[PATCH rfcv3 01/11] qemu: Check if INTEL Trust Domain Extention support is enabled

kernel. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_capabilities.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 83119e871a..5f806c68fb 100644 --- a/src/qemu/qemu_capabilit

[PATCH rfcv3 00/11] LIBVIRT: X86: TDX support

"verbose-dynamic" ], "tags": [ ] } rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html Chenyi Qiang (3): qemu: add hard reboot in QEMU driver qemu: make hard reboot as the TDX default reboot mode virsh: add new option "timekeep&

[PATCH rfcv3 02/11] qemu: Add TDX capability

QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + 2 files changed, 3 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu

[PATCH rfcv3 03/11] conf: expose TDX feature in domain capabilities

Extend qemu TDX capability to domain capabilities. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan --- docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + src/conf/schemas/domaincaps.rng | 9 + src/qemu

[PATCH rfcv3 05/11] qemu: Add command line and validation for TDX type

on-service=localhost:1234 \ -machine q35,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_command.c | 27 +++ src/qemu/qemu_validate.c | 7 +++ 2 files changed, 34 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu

[PATCH rfcv3 04/11] conf: add tdx as launch security type

ice is string to specify Quote Generation Service(QGS) in qemu socket address format. The examples of the supported format are "vsock:2:1234", "unix:/run/qgs", "localhost:1234". For example: 0x1 xxx...xxx xxx...xxx xxx...xxx xxx Signed-off-by:

[PATCH rfcv3 06/11] qemu: force special parameters enabled for TDX guest

TDX guest requires some special parameters to boot, They are: "-machine pc-q35-*" "kernel_irqchip=split" Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_validate.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_validate.c b/src/qemu/q

[PATCH rfcv3 08/11] qemu: make hard reboot as the TDX default reboot mode

From: Chenyi Qiang Signed-off-by: Chenyi Qiang --- src/qemu/qemu_driver.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 86e8efbfcb..ba1bb4ecb1 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c

[PATCH rfcv3 07/11] qemu: add hard reboot in QEMU driver

From: Chenyi Qiang Add the new flag VIR_DOMAIN_REBOOT_HARD/VIR_DOMAIN_SHUTDOWN_HARD to carry out a hard reboot, which kills the QEMU process and creates a new one with the same definition. Hard reboot will be the highest priority to check. If succeed, other reboot policy (i.e. agent and acpi) wo

[PATCH rfcv3 09/11] qemu: Extend hard reboot in Qemu driver

rd reboot support and make TDX guest behavior same as legacy guest. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_monitor.c | 19 ++- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 6 +- src/qemu/qemu_process.c | 1 + 4 files changed, 25 inser

[PATCH rfcv3 11/11] conf: Add support to keep same domid for hard reboot

domain also need to save domid in newDef. Also add logic to keep same domid when libvirt restart. Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c | 4 src/conf/domain_conf.h | 1 + src/qemu/qemu_process.c | 11 +-- 3 files changed, 14 insertions(+), 2 deletions(-) diff

[PATCH rfcv3 10/11] virsh: add new option "timekeep" to keep virsh console alive

users can specify the waiting time (e.g. "virsh console domain --timekeep 2" will stay alive for 2 seconds), if timeout or fail to open the console, adjusting the waiting time can help. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan --- tools/virsh-console.c | 3 +++ tools

[PATCH rfcv4 00/13] LIBVIRT: X86: TDX support

"x86_64", "machines": [ "pc-q35-*" ] } ], "features": [ "intel-tdx", "verbose-dynamic" ], "tags": [ ] } rfcv2: https://www.mail-archive.com/libvir-list@r

[PATCH rfcv4 01/13] tools: Secure guest check for Intel in virt-host-validate

Add check in virt-host-validate for secure guest support on x86 for Intel Trust Domain Extentions. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan --- tools/virt-host-validate-common.c | 22 +- tools/virt-host-validate-common.h | 1 + 2 files changed, 22

[PATCH rfcv4 02/13] qemu: Check if INTEL Trust Domain Extention support is enabled

kernel. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 21f93c6774..728e80 1

