[RFC PATCH 0/7] LIBVIRT: X86: TDX support

Mon Jun 21 08:06:28 UTC 2021

On Mon, Jun 21, 2021 at 02:14:32 +0000, Duan, Zhenzhong wrote:
> > -----Original Message-----
> > From: Peter Krempa <pkrempa at redhat.com>
> > Sent: Friday, June 18, 2021 7:07 PM
> > To: Duan, Zhenzhong <zhenzhong.duan at intel.com>
> > Cc: libvir-list at redhat.com; Yamahata, Isaku <isaku.yamahata at intel.com>;
> > Tian, Jun J <jun.j.tian at intel.com>; Qiang, Chenyi <chenyi.qiang at intel.com>
> > Subject: Re: [RFC PATCH 0/7] LIBVIRT: X86: TDX support
> > 
> > On Fri, Jun 18, 2021 at 16:50:45 +0800, Zhenzhong Duan wrote:
> > > * What's TDX?
> > > TDX stands for Trust Domain Extensions which isolates VMs from the
> > > virtual-machine manager (VMM)/hypervisor and any other software on the
> > > platform.
> > >
> > > To support TDX, multiple software components, not only KVM but also
> > > QEMU, guest Linux and virtual bios, need to be updated. For more
> > > details, please check link[1], there are TDX spec links and public
> > > repository link at github for each software component.
> > >
> > > This patchset is another software component to extend libvirt to
> > > support TDX, with which one can start a VM from high level rather than
> > running qemu directly.
> > >
> > >
> > > * The goal of this RFC patch
> > > The purpose of this post is to get feedback early on high level design
> > > issue of libvirt enhancement for TDX. Referenced much on AMD SEV
> > implemention at link[2].
> > >
> > >
> > > * Patch organization
> > >
> > > - patch 1-2: Support query of TDX capabilities.
> > > - patch 3-6: Add a new xml element 'TrustDomain' for TDX support.
> > > - patch   7: Sure kvmSupportsSecureGuest cache updated.
> > >
> > > Using these patches we have succesfully booted and tested a guest both
> > > with and without TDX enabled.
> > >
> > >
> > > [1] https://lkml.org/lkml/2020/11/16/1106
> > > [2] https://github.com/codomania/libvirt/commits/v9
> > 
> > Could you please also point to the relevant qemu patches?
> > 
> > The first commit mentions 'query-tdx-capabilities' which is not in qemu
> > upstream yet.
> Hi Peter,
> 
> Sorry, seems qemu patches link is missed in [1]. List all links below for your reference.
> 
> kvm TDX branch: https://github.com/intel/tdx/tree/kvm
> TDX guest branch: https://github.com/intel/tdx/tree/guest
> TDVF branch: https://github.com/tianocore/edk2-staging/tree/TDVF
> qemu TDX branch: https://github.com/intel/qemu-tdx/tree/tdx

In my quick search I didn't find any reference to those patches on
the qemu-devel mailing list. Please note that libvirt accepts only
features which are supported by the upstream releases [1] of the
hypervisor in question.

Thus if the qemu part indeed wasn't yet posted for review to qemu-devel
you should do so if you want this series to be accepted in libvirt.

[1] Pushed upstream waiting for the next release is okay.