qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 49/65] i386/tdx: handle TDG.VP.VMCALL<GetQuote>

From: Daniel P . Berrangé
Subject: Re: [PATCH v5 49/65] i386/tdx: handle TDG.VP.VMCALL<GetQuote>
Date: Mon, 11 Mar 2024 09:27:43 +0000
User-agent: Mutt/2.2.12 (2023-09-09) 
On Thu, Feb 29, 2024 at 01:37:10AM -0500, Xiaoyao Li wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
> 
> Add property "quote-generation-socket" to tdx-guest, which is a property
> of type SocketAddress to specify Quote Generation Service(QGS).
> 
> On request of GetQuote, it connects to the QGS socket, read request
> data from shared guest memory, send the request data to the QGS,
> and store the response into shared guest memory, at last notify
> TD guest by interrupt.
> 
> command line example:
>   qemu-system-x86_64 \
>     -object 
> '{"qom-type":"tdx-guest","id":"tdx0","quote-generation-socket":{"type": 
> "vsock", "cid":"1","port":"1234"}}' \

Can you illustrate this with 'unix' sockets, not 'vsock'.

It makes no conceptual sense to be using vsock for two
processes on the host to be using vsock to talk to
each other. vsock is only needed for the guest to talk
to the host.

>     -machine confidential-guest-support=tdx0
> 
> Note, above example uses vsock type socket because the QGS we used
> implements the vsock socket. It can be other types, like UNIX socket,
> which depends on the implementation of QGS.
> 
> To avoid no response from QGS server, setup a timer for the transaction.
> If timeout, make it an error and interrupt guest. Define the threshold of
> time to 30s at present, maybe change to other value if not appropriate.
> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> Codeveloped-by: Chenyi Qiang <chenyi.qiang@intel.com>
> Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
> Codeveloped-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
> Changes in v5:
> - add more decription of quote-generation-socket property;
> 
> Changes in v4:
> - merge next patch "i386/tdx: setup a timer for the qio channel";
> 
> Changes in v3:
> - rename property "quote-generation-service" to "quote-generation-socket";
> - change the type of "quote-generation-socket" from str to
>   SocketAddress;
> - squash next patch into this one;
> ---
>  qapi/qom.json                         |   8 +-
>  target/i386/kvm/meson.build           |   2 +-
>  target/i386/kvm/tdx-quote-generator.c | 170 ++++++++++++++++++++
>  target/i386/kvm/tdx-quote-generator.h |  95 +++++++++++
>  target/i386/kvm/tdx.c                 | 216 ++++++++++++++++++++++++++
>  target/i386/kvm/tdx.h                 |   6 +
>  6 files changed, 495 insertions(+), 2 deletions(-)
>  create mode 100644 target/i386/kvm/tdx-quote-generator.c
>  create mode 100644 target/i386/kvm/tdx-quote-generator.h


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
reply via email to
[Prev in Thread] Current Thread [Next in Thread]