qemu: Add command line for TDX Quote Generation Service(QGS)

'tdx-guest' object supports a "quote-generation-socket" property for
attestation purpose. When "quote-generation-socket" is configured in
guest xml, libvirt generates unix socket format cmdline for QEMU.

'Path' element can be omitted, default path "/var/run/tdx-qgs/qgs.socket"
is used in this case.

QEMU command line example:
  qemu-system-x86_64 \
    -object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435457}' \
    -machine pc-q35-6.0,confidential-guest-support=lsec0

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c2111597a9d93b34cd3a284468d109d936140ba4..596d1389730395a1c6b5b8223578690a5ff7e134 100644 (file)
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3000,6 +3000,9 @@ struct _virDomainSEVSNPDef {
 };
 
 
+/* Copied from QGS source code */
+#define QGS_UNIX_SOCKET_FILE   "/var/run/tdx-qgs/qgs.socket"
+
 struct _virDomainTDXDef {
     bool havePolicy;
     unsigned long long policy;

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4c38bc3cf9977df1af85f33d9727459210a72096..457dee702968b15ced7dd1c568605c933ca6ec00 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9961,15 +9961,29 @@ qemuBuildPVCommandLine(virCommand *cmd)
 static int
 qemuBuildTDXCommandLine(virCommand *cmd, virDomainTDXDef *tdx)
 {
+    g_autoptr(virJSONValue) addr = NULL;
     g_autoptr(virJSONValue) props = NULL;
+    const char *path = QGS_UNIX_SOCKET_FILE;
 
     if (tdx->havePolicy)
         VIR_DEBUG("policy=0x%llx", tdx->policy);
 
+    if (tdx->haveQGS) {
+        if (tdx->qgs_unix_path)
+            path = tdx->qgs_unix_path;
+
+        if (virJSONValueObjectAdd(&addr,
+                                  "s:type", "unix",
+                                  "s:path", path,
+                                  NULL) < 0)
+            return -1;
+    }
+
     if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0",
                                      "S:mrconfigid", tdx->mrconfigid,
                                      "S:mrowner", tdx->mrowner,
                                      "S:mrownerconfig", tdx->mrownerconfig,
+                                     "A:quote-generation-socket", &addr,
                                      NULL) < 0)
         return -1;