FYI, QEMU soft freeze is next week, and rc0 release is Jul 22nd. I proposed we merge this series once the QEMU rc0 release is out, so this is likely ready for the libvirt August 1st release.
On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote: > Hi, > > This series brings libvirt the x86 TDX support. > > * What's TDX? > TDX stands for Trust Domain Extensions which isolates VMs from > the virtual-machine manager (VMM)/hypervisor and any other software on > the platform. > > This patchset extends libvirt to support TDX, with which one can start a TDX > guest from high level rather than running qemu directly. > > * Misc > As QEMU use a software emulated way to reset guest which isn't supported by > TDX > guest for security reason. We simulate reboot for TDX guest by kill and > create a > new one in FakeReboot framework. > > Complete code can be found at [1]. > > * Test > Tested with upstream qemu v10.0.0-1724-gf9a3def17b > shutdown/reboot/reset with virsh > shutdown/reboot trigger in guest > shutdown with on_poweroff=destroy/restart > reboot with on_reboot=destroy/restart > GUEST_PANICKED event processing > auto firmware matching > > * Patch organization > - patch 1-4: Some preparing work > - patch 5-6: Support query of TDX capabilities > - patch 7-15: Add TDX type to launchsecurity framework > - patch 16-21: Add reboot/reset support to TDX guest > - patch 22: Add conf test dump/cases for '+inteltdx' variant > - patch 23: Add docs > > TODO: > - add reconnect logic in virsh command > > [1] https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_v4 > > Thanks > Zhenzhong > > Changelog: > v4: > - add QGS config to qemuxmlconftest (Daniel) > - use 0x10000000 policy value in test as debug isn't supported yet (Daniel) > - s/mrowner/mrOwner/ s/mrownerconfig/mrOwnerConfig/ (Daniel) > - s/quoteGenerationSocket/quoteGenerationService/ (Daniel) > - handle "GUEST_PANICKED" event of type tdx (Daniel) > - add automatic firmware matching (Daniel) > > v3: > - fix a hiden failure in qemuBuildTDXQGSCommandLine() (Peter Krempa) > - avoid the use of the ternary operator (Peter Krempa) > - add capability test dump before capability introduced (Peter Krempa) > - change tests version number from 11.0.0 to 10.1.0 (Peter Krempa) > > v2: > - add capability and xmlconf test (Peter Krempa) > > v1: > - > s/virQEMUCapsKVMSupportsSecureGuestINTEL/virQEMUCapsKVMSupportsSecureGuestTDX > (Daniel) > - make policy element optional and expose to QEMU directly (Daniel) > - s/qemuProcessSecFakeReboot/qemuProcessFakeRebootViaRecreate (Daniel) > - simplify QGS element schema by supporting only UNIX socket (Daniel) > - add new events VIR_DOMAIN_EVENT_[STOPPED|STARTED] for control plane (Daniel) > - s/quoteGenerationService/quoteGenerationSocket as QEMU > - add virsh reset support > > rfcv4: > - add a check to tools/virt-host-validate-qemu.c (Daniel) > - remove check of q35 (Daniel) > - model 'SocktetAddress' QAPI in xml schema (Daniel) > - s/Quote-Generation-Service/quoteGenerationService/ (Daniel) > - define bits in tdx->policy and add validating logic (Daniel) > - presume QEMU choose split kernel irqchip for TDX guest by default (Daniel) > - utilize existing FakeReboot framework to do reboot for TDX guest (Daniel) > - drop patch11 'conf: Add support to keep same domid for hard reboot' (Daniel) > - add test in tests/ to validate parsing and formatting logic (Daniel) > - add doc in docs/formatdomain.rst (Daniel) > - add R-B > > rfcv3: > - Change to generate qemu cmdline with -bios > - drop firmware auto match as -bios is used > - add a hard reboot method to reboot TDX guest > > rfcv3: https://www.mail-archive.com/devel@lists.libvirt.org/msg00385.html > > rfcv2: > - give up using qmp cmd and check TDX directly on host for TDX capabilities. > - use launchsecurity framework to support TDX > - use <os>.