On Fri, Jan 24, 2025 at 08:20:48AM -0500, Xiaoyao Li wrote: > Add docs/system/i386/tdx.rst for TDX support, and add tdx in > confidential-guest-support.rst > > Signed-off-by: Xiaoyao Li <xiaoyao...@intel.com> > ---
> --- > docs/system/confidential-guest-support.rst | 1 + > docs/system/i386/tdx.rst | 156 +++++++++++++++++++++ > docs/system/target-i386.rst | 1 + > 3 files changed, 158 insertions(+) > create mode 100644 docs/system/i386/tdx.rst > +Launching a TD (TDX VM) > +----------------------- > + > +To launch a TD, the necessary command line options are tdx-guest object and > +split kernel-irqchip, as below: > + > +.. parsed-literal:: > + > + |qemu_system_x86| \\ > + -object tdx-guest,id=tdx0 \\ > + -machine ...,kernel-irqchip=split,confidential-guest-support=tdx0 \\ > + -bios OVMF.fd \\ > + > +Restrictions > +------------ > + > + - kernel-irqchip must be split; Is there a reason why we don't make QEMU set kernel-irqchip=split automatically when tdx-guest is enabled ? It feels silly to default to a configuration that is known to be broken with TDX. I thought about making libvirt automatically set kernel-irqchip=split, or even above that making virt-install automatically set it. Addressing it in QEMU would seem the most appropriate place though. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
