Re: [PATCH v1 00/40] TDX QEMU support

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 00/40] TDX QEMU support

From:	Xiaoyao Li
Subject:	Re: [PATCH v1 00/40] TDX QEMU support
Date:	Tue, 2 Aug 2022 18:55:48 +0800
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.11.0

On 8/2/2022 5:49 PM, Daniel P. Berrangé wrote:

On Tue, Aug 02, 2022 at 03:47:10PM +0800, Xiaoyao Li wrote:

- CPU model

   We cannot create a TD with arbitrary CPU model like what for non-TDX VMs,
   because only a subset of features can be configured for TD.

- It's recommended to use '-cpu host' to create TD;

   - '+feature/-feature' might not work as expected;

   future work: To introduce specific CPU model for TDs and enhance +/-features
                for TDs.


Which features are incompatible with TDX ?

TDX enforces some features fixed to 1 (e.g., CPUID_EXT_X2APIC,CPUID_EXT_HYPERVISOR)and some fixed to 0 (e.g., CPUID_EXT_VMX ).


Details can be found in patch 8 and TDX spec chapter "CPUID virtualization"

Presumably you have such a list, so that KVM can block them when

using '-cpu host' ?

No, KVM doesn't do this. The result is no error reported from KVM butwhat TD OS sees from CPUID might be different what user specifies in QEMU.

If so, we should be able to sanity check the
use of these features in QEMU for the named CPU models / feature
selection too.

This series enhances get_supported_cpuid() for TDX. If named CPU modelsare used to boot a TDX guest, it likely gets warning of "xxx feature isnot available"

We have another series to enhance the "-feature" for TDX, to warn out ifsome fixed1 is specified to be removed. Besides, we will introducespecific named CPU model for TDX. e.g., TDX-SapphireRapids whichcontains the maximum feature set a TDX guest can have on SPR host.


With regards,
Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v1 38/40] i386/tdx: Skip kvm_put_apicbase() for TDs, (continued)
- [PATCH v1 38/40] i386/tdx: Skip kvm_put_apicbase() for TDs, Xiaoyao Li, 2022/08/02
  - Re: [PATCH v1 38/40] i386/tdx: Skip kvm_put_apicbase() for TDs, Gerd Hoffmann, 2022/08/26
- [PATCH v1 35/40] hw/i386: add option to forcibly report edge trigger in acpi tables, Xiaoyao Li, 2022/08/02
  - Re: [PATCH v1 35/40] hw/i386: add option to forcibly report edge trigger in acpi tables, Gerd Hoffmann, 2022/08/26
- [PATCH v1 37/40] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs, Xiaoyao Li, 2022/08/02
- [PATCH v1 39/40] i386/tdx: Don't get/put guest state for TDX VMs, Xiaoyao Li, 2022/08/02
  - Re: [PATCH v1 39/40] i386/tdx: Don't get/put guest state for TDX VMs, Gerd Hoffmann, 2022/08/26
- [PATCH v1 40/40] docs: Add TDX documentation, Xiaoyao Li, 2022/08/02
  - Re: [PATCH v1 40/40] docs: Add TDX documentation, Gerd Hoffmann, 2022/08/26
- Re: [PATCH v1 00/40] TDX QEMU support, Daniel P . Berrangé, 2022/08/02
  - Re: [PATCH v1 00/40] TDX QEMU support, Xiaoyao Li <=
    - Re: [PATCH v1 00/40] TDX QEMU support, Daniel P . Berrangé, 2022/08/03
    - Re: [PATCH v1 00/40] TDX QEMU support, Xiaoyao Li, 2022/08/04

Prev by Date: Re: [PATCH v1 01/40] *** HACK *** linux-headers: Update headers to pull in TDX API changes
Next by Date: Re: [PATCH v4 1/1] monitor: Support specified vCPU registers
Previous by thread: Re: [PATCH v1 00/40] TDX QEMU support
Next by thread: Re: [PATCH v1 00/40] TDX QEMU support
Index(es):
- Date
- Thread