On Thu, Nov 20, 2025 at 11:57:54 +0000, Daniel P. Berrangé via Devel wrote:
> From: Daniel P. Berrangé <[email protected]>
>
> Currently domain capabilities will only ever report
>
> <tdx supported='yes'/>
>
> so it is not possible to determine whether libvirt itself is
> new enough to have TDX support or not, vs the host OS lacking
> it.
>
> For SEV and s390 prot-virt, the capability is always reported
> whether supported or not, so do likewise for TDX, so other
> x86 hosts get:
>
> <tdx supported='no'/>
>
> Signed-off-by: Daniel P. Berrangé <[email protected]>
[...]
> ---
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index 67fe5d7acf..2eae52f8c4 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -7120,11 +7120,14 @@ static void
> virQEMUCapsFillDomainFeatureTDXCaps(virQEMUCaps *qemuCaps,
> virDomainCaps *domCaps)
> {
> - if (domCaps->arch == VIR_ARCH_X86_64 &&
> - domCaps->virttype == VIR_DOMAIN_VIRT_KVM &&
> - virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST) &&
> - virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps))
> + if (domCaps->arch == VIR_ARCH_X86_64) {
> + if (domCaps->virttype == VIR_DOMAIN_VIRT_KVM &&
> + virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST) &&
> + virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps))
> domCaps->features[VIR_DOMAIN_CAPS_FEATURE_TDX] =
> VIR_TRISTATE_BOOL_YES;
> + else
> + domCaps->features[VIR_DOMAIN_CAPS_FEATURE_TDX] =
> VIR_TRISTATE_BOOL_NO;
IMO we should say that it's not supported even on non-x86 arches rather
than make it seem like the feature doesn't exist.
> + }
