119 lines
4.6 KiB
Diff
119 lines
4.6 KiB
Diff
From 2fa4ab6a8a776f41e64bcd7a3f1bf0f76e54f8db Mon Sep 17 00:00:00 2001
|
|
Message-ID: <2fa4ab6a8a776f41e64bcd7a3f1bf0f76e54f8db.1759835600.git.jdenemar@redhat.com>
|
|
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
|
Date: Thu, 10 Jul 2025 03:21:11 -0400
|
|
Subject: [PATCH] qemu: Add command line and validation for TDX type
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
QEMU will provides 'tdx-guest' object which is used to launch encrypted
|
|
VMs on Intel platform using TDX feature.
|
|
|
|
Command line looks like:
|
|
$QEMU ... \
|
|
-object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}' \
|
|
-machine pc-q35-6.0,confidential-guest-support=lsec0
|
|
|
|
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
(cherry picked from commit 67b0720d2f2a16ab59a11aa8ecccfe11c73d8727)
|
|
Resolves: https://issues.redhat.com/browse/RHEL-111840
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
|
RHEL: pass priv->qemuCaps to qemuBuildObjectCommandlineFromJSON
|
|
---
|
|
src/conf/domain_conf.h | 5 +++++
|
|
src/qemu/qemu_command.c | 29 +++++++++++++++++++++++++++++
|
|
src/qemu/qemu_validate.c | 12 ++++++++++++
|
|
3 files changed, 46 insertions(+)
|
|
|
|
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
|
|
index 1238f2001f..0ea88e013b 100644
|
|
--- a/src/conf/domain_conf.h
|
|
+++ b/src/conf/domain_conf.h
|
|
@@ -2968,6 +2968,11 @@ struct _virDomainTDXDef {
|
|
};
|
|
|
|
|
|
+#define VIR_DOMAIN_TDX_POLICY_DEBUG 0x1
|
|
+#define VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE 0x10000000
|
|
+#define VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK (VIR_DOMAIN_TDX_POLICY_DEBUG | \
|
|
+ VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE)
|
|
+
|
|
struct _virDomainSecDef {
|
|
virDomainLaunchSecurity sectype;
|
|
union {
|
|
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
|
|
index 6c5e1926a5..c2183d332e 100644
|
|
--- a/src/qemu/qemu_command.c
|
|
+++ b/src/qemu/qemu_command.c
|
|
@@ -9750,6 +9750,34 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
|
|
}
|
|
|
|
|
|
+static int
|
|
+qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
|
|
+ virDomainTDXDef *tdx)
|
|
+{
|
|
+ g_autoptr(virJSONValue) props = NULL;
|
|
+ qemuDomainObjPrivate *priv = vm->privateData;
|
|
+
|
|
+ if (tdx->havePolicy)
|
|
+ VIR_DEBUG("policy=0x%llx", tdx->policy);
|
|
+
|
|
+ if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0",
|
|
+ "S:mrconfigid", tdx->mrconfigid,
|
|
+ "S:mrowner", tdx->mrowner,
|
|
+ "S:mrownerconfig", tdx->mrownerconfig,
|
|
+ NULL) < 0)
|
|
+ return -1;
|
|
+
|
|
+ if (tdx->havePolicy &&
|
|
+ virJSONValueObjectAdd(&props, "U:attributes", tdx->policy, NULL) < 0)
|
|
+ return -1;
|
|
+
|
|
+ if (qemuBuildObjectCommandlineFromJSON(cmd, props, priv->qemuCaps) < 0)
|
|
+ return -1;
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+
|
|
static int
|
|
qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
|
|
virDomainSecDef *sec)
|
|
@@ -9769,6 +9797,7 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
|
|
break;
|
|
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
|
|
+ return qemuBuildTDXCommandLine(vm, cmd, &sec->data.tdx);
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype);
|
|
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
|
|
index 34bb7e45c7..80aa2529f2 100644
|
|
--- a/src/qemu/qemu_validate.c
|
|
+++ b/src/qemu/qemu_validate.c
|
|
@@ -1392,6 +1392,18 @@ qemuValidateDomainDef(const virDomainDef *def,
|
|
}
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
|
|
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST)) {
|
|
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
+ _("Intel TDX launch security is not supported with this QEMU binary"));
|
|
+ return -1;
|
|
+ }
|
|
+ if (def->sec->data.tdx.havePolicy &&
|
|
+ def->sec->data.tdx.policy & ~VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK) {
|
|
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
+ _("Only bit0(debug) and bit28(sept-ve-disable) are supported intel TDX launch security policy"));
|
|
+ return -1;
|
|
+ }
|
|
+ break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
|
|
--
|
|
2.51.0
|