From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 7FF4D1FF17A for ; Tue, 28 Oct 2025 13:56:09 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BC9EB1ADE9; Tue, 28 Oct 2025 13:56:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1761656130; x=1762260930; d=canarybit.eu; s=rsa1; h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date: subject:cc:to:from:from; bh=oPKUOKC7genOuhC6nErKmMzQXsXf59mcPfHiPakNoDA=; b=qTVObzOCZU/a91PKyn4sL3vOBggjEv1PmAiMIZzXdrQBkCK8c1F5aAIVo5frTCNEdPkssvTM58xKN OUybNHnyMtmqW93pCkaxN6dL1P2hZLuYIeEOFE2/u9szfBzO3aTlIEL4mpxGyp1mQnG2xECQipNdmT hVAZZZYnY5+37NDqxv5/bbHFomekl4nzKg61T42k8Xj7ch4hYg4D9RD+XMy8eg4k7r+dAjiwVMcmRw 3KJH5IQ9p2Gf/ZNZnSAF3yECJhaQNnT5MQXfToxMiB0xxfc8RtEuY7SrwLDJc/dwR5IBUrs5jx0FCZ Vcg5iBK9dX+KMIEVYnqy7MS3QA471LA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1761656130; x=1762260930; d=canarybit.eu; s=ed1; h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date: subject:cc:to:from:from; bh=oPKUOKC7genOuhC6nErKmMzQXsXf59mcPfHiPakNoDA=; b=Svf1/dC5QzjW22MS/tYQH/6pcUh2D6RJEIi2tCPU3trixFpw4j1lsopkUkTUIz9cicqACDdYdQW4o yfSOsFxBQ== X-HalOne-ID: 615fe08f-b3fd-11f0-ada5-d510462faafc From: Anton Iacobaeus To: pve-devel@lists.proxmox.com Date: Tue, 28 Oct 2025 13:54:26 +0100 Message-ID: <20251028125459.287308-5-anton.iacobaeus@canarybit.eu> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251028125459.287308-1-anton.iacobaeus@canarybit.eu> References: <20251028125459.287308-1-anton.iacobaeus@canarybit.eu> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.650 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_MISSING 0.1 Missing DMARC policy MIME_BASE64_TEXT 1.741 Message text disguised using base64 encoding RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH manager v3 1/2] Add support for Intel TDX X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Cc: Philipp Giersfeld Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" From: Philipp Giersfeld This commit adds suppport to enable Intel TDX for a VM similar to AMD SEV. Signed-off-by: Philipp Giersfeld Signed-off-by: Anton Iacobaeus --- www/manager6/Makefile | 1 + www/manager6/qemu/Options.js | 12 +++++ www/manager6/qemu/TdxEdit.js | 93 ++++++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 www/manager6/qemu/TdxEdit.js diff --git a/www/manager6/Makefile b/www/manager6/Makefile index 85f9268d..af9baa68 100644 --- a/www/manager6/Makefile +++ b/www/manager6/Makefile @@ -275,6 +275,7 @@ JSSRC= \ qemu/SevEdit.js \ qemu/Smbios1Edit.js \ qemu/SystemEdit.js \ + qemu/TdxEdit.js \ qemu/USBEdit.js \ qemu/VirtiofsEdit.js \ sdn/Browser.js \ diff --git a/www/manager6/qemu/Options.js b/www/manager6/qemu/Options.js index 6fe96fe2..e40fb4a3 100644 --- a/www/manager6/qemu/Options.js +++ b/www/manager6/qemu/Options.js @@ -386,6 +386,18 @@ Ext.define('PVE.qemu.Options', { return value; }, }, + 'intel-tdx': { + header: gettext('Intel TDX'), + editor: caps.vms['VM.Config.HWType'] ? 'PVE.qemu.TdxEdit' : undefined, + defaultValue: Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')', + renderer: function (value, metaData, record, ri, ci, store, pending) { + let intel_tdx = PVE.Parser.parsePropertyString(value, 'type'); + if (intel_tdx.type === 'tdx') { + return 'Intel (' + value + ')'; + } + return value; + }, + }, hookscript: { header: gettext('Hookscript'), }, diff --git a/www/manager6/qemu/TdxEdit.js b/www/manager6/qemu/TdxEdit.js new file mode 100644 index 00000000..3f43bf7a --- /dev/null +++ b/www/manager6/qemu/TdxEdit.js @@ -0,0 +1,93 @@ +Ext.define('PVE.qemu.TdxInputPanel', { + extend: 'Proxmox.panel.InputPanel', + xtype: 'pveTdxInputPanel', + + onlineHelp: 'qm_memory', // TODO: change to 'qm_memory_encryption' one available + + viewModel: { + data: { + type: '__default__', + }, + formulas: { + tdxEnabled: (get) => get('type') === 'tdx', + }, + }, + + onGetValues: function (values) { + if (values.delete === 'type') { + values.delete = 'intel-tdx'; + return values; + } + let ret = {}; + ret['intel-tdx'] = PVE.Parser.printPropertyString(values, 'type'); + return ret; + }, + + setValues: function (values) { + this.callParent(arguments); + }, + + items: [ + { + xtype: 'proxmoxKVComboBox', + fieldLabel: gettext('Intel TDX Type'), + labelWidth: 150, + name: 'type', + value: '__default__', + comboItems: [ + [ + '__default__', + Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')', + ], + ['tdx', 'Intel TDX'], + ], + bind: { + value: '{type}', + }, + }, + { + xtype: 'displayfield', + userCls: 'pmx-hint', + value: gettext('WARNING: When using Intel TDX no EFI disk is loaded as pflash.'), + bind: { + hidden: '{!tdxEnabled}', + }, + }, + { + xtype: 'displayfield', + userCls: 'pmx-hint', + value: gettext('Note: Intel TDX requires host kernel version 6.16 or higher.'), + bind: { + hidden: '{!tdxEnabled}', + }, + }, + ], + + advancedItems: [], +}); + +Ext.define('PVE.qemu.TdxEdit', { + extend: 'Proxmox.window.Edit', + + subject: 'Intel Trust Domain Extension (TDX)', + + items: { + xtype: 'pveTdxInputPanel', + }, + + width: 400, + + initComponent: function () { + let me = this; + + me.callParent(); + + me.load({ + success: function (response) { + let conf = response.result.data; + let intel_tdx = conf['intel-tdx'] || '__default__'; + me.setValues(PVE.Parser.parsePropertyString(intel_tdx, 'type')); + }, + }); + }, +}); -- 2.43.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel