[RFC PATCH 5/7] qemu: add support to TDVF firmware loader
Pavel Hrdina
phrdina at redhat.com
Fri Jun 18 12:33:36 UTC 2021
On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote:
> TDX guest need a specific firmware TDVF to bootup, add a new element
> in TrustDomain element for that purpose, like below:
>
> <TrustDomain type='tdx'>
> <policy>0x0001</policy>
> <loader>/path/to/TDVF-binary</loader>
> </TrustDomain>
Looking into QEMU patches and if I understand it correctly this loader
is supposed to be used instead of UEFI or BIOS? If that's true I don't
think it should be here as we already have XML bits to specify VM
loader.
We could use something like this:
<os>
<loader type='generic'>/path/to/TDVF-binary</loader>
</os>
Currently supported types are:
- `rom` which is translated to
-bios /path/to/bios.bin
- `pflash` which is translated to
-drive file=/path/to/uefi.fd,if=pflash,format=raw,...
And we could add a new type called 'generic', 'device', 'binary' or
something else which would be translated to:
-device loader,file=/path/to/TDVF-binary,...
Pavel
> Qemu command line looks like:
>
> $QEMU ... \
> -device loader,file= /path/to/TDVF-binary,id=fd0
>
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan at intel.com>
> ---
> docs/schemas/domaincommon.rng | 3 +++
> src/conf/domain_conf.c | 6 ++++++
> src/conf/domain_conf.h | 1 +
> src/qemu/qemu_command.c | 4 ++++
> tests/genericxml2xmlindata/trust-domain-tdx.xml | 1 +
> tests/qemuxml2argvdata/trust-domain-tdx.xml | 1 +
> 6 files changed, 16 insertions(+)
>
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 2b39a01e84..b439012648 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -530,6 +530,9 @@
> <element name="policy">
> <ref name="hexuint"/>
> </element>
> + <element name="loader">
> + <data type="string"/>
> + </element>
> </interleave>
> </element>
> </define>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index a51db088c1..0513d6d016 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -3515,6 +3515,7 @@ virDomainTDXDefFree(virDomainTDXDef *def)
> if (!def)
> return;
>
> + g_free(def->loader);
> g_free(def);
> }
>
> @@ -14849,6 +14850,7 @@ virDomainTDXDefParseXML(xmlNodePtr tdxNode,
> }
>
> def->policy = policy;
> + def->loader = virXPathString("string(./loader)", ctxt);
>
> return def;
>
> @@ -26950,6 +26952,10 @@ virDomainTDXDefFormat(virBuffer *buf, virDomainTDXDef *tdx)
> virBufferAsprintf(buf, "<TrustDomain type='tdx'>\n");
> virBufferAdjustIndent(buf, 2);
> virBufferAsprintf(buf, "<policy>0x%04x</policy>\n", tdx->policy);
> +
> + if (tdx->loader)
> + virBufferEscapeString(buf, "<loader>%s</loader>\n", tdx->loader);
> +
> virBufferAdjustIndent(buf, -2);
> virBufferAddLit(buf, "</TrustDomain>\n");
> }
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 7cb5061c8c..cabfc80b4b 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2671,6 +2671,7 @@ typedef enum {
> struct _virDomainTDXDef {
> int sectype; /* enum virDomainTrustDomain */
> unsigned int policy; /* bit 0 set hint debug enabled, other bit reserved */
> + char *loader; /* patch for TDX TDVF firmware */
> };
>
> typedef enum {
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 1e14c95a49..891d795b02 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -9885,6 +9885,10 @@ qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
>
> virCommandAddArg(cmd, "-object");
> virCommandAddArgBuffer(cmd, &buf);
> +
> + virCommandAddArg(cmd, "-device");
> + virCommandAddArgFormat(cmd, "loader,id=fd0,file=%s", tdx->loader);
> +
> return 0;
> }
>
> diff --git a/tests/genericxml2xmlindata/trust-domain-tdx.xml b/tests/genericxml2xmlindata/trust-domain-tdx.xml
> index 7a56cf0e92..7422f0c06f 100644
> --- a/tests/genericxml2xmlindata/trust-domain-tdx.xml
> +++ b/tests/genericxml2xmlindata/trust-domain-tdx.xml
> @@ -16,6 +16,7 @@
> </devices>
> <TrustDomain type='tdx'>
> <policy>0x0001</policy>
> + <loader>/path/to/TDVF-binary</loader>
> </TrustDomain>
> </domain>
>
> diff --git a/tests/qemuxml2argvdata/trust-domain-tdx.xml b/tests/qemuxml2argvdata/trust-domain-tdx.xml
> index e0f0b77866..1d8ad45c4c 100644
> --- a/tests/qemuxml2argvdata/trust-domain-tdx.xml
> +++ b/tests/qemuxml2argvdata/trust-domain-tdx.xml
> @@ -32,5 +32,6 @@
> </devices>
> <TrustDomain type='tdx'>
> <policy>0x0001</policy>
> + <loader>/path/to/TDVF-binary</loader>
> </TrustDomain>
> </domain>
> --
> 2.25.1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210618/4bf9e0b3/attachment-0001.sig>
More information about the libvir-list
mailing list