[RFC PATCH v2 4/8] conf: add tdx as launch security type
Zhenzhong Duan
zhenzhong.duan at intel.com
Fri Jul 16 03:10:32 UTC 2021
When 'tdx' is used, the VM will launched with Intel TDX feature enabled.
TDX feature supports running encrypted VM (Trust Domain, TD) under the
control of KVM. A TD runs in a CPU model which protects the
confidentiality of its memory and its CPU state from other software
There is a child element 'policy' and three optional element for tdx type.
In 'policy', bit 0 is used to enable TDX debug, other bits are reserved
currently. mrconfigid, mrowner and mrownerconfig are hex string of 48 * 2
length each.
For example:
<launchSecurity type='tdx'>
<policy>0x0001</policy>
<mrconfigid>xxx...xxx</mrconfigid>
<mrowner>xxx...xxx</mrowner>
<mrownerconfig>xxx...xxx</mrownerconfig>
</launchSecurity>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan at intel.com>
---
docs/schemas/domaincommon.rng | 16 ++++++++++++
src/conf/domain_conf.c | 47 +++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 9 +++++++
src/conf/virconftypes.h | 2 ++
4 files changed, 74 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index b81c51728d..fd77601886 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -486,6 +486,7 @@
<choice>
<value>sev</value>
<value>s390-pv</value>
+ <value>tdx</value>
</choice>
</attribute>
<interleave>
@@ -519,6 +520,21 @@
<data type="string"/>
</element>
</optional>
+ <optional>
+ <element name="mrconfigid">
+ <data type="string"/>
+ </element>
+ </optional>
+ <optional>
+ <element name="mrowner">
+ <data type="string"/>
+ </element>
+ </optional>
+ <optional>
+ <element name="mrownerconfig">
+ <data type="string"/>
+ </element>
+ </optional>
</interleave>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 92ab22d3fd..9510aa7b1f 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1402,6 +1402,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
"",
"sev",
"s390-pv",
+ "tdx",
);
static virClass *virDomainObjClass;
@@ -3502,6 +3503,10 @@ virDomainSecDefFree(virDomainSecDef *def)
g_free(def->data.sev.dh_cert);
g_free(def->data.sev.session);
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ g_free(def->data.tdx.mrconfigid);
+ g_free(def->data.tdx.mrowner);
+ g_free(def->data.tdx.mrownerconfig);
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -14773,6 +14778,29 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
}
+static int
+virDomainTDXDefParseXML(virDomainTDXDef *def,
+ xmlXPathContextPtr ctxt)
+{
+ VIR_XPATH_NODE_AUTORESTORE(ctxt)
+ unsigned long policy;
+
+ if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("failed to get launch security policy for "
+ "launch security type TDX"));
+ return -1;
+ }
+
+ def->policy = policy;
+ def->mrconfigid = virXPathString("string(./mrconfigid)", ctxt);
+ def->mrowner = virXPathString("string(./mrowner)", ctxt);
+ def->mrownerconfig = virXPathString("string(./mrownerconfig)", ctxt);
+
+ return 0;
+}
+
+
static virDomainSecDef *
virDomainSecDefParseXML(xmlNodePtr lsecNode,
xmlXPathContextPtr ctxt)
@@ -14792,6 +14820,10 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
if (virDomainSEVDefParseXML(&sec->data.sev, lsecNode, ctxt) < 0)
return NULL;
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ if (virDomainTDXDefParseXML(&sec->data.tdx, ctxt) < 0)
+ return NULL;
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
if ((n = virXPathNodeSet("./*", ctxt, NULL)) < 0)
return NULL;
@@ -26932,6 +26964,21 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
break;
}
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX: {
+ virDomainTDXDef *tdx = &sec->data.tdx;
+
+ virBufferAsprintf(&childBuf, "<policy>0x%04x</policy>\n", tdx->policy);
+
+ if (tdx->mrconfigid)
+ virBufferEscapeString(&childBuf, "<mrconfigid>%s</mrconfigid>\n", tdx->mrconfigid);
+ if (tdx->mrowner)
+ virBufferEscapeString(&childBuf, "<mrowner>%s</mrowner>\n", tdx->mrowner);
+ if (tdx->mrownerconfig)
+ virBufferEscapeString(&childBuf, "<mrownerconfig>%s</mrownerconfig>\n", tdx->mrownerconfig);
+
+ break;
+ }
+
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 5c22f252d0..b29045d0c4 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2646,6 +2646,7 @@ typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
VIR_DOMAIN_LAUNCH_SECURITY_PV,
+ VIR_DOMAIN_LAUNCH_SECURITY_TDX,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
@@ -2661,10 +2662,18 @@ struct _virDomainSEVDef {
unsigned int reduced_phys_bits;
};
+struct _virDomainTDXDef {
+ unsigned int policy;
+ char *mrconfigid;
+ char *mrowner;
+ char *mrownerconfig;
+};
+
struct _virDomainSecDef {
virDomainLaunchSecurity sectype;
union {
virDomainSEVDef sev;
+ virDomainTDXDef tdx;
} data;
};
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 21420ba8ea..e920f9a945 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -202,6 +202,8 @@ typedef struct _virDomainResourceDef virDomainResourceDef;
typedef struct _virDomainSEVDef virDomainSEVDef;
+typedef struct _virDomainTDXDef virDomainTDXDef;
+
typedef struct _virDomainSecDef virDomainSecDef;
typedef struct _virDomainShmemDef virDomainShmemDef;
--
2.25.1
More information about the libvir-list
mailing list