[PATCH rfcv4 03/13] qemu: Add TDX capability

QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + 2 files changed, 3 insertions(+) diff --git a/src/qemu

[PATCH rfcv4 04/13] conf: expose TDX feature in domain capabilities

Extend qemu TDX capability to domain capabilities. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan --- docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + src/conf/schemas/domaincaps.rng | 9 + src/qemu

[PATCH rfcv4 05/13] conf: add tdx as launch security type

x1001 xxx xxx xxx Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c| 42 +++ src/conf/domain_conf.h| 9 +++ src/conf/schemas/domaincommon.rng | 29 + src/conf/virconftypes.h | 2 ++ src/qemu

[PATCH rfcv4 06/13] qemu: Add command line and validation for TDX type

disable":false,"mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx"}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.h | 5 + src/qemu/qemu_command.

[PATCH rfcv4 07/13] qemu: force special parameters enabled for TDX guest

TDX guest requires some special parameters to boot, currently: "kernel_irqchip=split" "pmu!=on" "smm!=on" "-bios" If not specified explicitly, QEMU should configure this option implicitly when start a TDX guest. Signed-off-by: Zhenzhong

[PATCH rfcv4 08/13] Add Intel TDX Quote Generation Service(QGS) support

;,"mrowner":"xxx","mrownerconfig":"xxx","quote-generation-socket":{"type":"vsock","cid":"xxx","port":"xxx"}}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan

[PATCH rfcv4 09/13] qemu: add FakeReboot support for TDX guest

Utilize the existing fake reboot mechanism to do reboot for TDX guest. Different from normal guest, TDX guest doesn't support system_reset, so have to kill the old guest and start a new one to simulate the reboot. Co-developed-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan --- src

[PATCH rfcv4 11/13] qemu: Avoid duplicate FakeReboot for secure guest

come from FakeReboot. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_monitor.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 7f7053054f..3aadd89aec 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c

[PATCH rfcv4 10/13] qemu: Support reboot command in guest

on and action configuration to trigger FakeReboot. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_monitor.c | 18 +- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 6 +- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_monit

[PATCH rfcv4 13/13] docs: domain: Add documentation for Intel TDX guest

Signed-off-by: Zhenzhong Duan --- docs/formatdomain.rst | 68 +++ 1 file changed, 68 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 83c1405c17..5ee9f3a426 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst

[PATCH rfcv4 12/13] Add test cases for Intel TDX

Currently support 'def parse', 'def -> XML' and 'OUT -> XML'. Test data for qemucapabilitiestest, domaincapstest and qemuxml2argvtest aren't added yet because that depends on TDX is accepted on QEMU side to generate those data. Signed-off-by: Zhen

[PATCH v1 13/18] qemu: Support reboot command in guest

on and action configuration to trigger FakeReboot. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_monitor.c | 18 +- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 6 +- 3 files changed, 23 insertions(+), 3 delet

[PATCH v1 10/18] conf: Add Intel TDX Quote Generation Service(QGS) support

urity than vsock, so libvirt only provides support for unix socket. XML example: 0x0 xxx xxx xxx Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c| 35 ++- src/conf/domain_conf.h| 2 ++ src/conf/schemas/d

[PATCH] meson: Add back prefix path for runstatedir

Currently libvirt favors /run instead of /var/run, but for local build run test, a prefix path is still needed to avoid interoperating with OS vendor provided binaries. Signed-off-by: Zhenzhong Duan --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build

[PATCH v1 18/18] docs: domain: Add documentation for Intel TDX guest

Signed-off-by: Zhenzhong Duan --- docs/formatdomain.rst | 63 +++ 1 file changed, 63 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 41fccfeb84..ff8b1ba4cb 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst

[PATCH v1 03/18] qemu: Add TDX capability

QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + 2 files changed, 3 insertions(+) diff --git a/src/qemu

[PATCH v1 15/18] qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation

control plane software understand that these events are from a fake reboot. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan --- examples/c/misc/event-test.c | 6 ++ include/libvirt/libvirt-domain.h | 2 ++ src/qemu/qemu_process.c | 10 ++ tools/virsh

