From: Zhenzhong Duan Date: Thu, 10 Jul 2025 07:21:16 +0000 (-0400) Subject: conf: Add Intel TDX Quote Generation Service(QGS) support X-Git-Tag: v11.6.0-rc1~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8214980432191138f052c2e32d12ae284597c8b8;p=thirdparty%2Flibvirt.git conf: Add Intel TDX Quote Generation Service(QGS) support Add element "quoteGenerationService" to tdx launch security type. It contains only an optional unix socket address attribute, when omitted, libvirt will use default QGS server address "/var/run/tdx-qgs/qgs.socket". UNIX sockets offer the required functionality with greater security than vsock, so libvirt only provides support for unix socket. XML example: 0x10000001 xxx xxx xxx Reviewed-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan --- diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 37d9e2bf72..59958c2f08 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3963,6 +3963,7 @@ virDomainSecDefFree(virDomainSecDef *def) g_free(def->data.tdx.mrconfigid); g_free(def->data.tdx.mrowner); g_free(def->data.tdx.mrownerconfig); + g_free(def->data.tdx.qgs_unix_path); break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: case VIR_DOMAIN_LAUNCH_SECURITY_NONE: @@ -14173,6 +14174,33 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def, } +static int +virDomainTDXQGSDefParseXML(virDomainTDXDef *def, xmlXPathContextPtr ctxt) +{ + g_autofree xmlNodePtr *nodes = NULL; + xmlNodePtr node; + int n; + + if ((n = virXPathNodeSet("./quoteGenerationService", ctxt, &nodes)) < 0) + return -1; + + if (!n) + return 0; + + if (n > 1) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only a single QGS element is supported")); + return -1; + } + node = nodes[0]; + + def->haveQGS = true; + def->qgs_unix_path = virXMLPropString(node, "path"); + + return 0; +} + + static int virDomainTDXDefParseXML(virDomainTDXDef *def, xmlXPathContextPtr ctxt) @@ -14192,7 +14220,7 @@ virDomainTDXDefParseXML(virDomainTDXDef *def, def->mrowner = virXPathString("string(./mrOwner)", ctxt); def->mrownerconfig = virXPathString("string(./mrOwnerConfig)", ctxt); - return 0; + return virDomainTDXQGSDefParseXML(def, ctxt); } @@ -27705,6 +27733,11 @@ virDomainTDXDefFormat(virBuffer *childBuf, virDomainTDXDef *def) virBufferEscapeString(childBuf, "%s\n", def->mrconfigid); virBufferEscapeString(childBuf, "%s\n", def->mrowner); virBufferEscapeString(childBuf, "%s\n", def->mrownerconfig); + if (def->haveQGS) { + virBufferAddLit(childBuf, "qgs_unix_path); + virBufferAddLit(childBuf, "/>\n"); + } } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 46fea544c4..c2111597a9 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -3006,6 +3006,8 @@ struct _virDomainTDXDef { char *mrconfigid; char *mrowner; char *mrownerconfig; + bool haveQGS; + char *qgs_unix_path; }; diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng index bb40e1d439..a714c3fcc5 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -674,6 +674,15 @@ + + + + + + + + +