>-----Original Message----- >From: Daniel P. Berrangé <berra...@redhat.com> >Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation >Service(QGS) support > >On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote: >> Add element "quoteGenerationSocket" to tdx launch security type. >> It contains only an optional unix socket address attribute, >> when omitted, libvirt will use default QGS server address >> "/var/run/tdx-qgs/qgs.socket". >> >> UNIX sockets offer the required functionality with greater >> security than vsock, so libvirt only provides support for unix >> socket. >> >> XML example: >> >> <launchSecurity type='tdx'> >> <policy>0x0</policy> >> <mrConfigId>xxx</mrConfigId> >> <mrOwner>xxx</mrOwner> >> <mrOwnerConfig>xxx</mrOwnerConfig> >> <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/> > >Minor nitpick - lets call the element 'quoteGenerationService' >still.
QAPI exposes quote-generation-socket, do we really want a different name? # @quote-generation-socket: socket address for Quote Generation # Service (QGS). QGS is a daemon running on the host. Without # it, the guest will not be able to get a TD quote for # attestation. Thanks Zhenzhong
