From: Zhenzhong Duan Date: Wed, 15 Apr 2026 02:39:48 +0000 (-0400) Subject: docs: Change TD example policy to 0x10000000 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b6b234c0e963bebdcf014cfadf13aa2e11f63ca;p=thirdparty%2Flibvirt.git docs: Change TD example policy to 0x10000000 The definition of BIT0 in policy element comes from TDX spec, but it makes confusion for some customers whether 0 or 1 activates debug: 1. We know that "off-TD debug mode" basically means debug from outside the TD --> 1 activates debug. 2. But when a customer is not aware of the term "off-TD debug" it is very easy to misinterpret this as "TD debug mode off" --> 1 deactivates debug. Given that the policy example uses "0x10000001", the second interpretation even becomes more likely, because a customer may assume that security by default is applied in the example. Thus, change the policy in example configuration to "0x10000000" and update BIT0 definition to be more explicit. Suggested-by: Fuhry Benny Signed-off-by: Zhenzhong Duan Reviewed-by: Michal Privoznik --- diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 1a4bd4c6e9..b589fc9429 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -9834,7 +9834,7 @@ Example configuration: ... - 0x10000001 + 0x10000000 xxx xxx xxx @@ -9855,7 +9855,9 @@ Example configuration: ====== ==================================================================================== Bit(s) Description ====== ==================================================================================== - 0 Guest TD runs in off-TD debug mode when set + 0 Activate off-TD debug when set, i.e., activate debug from outside the TD. Its VCPU + state and private memory are accessible by the host VMM. + Deactivate off-TD debug when clear, i.e., deactivate debug from outside the TD. 1:27 reserved 28 Disable EPT violation conversion to #VE on guest TD access of PENDING pages when set 29:63 reserved