git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Zhenzhong Duan <zhenzhong.duan@intel.com>
	Wed, 15 Apr 2026 02:39:48 +0000 (22:39 -0400)
committer	Michal Privoznik <mprivozn@redhat.com>
	Wed, 15 Apr 2026 08:09:53 +0000 (10:09 +0200)
commit	9b6b234c0e963bebdcf014cfadf13aa2e11f63ca
tree	809b242892a11fcf36d3c0006788b6a252fc2833	tree \| snapshot
parent	80fb188790d3b75bc58f8feb83d6ed8ceda5c17e	commit \| diff

docs: Change TD example policy to 0x10000000

The definition of BIT0 in policy element comes from TDX spec, but it makes
confusion for some customers whether 0 or 1 activates debug:

  1. We know that "off-TD debug mode" basically means debug from outside the
     TD --> 1 activates debug.
  2. But when a customer is not aware of the term "off-TD debug" it is very
     easy to misinterpret this as "TD debug mode off" --> 1 deactivates debug.

Given that the policy example uses "0x10000001", the second interpretation
even becomes more likely, because a customer may assume that security by
default is applied in the example.

Thus, change the policy in example configuration to "0x10000000" and update
BIT0 definition to be more explicit.

Suggested-by: Fuhry Benny <benny.fuhry@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>