[RFC PATCH v2 0/8] LIBVIRT: X86: TDX support
Pavel Hrdina
phrdina at redhat.com
Wed Jul 21 14:22:35 UTC 2021
On Fri, Jul 16, 2021 at 11:10:28AM +0800, Zhenzhong Duan wrote:
> Thanks Peter, Pavel and Daniel's comments on v1 version, now the v2 comes.
>
> * What's TDX?
> TDX stands for Trust Domain Extensions which isolates VMs from
> the virtual-machine manager (VMM)/hypervisor and any other software on
> the platform.
>
> To support TDX, multiple software components, not only KVM but also QEMU,
> guest Linux and virtual bios, need to be updated. For more details, please
> check link[1], there are TDX spec links and public repository link at github
> for each software component.
>
> This patchset is another software component to extend libvirt to support TDX,
> with which one can start a VM from high level rather than running qemu directly.
>
>
> * The goal of this RFC patch
> The purpose of this post is to get feedback early on high level design issue of
> libvirt enhancement for TDX. Referenced much on AMD SEV and S390 PV implemention
> at link[2][3]. This 2nd version is rebased on upstream + s390 v4 version as
> shown in [3] to utilize the common launchsecurity framework code.
>
>
> * Patch organization
> - patch 1-3: Support query of TDX capabilities.
> - patch 4-6: Add TDX type to launchsecurity framework.
> - patch 7: Add general loader support for TDX.
> - patch 8: Add firmware descriptor support for TDX.
>
>
> * Misc
> Just let you know we have released v2 version of TDX qemu in [1], and the API
> for libvirt is keeping stable. Using these patches we have succesfully booted
> and tested a guest both with and without TDX enabled.
Overall looks good. It's missing documentation and the QEMU patches
are missing documentation as well. I was looking into Intel
specification but I failed to find the necessary info there as well.
What are the values `mrconfigid`, `mrowner`, `mrownerconfig` for, what
data is supposed to be stored there, what are the limitation and so on.
What I could gather these are exposed in the VM and are used for
measurement but that's it.
Another thing that I've missed in v1, QEMU patches are introducing new
`-machine pic=no` option and for TDX PIC has to be disabled. The libvirt
patches are putting it on the QEMU command line but it is not reflected
in the VM XML, so I would say we need to introduce new hypervisor
feature [1]:
<features>
...
<pic state='on|off'/>
...
</features>
[1] <https://libvirt.org/formatdomain.html#hypervisor-features>
> * Diff to v1:
> - give up using qmp cmd and check TDX directly on host for TDX capabilities.
> - use launchsecurity framework to support TDX
> - use <os>.<loader> for general loader
> - add auto firmware match feature for TDX
>
> A example TDVF fimware description file 70-edk2-x86_64-tdx.json:
> {
> "description": "UEFI firmware for x86_64, supporting Intel TDX",
> "interface-types": [
> "uefi"
> ],
> "mapping": {
> "device": "generic",
I think using 'loader' as that's the actual device in QEMU used with
this firmware will be better. The patches posted to QEMU doesn't extend
`docs/interop/firmware.json` so this example may change once some
specific format is accepted by QEMU community.
You will most likely need to add the firmware descriptor to QEMU project
as well (`pc-bios/descriptors/70-edk2-x86_64-tdx.json`). NOTE: The name
should not use `edk2` if it's not edk2 based firmware.
Pavel
> "filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd"
> },
> "targets": [
> {
> "architecture": "x86_64",
> "machines": [
> "pc-q35-*"
> ]
> }
> ],
> "features": [
> "intel-tdx",
> "verbose-dynamic"
> ],
> "tags": [
>
> ]
> }
>
>
> Links:
> [1] https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg01682.html
> [2] https://github.com/codomania/libvirt/commits/v9
> [3] https://www.mail-archive.com/libvir-list@redhat.com/msg219144.html
>
> Zhenzhong Duan (8):
> qemu: Check if INTEL Trust Domain Extention support is enabled
> qemu: Add TDX capability
> conf: expose TDX feature in domain capabilities
> conf: add tdx as launch security type
> qemu: Add command line and validation for TDX type
> qemu: force special parameters enabled for TDX guest
> qemu: Add general loader support
> qemu: Add firmware descriptor support for TDX
>
> docs/formatdomaincaps.html.in | 17 ++++++
> docs/schemas/domaincaps.rng | 9 +++
> docs/schemas/domaincommon.rng | 18 ++++++
> src/conf/domain_capabilities.c | 1 +
> src/conf/domain_capabilities.h | 1 +
> src/conf/domain_conf.c | 49 ++++++++++++++++
> src/conf/domain_conf.h | 11 ++++
> src/conf/virconftypes.h | 2 +
> src/qemu/qemu_capabilities.c | 44 ++++++++++++++-
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_command.c | 38 +++++++++++++
> src/qemu/qemu_firmware.c | 100 ++++++++++++++++++++++++++++++++-
> src/qemu/qemu_namespace.c | 2 +
> src/qemu/qemu_process.c | 1 +
> src/qemu/qemu_validate.c | 28 +++++++++
> 15 files changed, 319 insertions(+), 3 deletions(-)
>
> --
> 2.25.1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210721/8f17acd5/attachment-0001.sig>
More information about the libvir-list
mailing list