[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v1 00/40] TDX QEMU support
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [PATCH v1 00/40] TDX QEMU support |
|
Date: |
Tue, 2 Aug 2022 10:49:45 +0100 |
|
User-agent: |
Mutt/2.2.6 (2022-06-05) |
On Tue, Aug 02, 2022 at 03:47:10PM +0800, Xiaoyao Li wrote:
> This is the first version that removes RFC tag since last RFC gots
> several acked-by. Hope more people and reviewers can help review it.
>
>
> This patch series aims to enable TDX support to allow creating and booting a
> TD (TDX VM) with QEMU. It needs to work with corresponding KVM patch [1].
> TDX related documents can be found in [2].
>
> this series is also available in github:
>
> https://github.com/intel/qemu-tdx/tree/tdx-qemu-upstream-v1
>
> To boot a TDX VM, it requires several changes/additional steps in the flow:
>
> 1. specify the vm type KVM_X86_TDX_VM when creating VM with
> IOCTL(KVM_CREATE_VM);
> 2. initialize VM scope configuration before creating any VCPU;
> 3. initialize VCPU scope configuration;
> 4. initialize virtual firmware (TDVF) in guest private memory before
> vcpu running;
>
> Besides, TDX VM needs to boot with TDVF (TDX virtual firmware) and currently
> upstream OVMF can serve as TDVF. This series adds the support of parsing TDVF,
> loading TDVF into guest's private memory and preparing TD HOB info for TDVF.
>
> [1] KVM TDX basic feature support v7
> https://lore.kernel.org/all/cover.1656366337.git.isaku.yamahata@intel.com/
>
> [2]
> https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
>
> == Limitation and future work ==
> - CPU model
>
> We cannot create a TD with arbitrary CPU model like what for non-TDX VMs,
> because only a subset of features can be configured for TD.
>
> - It's recommended to use '-cpu host' to create TD;
> - '+feature/-feature' might not work as expected;
>
> future work: To introduce specific CPU model for TDs and enhance +/-features
> for TDs.
Which features are incompatible with TDX ?
Presumably you have such a list, so that KVM can block them when
using '-cpu host' ? If so, we should be able to sanity check the
use of these features in QEMU for the named CPU models / feature
selection too.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: [PATCH v1 36/40] i386/tdx: Don't synchronize guest tsc for TDs, (continued)
- [PATCH v1 38/40] i386/tdx: Skip kvm_put_apicbase() for TDs, Xiaoyao Li, 2022/08/02
- [PATCH v1 35/40] hw/i386: add option to forcibly report edge trigger in acpi tables, Xiaoyao Li, 2022/08/02
- [PATCH v1 37/40] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs, Xiaoyao Li, 2022/08/02
- [PATCH v1 39/40] i386/tdx: Don't get/put guest state for TDX VMs, Xiaoyao Li, 2022/08/02
- [PATCH v1 40/40] docs: Add TDX documentation, Xiaoyao Li, 2022/08/02
- Re: [PATCH v1 00/40] TDX QEMU support,
Daniel P . Berrangé <=