[PATCH v1 00/18] LIBVIRT: X86: TDX support

ODE-tdx.fd" }, "targets": [ { "architecture": "x86_64", "machines": [ "pc-q35-*" ] } ], "features": [ "intel-tdx", "verbose

[PATCH v1 01/18] tools: Secure guest check for Intel in virt-host-validate

Add check in virt-host-validate for secure guest support on x86 for Intel Trust Domain Extentions. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- tools/virt-host-validate-common.c | 31 ++- tools/virt-host

[PATCH v1 02/18] qemu: Check if INTEL Trust Domain Extention support is enabled

kernel. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 665f5e225e..280854d6a6 1

[PATCH v1 04/18] conf: Expose TDX feature in domain capabilities

Extend qemu TDX capability to domain capabilities. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + src/conf/schemas

[PATCH v1 05/18] conf: Add tdx as launch security type

encoded SHA384 digest string. For example: 0x1001 xxx xxx xxx Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c| 49 +++ src/conf/domain_conf.h| 11 +++ src/conf/domain_validate.c| 1 + src/conf/schemas/d

[PATCH v1 08/18] conf: Expose TDX type in domain launch security capability

As the tdx launch security type support is added, expose it in domain capabilities so that domain definition validation check can take effect. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_capabilities.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src

[PATCH v1 06/18] conf: Validate TDX launchSecurity element mrConfigId/mrOwner/mrOwnerConfig

mrConfigId/mrOwner/mrOwnerConfig are base64 encoded SHA384 digest, can be provided for TDX attestation. Check their decoded lengths to ensure they are 48 bytes. Signed-off-by: Zhenzhong Duan --- src/conf/domain_validate.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff

[PATCH v1 09/18] qemu: Force special parameters enabled for TDX guest

TDX guest requires some special parameters to boot, currently: "kernel_irqchip=split" "pmu!=on" "smm!=on" "-bios" If not specified explicitly, QEMU should configure this option implicitly when start a TDX guest. Signed-off-by: Zhenzhong Duan Review

[PATCH v1 11/18] qemu: Add command line for TDX Quote Generation Service(QGS)

ig":"xxx","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/conf/domain_

[PATCH v1 12/18] qemu: Add FakeReboot support for TDX guest

Utilize the existing fake reboot mechanism to do reboot for TDX guest. Different from normal guest, TDX guest doesn't support system_reset, so have to kill the old guest and start a new one to simulate the reboot. Co-developed-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan --- src

[PATCH v1 14/18] qemu: Avoid duplicate FakeReboot for secure guest

omes from FakeReboot. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_monitor.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 3aa316980b..838c102219 100644 --- a/src/qemu/qemu_moni

[PATCH v2] meson: Add back prefix path for runstatedir

ned-off-by: Zhenzhong Duan --- v2: Take option `system` into consideration (Pavel) meson.build | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/meson.build b/meson.build index bf4a245dd3..2762236f37 100644 --- a/meson.build +++ b/meson.build @@ -62,11 +62,16 @@ if

[PATCH v1 17/18] qemu: Support domain reset command for TDX guest

ypass locking in it. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_process.c | 14 +- src/qemu/qemu_process.h | 2 ++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 10e87

[PATCH v1 16/18] qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot

d bypass the event for TD VM, for normal VM, domain is in run state and already bypassing it. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_process.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 62cbc3a3f8..67

[PATCH v1 07/18] qemu: Add command line and validation for TDX type

t;mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.h | 5 + src/qemu/qemu_command.c | 27

[PATCH v2 01/21] tools: Secure guest check for Intel in virt-host-validate

Add check in virt-host-validate for secure guest support on x86 for Intel Trust Domain Extentions. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- tools/virt-host-validate-common.c | 31 ++- tools/virt-host

[PATCH v2 20/21] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data

We now have the '+inteltdx' variant dumped from a modern qemu with tdx support, add qemuxmlconftest data for that variant. Signed-off-by: Zhenzhong Duan --- ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++ ...ch-security-tdx.x86_64-latest+inteltd

[PATCH v2 02/21] qemu: Check if INTEL Trust Domain Extention support is enabled

kernel. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b02f8e7a01..732c89fe29 1

