From: Isaku Yamahata <email@example.com>
In TDX CPU state is also protected, thus vcpu state can't be reset by VMM.
It assumes -action reboot=shutdown instead of silently ignoring vcpu reset.
TDX module spec version 344425-002US doesn't support vcpu reset by VMM. VM
needs to be destroyed and created again to emulate REBOOT_ACTION_RESET.
For simplicity, put its responsibility to management system like libvirt
because it's difficult for the current qemu implementation to destroy and
re-create KVM VM resources with keeping other resources.
If management system wants reboot behavior for its users, it needs to
- set reboot_action to REBOOT_ACTION_SHUTDOWN,
- set shutdown_action to SHUTDOWN_ACTION_PAUSE optionally and,
- subscribe VM state change and on reboot, (destroy qemu if
SHUTDOWN_ACTION_PAUSE and) start new qemu.
Signed-off-by: Isaku Yamahata <firstname.lastname@example.org>
target/i386/kvm/tdx.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 1316d95209..0621317b0a 100644
@@ -25,6 +25,7 @@
@@ -363,6 +364,19 @@ static void tdx_guest_init(Object *obj)
+ * TDX module spec version 344425-002US doesn't support reset of vcpu by
+ * VMM. VM needs to be destroyed and created again to emulate
+ * REBOOT_ACTION_RESET. For simplicity, put its responsibility to
+ * management system like libvirt.
+ * Management system should
+ * - set reboot_action to REBOOT_ACTION_SHUTDOWN
+ * - set shutdown_action to SHUTDOWN_ACTION_PAUSE
+ * - subscribe VM state and on reboot, destroy qemu and start new qemu
+ reboot_action = REBOOT_ACTION_SHUTDOWN;
tdx->debug = false;
object_property_add_bool(obj, "debug", tdx_guest_get_debug,