On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote:
> Hi,
>
> This series brings libvirt the x86 TDX support.
>
> * What's TDX?
> TDX stands for Trust Domain Extensions which isolates VMs from
> the virtual-machine manager (VMM)/hypervisor and any other software on
> the platform.
>
> This patchset extends libvirt to support TDX, with which one can start a TDX
> guest from high level rather than running qemu directly.
>
> * Misc
> As QEMU use a software emulated way to reset guest which isn't supported by
> TDX
> guest for security reason. We simulate reboot for TDX guest by kill and
> create a
> new one in FakeReboot framework.
>
> Complete code can be found at [1].
>
> * Test
> Tested with upstream qemu v10.0.0-1724-gf9a3def17b
> shutdown/reboot/reset with virsh
> shutdown/reboot trigger in guest
> shutdown with on_poweroff=destroy/restart
> reboot with on_reboot=destroy/restart
> GUEST_PANICKED event processing
> auto firmware matching
For the whole series
Tested-by: Daniel P. Berrangé <berra...@redhat.com>
I've created a VM using
virt-install \
--graphics none \
--import \
--file /var/lib/libvirt/images/f42tdxalt.qcow2 \
--memory 4096 \
--launchSecurity=tdx,quoteGenerationService=on \
--boot uefi \
--machine q35 \
--osinfo fedora41
relying on this
https://github.com/virt-manager/virt-manager/pull/948
and acquired attestation report with SGX 2.26, QEMU current git master, and
upstream LKML (with the patch to enable to build with kexec)
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