[PATCH v2 04/21] conf: Expose TDX feature in domain capabilities

Extend qemu TDX capability to domain capabilities. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + src/conf/schemas

[PATCH v2 05/21] conf: Add tdx as launch security type

encoded SHA384 digest string. For example: 0x1001 xxx xxx xxx Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c| 49 +++ src/conf/domain_conf.h| 11 +++ src/conf/domain_validate.c| 1 + src/conf/schemas/d

[PATCH v2 06/21] conf: Validate TDX launchSecurity element mrConfigId/mrOwner/mrOwnerConfig

mrConfigId/mrOwner/mrOwnerConfig are base64 encoded SHA384 digest, can be provided for TDX attestation. Check their decoded lengths to ensure they are 48 bytes. Signed-off-by: Zhenzhong Duan --- src/conf/domain_validate.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff

[PATCH v2 08/21] conf: Expose TDX type in domain launch security capability

As the tdx launch security type support is added, expose it in domain capabilities so that domain definition validation check can take effect. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_capabilities.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src

[PATCH v2 21/21] docs: domain: Add documentation for Intel TDX guest

Signed-off-by: Zhenzhong Duan --- docs/formatdomain.rst | 63 +++ 1 file changed, 63 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9a2f065590..5acebefec0 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst

[PATCH v2 14/21] qemu: Avoid duplicate FakeReboot for secure guest

omes from FakeReboot. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_monitor.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 1608fa86cd..ae3b13cdb2 100644 --- a/src/qemu/qemu_moni

[PATCH v2 13/21] qemu: Support reboot command in guest

on and action configuration to trigger FakeReboot. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_monitor.c | 18 +- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 6 +- 3 files changed, 23 insertions(+), 3 delet

[PATCH v2 16/21] qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot

d bypass the event for TD VM, for normal VM, domain is in run state and already bypassing it. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_process.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 7467a378ad..68

[PATCH v2 17/21] qemu: Support domain reset command for TDX guest

ypass locking in it. Signed-off-by: Zhenzhong Duan --- src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_process.c | 14 +- src/qemu/qemu_process.h | 2 ++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a75e0

[PATCH v2 00/21] LIBVIRT: X86: TDX support

"pc-q35-*" ] } ], "features": [ "intel-tdx", "verbose-dynamic" ], "tags": [ ] } rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html Zhenzhong Duan (21):

[PATCH v2 07/21] qemu: Add command line and validation for TDX type

t;mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.h | 5 + src/qemu/qemu_command.c | 27

[PATCH v2 11/21] qemu: Add command line for TDX Quote Generation Service(QGS)

ig":"xxx","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/conf/domain_

[PATCH v2 10/21] conf: Add Intel TDX Quote Generation Service(QGS) support

urity than vsock, so libvirt only provides support for unix socket. XML example: 0x0 xxx xxx xxx Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c| 35 ++- src/conf/domain_conf.h| 2 ++ src/conf/schemas/d

[PATCH v2 03/21] qemu: Add TDX capability

QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + 2 files changed, 3 insertions(+) diff --git a/src/qemu

[PATCH v2 12/21] qemu: Add FakeReboot support for TDX guest

Utilize the existing fake reboot mechanism to do reboot for TDX guest. Different from normal guest, TDX guest doesn't support system_reset, so have to kill the old guest and start a new one to simulate the reboot. Co-developed-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan --- src

[PATCH v2 09/21] qemu: Force special parameters enabled for TDX guest

TDX guest requires some special parameters to boot, currently: "kernel_irqchip=split" "pmu!=on" "smm!=on" "-bios" If not specified explicitly, QEMU should configure this option implicitly when start a TDX guest. Signed-off-by: Zhenzhong Duan Review

[PATCH v4 00/23] LIBVIRT: X86: TDX support

VMF/OVMF_CODE-tdx.fd" }, "targets": [ { "architecture": "x86_64", "machines": [ "pc-q35-*" ] } ], "features": [ "intel-tdx", "verb

