From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id BDB261FF16F
	for <inbox@lore.proxmox.com>; Tue, 16 Sep 2025 11:13:26 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 2EC77E45F;
	Tue, 16 Sep 2025 11:13:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1758009451;
 x=1758614251; d=canarybit.eu; s=rsa1;
 h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date:
 subject:cc:to:from:from;
 bh=RWFAd+6bPFwxLncySl23jPRJZ/oBS+ai0m7295LfZI0=;
 b=0Nl45emd0OuMZCIV1CBS3sbunsOsMz51EPkuNxwGAdqEl4j69Yjm+ncQcGcSKFDQRDaHFS1ENHAvs
 QO2Fq4Uqn6IdoVTim4whEdhzShPYX8bR68u7sWRYs3rA7RJZGvP0mefacxs34/H7d8iuMM5X+cnLGD
 ruhu1QyinI87KbNiMLltBkBRhNU+V2Z/tJMe5sVeDqhvmtOtd91KBpErNmRPBisFM3JkFdxvBD9hj/
 kGrJjH84vocgGHNYiexlfuhSD/3fImzaHiwVxI0LTVS1TiRqEm8Nkvg7bumM3afRLdnsru+E80JimJ
 e8FPLS/Bqo2Mw0u4Mkkv+XuKDv7yZzA==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1758009451;
 x=1758614251; d=canarybit.eu; s=ed1;
 h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date:
 subject:cc:to:from:from;
 bh=RWFAd+6bPFwxLncySl23jPRJZ/oBS+ai0m7295LfZI0=;
 b=dSvl+n+eXu6S5+VwJ0q41Qotc8NLE1bhN2gRMP6SFL96JBDA3xVGq4No1MspNnDLarYqgRxnoUa4R
 Kaas2vsBQ==
X-HalOne-ID: cbeb6f42-92d2-11f0-842d-494313b7f784
From: Anton Iacobaeus <anton.iacobaeus@canarybit.eu>
To: pve-devel@lists.proxmox.com
Date: Tue, 16 Sep 2025 09:52:50 +0200
Message-ID: <20250916075406.33084-8-anton.iacobaeus@canarybit.eu>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20250916075406.33084-2-anton.iacobaeus@canarybit.eu>
References: <20250916075406.33084-2-anton.iacobaeus@canarybit.eu>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain DMARC_MISSING             0.1 Missing DMARC policy
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
X-Mailman-Approved-At: Tue, 16 Sep 2025 11:13:12 +0200
Subject: [pve-devel] [PATCH manager 1/1] Add support for Intel TDX
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Cc: Anton Iacobaeus <anton.iacobaeus@canarybit.eu>,
 Philipp Giersfeld <philipp.giersfeld@canarybit.eu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

From: Philipp Giersfeld <philipp.giersfeld@canarybit.eu>

This commit adds suppport to enable Intel TDX for a VM similar to AMD
SEV.

Signed-off-by: Philipp Giersfeld <philipp.giersfeld@canarybit.eu>
Signed-off-by: Anton Iacobaeus <anton.iacobaeus@canarybit.eu>
---
 www/manager6/Makefile        |  1 +
 www/manager6/qemu/Options.js | 12 +++++
 www/manager6/qemu/TdxEdit.js | 90 ++++++++++++++++++++++++++++++++++++
 3 files changed, 103 insertions(+)
 create mode 100644 www/manager6/qemu/TdxEdit.js

diff --git a/www/manager6/Makefile b/www/manager6/Makefile
index 07401f21..5a79eed7 100644
--- a/www/manager6/Makefile
+++ b/www/manager6/Makefile
@@ -275,6 +275,7 @@ JSSRC= 							\
 	qemu/SevEdit.js					\
 	qemu/Smbios1Edit.js				\
 	qemu/SystemEdit.js				\
+	qemu/TdxEdit.js					\
 	qemu/USBEdit.js					\
 	qemu/VirtiofsEdit.js				\
 	sdn/Browser.js					\
diff --git a/www/manager6/qemu/Options.js b/www/manager6/qemu/Options.js
index 6fe96fe2..044ed227 100644
--- a/www/manager6/qemu/Options.js
+++ b/www/manager6/qemu/Options.js
@@ -386,6 +386,18 @@ Ext.define('PVE.qemu.Options', {
                     return value;
                 },
             },
+            'intel-tdx': {
+                header: gettext('Intel TDX'),
+                editor: caps.vms['VM.Config.HWType'] ? 'PVE.qemu.TdxEdit' : undefined,
+                defaultValue: Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')',
+                renderer: function(value, metaData, record, ri, ci, store, pending) {
+                    let intel_tdx = PVE.Parser.parsePropertyString(value, "type");
+                    if (intel_tdx.type === 'tdx') {
+                        return 'Intel (' + value + ')';
+                    }
+                    return value;
+                },
+            },
             hookscript: {
                 header: gettext('Hookscript'),
             },
diff --git a/www/manager6/qemu/TdxEdit.js b/www/manager6/qemu/TdxEdit.js
new file mode 100644
index 00000000..735a478c
--- /dev/null
+++ b/www/manager6/qemu/TdxEdit.js
@@ -0,0 +1,90 @@
+Ext.define('PVE.qemu.TdxInputPanel', {
+    extend: 'Proxmox.panel.InputPanel',
+    xtype: 'pveTdxInputPanel',
+
+    onlineHelp: 'qm_memory', // TODO: change to 'qm_memory_encryption' one available
+
+    viewModel: {
+	data: {
+	    type: '__default__',
+	},
+	formulas: {
+	    tdxEnabled: get => get('type') === 'tdx',
+	},
+    },
+
+    onGetValues: function(values) {
+	if (values.delete === 'type') {
+	    values.delete = 'intel-tdx';
+	    return values;
+	}
+	let ret = {};
+	ret['intel-tdx'] = PVE.Parser.printPropertyString(values, 'type');
+	return ret;
+    },
+
+
+    setValues: function(values) {
+	this.callParent(arguments);
+    },
+
+	items: [{
+	xtype: 'proxmoxKVComboBox',
+	fieldLabel: gettext('Intel TDX Type'),
+	labelWidth: 150,
+	name: 'type',
+	value: '__default__',
+	comboItems: [
+	    ['__default__', Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')'],
+	    ['tdx', 'Intel TDX'],
+	],
+	bind: {
+	    value: '{type}',
+	},
+    },
+    {
+	xtype: 'displayfield',
+	userCls: 'pmx-hint',
+	value: gettext('WARNING: When using Intel TDX no EFI disk is loaded as pflash.'),
+	bind: {
+	    hidden: '{!tdxEnabled}',
+	},
+    },
+    {
+	xtype: 'displayfield',
+	userCls: 'pmx-hint',
+	value: gettext('Note: Intel TDX requires host kernel version 6.16 or higher.'),
+	bind: {
+	    hidden: '{!tdxEnabled}',
+	},
+    }],
+
+    advancedItems: [
+    ],
+});
+
+Ext.define('PVE.qemu.TdxEdit', {
+    extend: 'Proxmox.window.Edit',
+
+    subject: 'Intel Trust Domain Extension (TDX)',
+
+    items: {
+	xtype: 'pveTdxInputPanel',
+    },
+
+    width: 400,
+
+    initComponent: function() {
+	let me = this;
+
+	me.callParent();
+
+	me.load({
+	    success: function(response) {
+		let conf = response.result.data;
+		let intel_tdx = conf['intel-tdx'] || '__default__';
+		me.setValues(PVE.Parser.parsePropertyString(intel_tdx, 'type'));
+	    },
+	});
+    },
+});
-- 
2.43.0


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel