On Thu, Jul 10, 2025 at 03:21:16AM -0400, Zhenzhong Duan wrote: > Add element "quoteGenerationService" to tdx launch security type. > It contains only an optional unix socket address attribute, > when omitted, libvirt will use default QGS server address > "/var/run/tdx-qgs/qgs.socket". > > UNIX sockets offer the required functionality with greater > security than vsock, so libvirt only provides support for unix > socket. > > XML example: > > <launchSecurity type='tdx'> > <policy>0x10000001</policy> > <mrConfigId>xxx</mrConfigId> > <mrOwner>xxx</mrOwner> > <mrOwnerConfig>xxx</mrOwnerConfig> > <quoteGenerationService path='/var/run/tdx-qgs/qgs.socket'/> > </launchSecurity> > > Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com> > --- > src/conf/domain_conf.c | 35 ++++++++++++++++++++++++++++++- > src/conf/domain_conf.h | 2 ++ > src/conf/schemas/domaincommon.rng | 9 ++++++++ > 3 files changed, 45 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
