[RFC PATCH 5/7] qemu: add support to TDVF firmware loader
Pavel Hrdina
phrdina at redhat.com
Mon Jun 21 10:59:23 UTC 2021
On Mon, Jun 21, 2021 at 03:19:55AM +0000, Duan, Zhenzhong wrote:
>
> > -----Original Message-----
> > From: Pavel Hrdina <phrdina at redhat.com>
> > Sent: Friday, June 18, 2021 8:34 PM
> > To: Duan, Zhenzhong <zhenzhong.duan at intel.com>
> > Cc: libvir-list at redhat.com; Yamahata, Isaku <isaku.yamahata at intel.com>;
> > Tian, Jun J <jun.j.tian at intel.com>; Qiang, Chenyi <chenyi.qiang at intel.com>
> > Subject: Re: [RFC PATCH 5/7] qemu: add support to TDVF firmware loader
> >
> > On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote:
> > > TDX guest need a specific firmware TDVF to bootup, add a new element
> > > in TrustDomain element for that purpose, like below:
> > >
> > > <TrustDomain type='tdx'>
> > > <policy>0x0001</policy>
> > > <loader>/path/to/TDVF-binary</loader>
> > > </TrustDomain>
> >
> > Looking into QEMU patches and if I understand it correctly this loader is
> > supposed to be used instead of UEFI or BIOS?
> Yes.
>
> > If that's true I don't think it
> > should be here as we already have XML bits to specify VM loader.
> >
> > We could use something like this:
> >
> > <os>
> > <loader type='generic'>/path/to/TDVF-binary</loader>
> > </os>
> >
> > Currently supported types are:
> >
> > - `rom` which is translated to
> >
> > -bios /path/to/bios.bin
> >
> > - `pflash` which is translated to
> >
> > -drive file=/path/to/uefi.fd,if=pflash,format=raw,...
> >
> > And we could add a new type called 'generic', 'device', 'binary' or something
> > else which would be translated to:
> >
> > -device loader,file=/path/to/TDVF-binary,...
> >
> Thanks for your suggestion, the main reason is I see only TDX guest using firmware in such a special way,
> So I move <loader> in TDX specific element <TrustDomain>. I'll change to <os>.<loader> if you think it's better.
I understand your original motivation but it would just create a
confusion for users of libvirt and management application as they would
have to look at two different places in the XML to figure out if and
what firmware is used for VM.
So yes, we would prefer to use <os>.<loader>.
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210621/d90c5ae4/attachment-0001.sig>
More information about the libvir-list
mailing list