qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 41/58] i386/tdx: handle TDG.VP.VMCALL<GetQuote>

From: Xiaoyao Li
Subject: Re: [PATCH v2 41/58] i386/tdx: handle TDG.VP.VMCALL<GetQuote>
Date: Wed, 30 Aug 2023 13:57:59 +0800
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0 Thunderbird/102.14.0 
On 8/30/2023 1:18 PM, Chenyi Qiang wrote:



On 8/29/2023 6:25 PM, Daniel P. Berrangé wrote:

On Tue, Aug 29, 2023 at 01:31:37PM +0800, Chenyi Qiang wrote:



On 8/22/2023 4:24 PM, Daniel P. Berrangé wrote:

On Tue, Aug 22, 2023 at 08:52:30AM +0200, Markus Armbruster wrote:

Xiaoyao Li <xiaoyao.li@intel.com> writes:


From: Isaku Yamahata <isaku.yamahata@intel.com>

For GetQuote, delegate a request to Quote Generation Service.  Add property
of address of quote generation server and On request, connect to the
server, read request buffer from shared guest memory, send the request
buffer to the server and store the response into shared guest memory and
notify TD guest by interrupt.

"quote-generation-service" is a property to specify Quote Generation
Service(QGS) in qemu socket address format.  The examples of the supported
format are "vsock:2:1234", "unix:/run/qgs", "localhost:1234".

command line example:
   qemu-system-x86_64 \
     -object 'tdx-guest,id=tdx0,quote-generation-service=localhost:1234' \
     -machine confidential-guest-support=tdx0

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
  qapi/qom.json         |   5 +-
  target/i386/kvm/tdx.c | 380 ++++++++++++++++++++++++++++++++++++++++++
  target/i386/kvm/tdx.h |   7 +
  3 files changed, 391 insertions(+), 1 deletion(-)

diff --git a/qapi/qom.json b/qapi/qom.json
index 87c1d440f331..37139949d761 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -879,13 +879,16 @@
  #
  # @mrownerconfig: MROWNERCONFIG SHA384 hex string of 48 * 2 length (default: 
0)
  #
+# @quote-generation-service: socket address for Quote Generation Service(QGS)
+#
  # Since: 8.2
  ##
  { 'struct': 'TdxGuestProperties',
    'data': { '*sept-ve-disable': 'bool',
              '*mrconfigid': 'str',
              '*mrowner': 'str',
-            '*mrownerconfig': 'str' } }
+            '*mrownerconfig': 'str',
+            '*quote-generation-service': 'str' } }


Why not type SocketAddress?


Yes, the code uses SocketAddress internally when it eventually
calls qio_channel_socket_connect_async(), so we should directly
use SocketAddress in the QAPI from the start.


Any benefit to directly use SocketAddress?


We don't want whatever code consumes the configuration to
do a second level of parsing to convert the 'str' value
into the 'SocketAddress' object it actually needs.

QEMU has a long history of having a second round of ad-hoc
parsing of configuration and we've found it to be a serious
maintenence burden. Thus we strive to have everything
represented in QAPI using the desired final type, and avoid
the second round of parsing.


Thanks for your explanation.




"quote-generation-service" here is optional, it seems not trivial to add
and parse the SocketAddress type in QEMU command. After I change 'str'
to 'SocketAddress' and specify the command like "-object
tdx-guest,type=vsock,cid=2,port=1234...", it will report "invalid
parameter cid".


The -object parameter supports JSON syntax for this reason

    -object '{"qom-type":"tdx-guest","quote-generation-service":{"type": "vsock", 
"cid":"2","port":"1234"}}'

libvirt will always use the JSON syntax for -object with a new enough
QEMU.


The JSON syntax works for me. Then, we need to add some doc about using
JSON syntax when quote-generation-service is required.


This limitation doesn't look reasonable to me.

@Daniel,

Is it acceptable by QEMU community?



With regards,
Daniel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]