2671,6 +2671,7 @@ typedef enum {
>  struct _virDomainTDXDef {
>      int sectype; /* enum virDomainTrustDomain */
>      unsigned int policy; /* bit 0 set hint debug enabled, other bit reserved */
> +    char *loader; /* patch for TDX TDVF firmware */
>  };
>  
>  typedef enum {
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 1e14c95a49..891d795b02 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -9885,6 +9885,10 @@ qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
>  
>      virCommandAddArg(cmd, "-object");
>      virCommandAddArgBuffer(cmd, &buf);
> +
> +    virCommandAddArg(cmd, "-device");
> +    virCommandAddArgFormat(cmd, "loader,id=fd0,file=%s", tdx->loader);
> +
>      return 0;
>  }
>  
> diff --git a/tests/genericxml2xmlindata/trust-domain-tdx.xml b/tests/genericxml2xmlindata/trust-domain-tdx.xml
> index 7a56cf0e92..7422f0c06f 100644
> --- a/tests/genericxml2xmlindata/trust-domain-tdx.xml
> +++ b/tests/genericxml2xmlindata/trust-domain-tdx.xml
> @@ -16,6 +16,7 @@
>    </devices>
>    <TrustDomain type='tdx'>
>      <policy>0x0001</policy>
> +    <loader>/path/to/TDVF-binary</loader>
>    </TrustDomain>
>  </domain>
>  
> diff --git a/tests/qemuxml2argvdata/trust-domain-tdx.xml b/tests/qemuxml2argvdata/trust-domain-tdx.xml
> index e0f0b77866..1d8ad45c4c 100644
> --- a/tests/qemuxml2argvdata/trust-domain-tdx.xml
> +++ b/tests/qemuxml2argvdata/trust-domain-tdx.xml
> @@ -32,5 +32,6 @@
>    </devices>
>    <TrustDomain type='tdx'>
>      <policy>0x0001</policy>
> +    <loader>/path/to/TDVF-binary</loader>
>    </TrustDomain>
>  </domain>
> -- 
> 2.25.1
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210618/4bf9e0b3/attachment-0001.sig>

More information about the libvir-list mailing list