[PATCH v4 01/23] tools: Secure guest check for Intel in virt-host-validate

Add check in virt-host-validate for secure guest support on x86 for Intel Trust Domain Extentions. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé Reviewed-by: Xiaoyao Li --- tools/virt-host-validate-common.c | 31

[PATCH v4 02/23] qemu: Check if INTEL Trust Domain Extention support is enabled

kernel. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé Reviewed-by: Xiaoyao Li --- src/qemu/qemu_capabilities.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b02f8e7a0

[PATCH v4 05/23] qemu: Add QEMU_CAPS_TDX_GUEST capability

QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé Reviewed-by: Peter Krempa --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h

[PATCH v4 03/23] qemucapabilitiesdata: Document '+inteltdx' variant

Upcoming patch will introduce test data from an TDX-enabled host. Document the new variant. Signed-off-by: Zhenzhong Duan Reviewed-by: Peter Krempa --- tests/qemucapabilitiesdata/README.rst | 5 + 1 file changed, 5 insertions(+) diff --git a/tests/qemucapabilitiesdata/README.rst b/tests

[PATCH v4 07/23] conf: Add tdx as launch security type

encoded SHA384 digest string. For example: 0x1001 xxx xxx xxx Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/conf/domain_conf.c| 49 +++ src/conf/domain_conf.h| 11 +++ src/conf/domain_validat

[PATCH v4 06/23] conf: Expose TDX feature in domain capabilities

Extend qemu TDX capability to domain capabilities. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf

[PATCH v4 09/23] qemu: Add command line and validation for TDX type

t;mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/conf/domain_conf.h | 5 + src/qemu/qemu_comman

[PATCH v4 08/23] conf: Validate TDX launchSecurity element mrConfigId/mrOwner/mrOwnerConfig

mrConfigId/mrOwner/mrOwnerConfig are base64 encoded SHA384 digest, can be provided for TDX attestation. Check their decoded lengths to ensure they are 48 bytes. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/conf/domain_validate.c | 12 +++- 1 file changed, 11

[PATCH v4 10/23] conf: Expose TDX type in domain launch security capability

As the tdx launch security type support is added, expose it in domain capabilities so that domain definition validation check can take effect. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 2 ++ tests/domaincapsdata

[PATCH v4 11/23] qemu: Force special parameters enabled for TDX guest

TDX guest requires some special parameters to boot, currently: "kernel_irqchip=split" "pmu!=on" "smm!=on" "-bios" If not specified explicitly, QEMU should configure this option implicitly when start a TDX guest. Signed-off-by: Zhenzhong Duan Review

[PATCH v4 13/23] qemu_firmware: Pick the right firmware for TDX guests

The firmware descriptors have 'intel-tdx' feature which describes whether firmware is suitable for TDX guests. Provide necessary implementation to detect the feature and pick the right firmware if guest is TDX enabled. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan ---

[PATCH v4 12/23] qemu: log the crash information for TDX

type": "tdx" } } } Let's log this information into the domain log file, e.g.: 2025-07-10 03:39:18.243+0000: panic tdx: error_code='0x0' message='TD misconfiguration: SEPT #VE has to be disabled' Suggested-by: Daniel P. Ber

[PATCH v4 14/23] conf: Add Intel TDX Quote Generation Service(QGS) support

urity than vsock, so libvirt only provides support for unix socket. XML example: 0x1001 xxx xxx xxx Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c| 35 ++- src/conf/domain_conf.h| 2 ++ src/conf/sche

[PATCH v4 23/23] docs: domain: Add documentation for Intel TDX guest

Signed-off-by: Zhenzhong Duan --- docs/formatdomain.rst | 63 +++ 1 file changed, 63 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9a2f065590..b1cecde947 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst

[PATCH v4 16/23] qemu: Add FakeReboot support for TDX guest

Utilize the existing fake reboot mechanism to do reboot for TDX guest. Different from normal guest, TDX guest doesn't support system_reset, so have to kill the old guest and start a new one to simulate the reboot. Co-developed-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: D

[PATCH v4 17/23] qemu: Support reboot command in guest

on and action configuration to trigger FakeReboot. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_monitor.c | 18 +- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 6 +- 3 files changed, 23 insertions(+), 3 delet

[PATCH v4 18/23] qemu: Avoid duplicate FakeReboot for secure guest

omes from FakeReboot. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_monitor.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 6d984df412..d726175d42 100644 --- a/src/qemu/qemu_moni

[PATCH v4 19/23] qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation

control plane software understand that these events are from a fake reboot. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan --- examples/c/misc/event-test.c | 6 ++ include/libvirt/libvirt-domain.h | 2 ++ src/qemu/qemu_process.c | 10 ++ tools/virsh

[PATCH v4 20/23] qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot

d bypass the event for TD VM, for normal VM, domain is in run state and already bypassing it. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_process.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_process.c b/

[PATCH v4 22/23] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data

We now have the '+inteltdx' variant dumped from a modern qemu with tdx support, add qemuxmlconftest data for that variant. Signed-off-by: Zhenzhong Duan --- ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++ ...ch-security-tdx.x86_64-latest+inteltd

[PATCH v4 15/23] qemu: Add command line for TDX Quote Generation Service(QGS)

ig":"xxx","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P

[PATCH v4 21/23] qemu: Support domain reset command for TDX guest

akeReset. Check if a FakeReset is ongoing and bypass "host-signal" processing which originally comes from FakeReset. Domain lock is already hold in qemuDomainReset() before calling qemuProcessFakeRebootViaRecreate(), so bypass locking in it. Signed-off-by: Zhenzhong Duan Reviewed-by: Dan

[PATCH v2 15/21] qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation

control plane software understand that these events are from a fake reboot. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan --- examples/c/misc/event-test.c | 6 ++ include/libvirt/libvirt-domain.h | 2 ++ src/qemu/qemu_process.c | 10 ++ tools/virsh

[PATCH v2 18/21] qemucapabilitiesdata: Document '+inteltdx' variant

Upcoming patch will introduce test data from an TDX-enabled host. Document the new variant. Signed-off-by: Zhenzhong Duan --- tests/qemucapabilitiesdata/README.rst | 5 + 1 file changed, 5 insertions(+) diff --git a/tests/qemucapabilitiesdata/README.rst b/tests/qemucapabilitiesdata

[PATCH v3 00/21] LIBVIRT: X86: TDX support

t;x86_64", "machines": [ "pc-q35-*" ] } ], "features": [ "intel-tdx", "verbose-dynamic" ], "tags": [ ] } rfcv2: https://www.mail-archive.com/libvir-list@red

[PATCH v3 01/21] tools: Secure guest check for Intel in virt-host-validate

Add check in virt-host-validate for secure guest support on x86 for Intel Trust Domain Extentions. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- tools/virt-host-validate-common.c | 31 ++- tools/virt-host

[PATCH v3 02/21] qemu: Check if INTEL Trust Domain Extention support is enabled

kernel. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b02f8e7a01..732c89fe29 1

[PATCH v3 05/21] qemu: Add TDX capability

QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + tests

[PATCH v3 03/21] qemucapabilitiesdata: Document '+inteltdx' variant

Upcoming patch will introduce test data from an TDX-enabled host. Document the new variant. Signed-off-by: Zhenzhong Duan --- tests/qemucapabilitiesdata/README.rst | 5 + 1 file changed, 5 insertions(+) diff --git a/tests/qemucapabilitiesdata/README.rst b/tests/qemucapabilitiesdata

[PATCH v3 06/21] conf: Expose TDX feature in domain capabilities

Extend qemu TDX capability to domain capabilities. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf

[PATCH v3 07/21] conf: Add tdx as launch security type

encoded SHA384 digest string. For example: 0x1001 xxx xxx xxx Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.c| 49 +++ src/conf/domain_conf.h| 11 +++ src/conf/domain_validate.c| 1 + src/conf/schemas/d

[PATCH v3 09/21] qemu: Add command line and validation for TDX type

t;mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/conf/domain_conf.h | 5 + src/qemu/qemu_command.c | 27

[PATCH v3 13/21] qemu: Add command line for TDX Quote Generation Service(QGS)

ig":"xxx","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435457}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0 Signed-off-by: Zhenzhong Duan --- src/c

  1   2   >