<loader> for general loader > - add auto firmware match feature for TDX > > A example TDVF fimware description file 70-edk2-x86_64-tdx.json: > { > "description": "UEFI firmware for x86_64, supporting Intel TDX", > "interface-types": [ > "uefi" > ], > "mapping": { > "device": "generic", > "filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd" > }, > "targets": [ > { > "architecture": "x86_64", > "machines": [ > "pc-q35-*" > ] > } > ], > "features": [ > "intel-tdx", > "verbose-dynamic" > ], > "tags": [ > > ] > } > > rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html > > > Zhenzhong Duan (23): > tools: Secure guest check for Intel in virt-host-validate > qemu: Check if INTEL Trust Domain Extention support is enabled > qemucapabilitiesdata: Document '+inteltdx' variant > qemucapabilitiestest: Add data for the qemu-10.1.0 dev cycle on x86_64 > for the '+inteltdx' variant > qemu: Add QEMU_CAPS_TDX_GUEST capability > conf: Expose TDX feature in domain capabilities > conf: Add tdx as launch security type > conf: Validate TDX launchSecurity element > mrConfigId/mrOwner/mrOwnerConfig > qemu: Add command line and validation for TDX type > conf: Expose TDX type in domain launch security capability > qemu: Force special parameters enabled for TDX guest > qemu: log the crash information for TDX > qemu_firmware: Pick the right firmware for TDX guests > conf: Add Intel TDX Quote Generation Service(QGS) support > qemu: Add command line for TDX Quote Generation Service(QGS) > qemu: Add FakeReboot support for TDX guest > qemu: Support reboot command in guest > qemu: Avoid duplicate FakeReboot for secure guest > qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation > qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot > qemu: Support domain reset command for TDX guest > qemuxmlconftest: Add latest version of 'launch-security-tdx*' test > data > docs: domain: Add documentation for Intel TDX guest > > docs/formatdomain.rst | 63 + > docs/formatdomaincaps.rst | 1 + > examples/c/misc/event-test.c | 6 + > include/libvirt/libvirt-domain.h | 2 + > src/conf/domain_capabilities.c | 1 + > src/conf/domain_capabilities.h | 1 + > src/conf/domain_conf.c | 82 + > src/conf/domain_conf.h | 21 + > src/conf/domain_validate.c | 11 + > src/conf/schemas/domaincaps.rng | 9 + > src/conf/schemas/domaincommon.rng | 41 + > src/conf/virconftypes.h | 2 + > src/qemu/qemu_capabilities.c | 38 +- > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_cgroup.c | 1 + > src/qemu/qemu_command.c | 43 + > src/qemu/qemu_domain.h | 1 + > src/qemu/qemu_driver.c | 11 +- > src/qemu/qemu_firmware.c | 20 + > src/qemu/qemu_monitor.c | 50 +- > src/qemu/qemu_monitor.h | 13 +- > src/qemu/qemu_monitor_json.c | 38 +- > src/qemu/qemu_namespace.c | 1 + > src/qemu/qemu_process.c | 104 +- > src/qemu/qemu_process.h | 2 + > src/qemu/qemu_validate.c | 45 + > src/security/security_dac.c | 2 + > .../qemu_10.1.0-q35.x86_64+inteltdx.xml | 783 + > .../domaincapsdata/qemu_10.1.0-q35.x86_64.xml | 7 +- > .../qemu_10.1.0-tcg.x86_64+inteltdx.xml | 1830 + > .../domaincapsdata/qemu_10.1.0-tcg.x86_64.xml | 6 +- > .../qemu_10.1.0.x86_64+inteltdx.xml | 783 + > tests/domaincapsdata/qemu_10.1.0.x86_64.xml | 7 +- > tests/domaincapsmock.c | 3 +- > tests/qemucapabilitiesdata/README.rst | 5 + > .../caps_10.1.0_x86_64+inteltdx.replies | 44552 ++++++++++++++++ > .../caps_10.1.0_x86_64+inteltdx.xml | 3585 ++ > .../caps_10.1.0_x86_64.xml | 1 + > .../caps.x86_64+inteltdx.xml | 29 + > .../firmware/60-edk2-ovmf-x64-inteltdx.json | 1 + > ...h-security-tdx.x86_64-latest+inteltdx.args | 44 + > ...ch-security-tdx.x86_64-latest+inteltdx.xml | 75 + > tests/qemuxmlconfdata/launch-security-tdx.xml | 28 + > tests/qemuxmlconftest.c | 3 + > tools/virsh-domain-event.c | 6 +- > tools/virt-host-validate-common.c | 31 +- > tools/virt-host-validate-common.h | 1 + > 47 files changed, 52372 insertions(+), 18 deletions(-) > create mode 100644 tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml > create mode 100644 tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml > create mode 100644 tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml > create mode 100644 > tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.replies > create mode 100644 tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml > create mode 100644 tests/qemucaps2xmloutdata/caps.x86_64+inteltdx.xml > create mode 100644 > tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args > create mode 100644 > tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml > create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml > > -- > 2.47.1 > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
