RE: [PATCH v3 20/21] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


>-----Original Message-----
>From: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of
>'launch-security-tdx*' test data
>
>On Fri, Jul 04, 2025 at 03:10:11AM +0000, Duan, Zhenzhong wrote:
>>
>>
>> >-----Original Message-----
>> >From: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>> >Subject: Re: [PATCH v3 20/21] qemuxmlconftest: Add latest version of
>> >'launch-security-tdx*' test data
>> >
>> >On Mon, Jun 30, 2025 at 02:17:31PM +0800, Zhenzhong Duan wrote:
>> >> We now have the '+inteltdx' variant dumped from a modern qemu with
>tdx
>> >support,
>> >> add qemuxmlconftest data for that variant.
>> >>
>> >> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
>> >> ---
>> >>  ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++++++++++
>> >>  ...ch-security-tdx.x86_64-latest+inteltdx.xml | 74
>+++++++++++++++++++
>> >>  tests/qemuxmlconfdata/launch-security-tdx.xml | 27 +++++++
>> >>  tests/qemuxmlconftest.c                       |  3 +
>> >>  4 files changed, 148 insertions(+)
>> >>  create mode 100644
>> >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.args
>> >>  create mode 100644
>> >tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
>> >>  create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml
>> >
>> >
>> >> diff --git
>> >a/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
>> >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
>> >> new file mode 100644
>> >> index 0000000000..77fada7408
>> >> --- /dev/null
>> >> +++
>> >b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest+inteltdx.xml
>> >> @@ -0,0 +1,74 @@
>> >> +<domain type='qemu'>
>> >
>> >> +  <launchSecurity type='tdx'>
>> >> +    <policy>0x1</policy>
>> >> +
>> ><mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vnia
>vN
>> >7wEjRWeJq83v</mrConfigId>
>> >> +
>> ><mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0Vniav
>N7
>> >wEjRWeJq83v</mrOwner>
>> >> +
>> ><mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0
>Vni
>> >avN7wEjRWeJq83v</mrOwnerConfig>
>> >> +  </launchSecurity>
>> >
>> >Can you extend this to include the QGS config too.
>>
>> Got it, have done it internally, look forward to more comments.
>
>Also, IIUC, policy 0x1 is not valid - can you make it use 0x10000000
>which seems to be valid with KVM.

Sure.

Thanks
Zhenzhong
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux