From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 05BAB1FF185 for ; Mon, 17 Nov 2025 11:49:04 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4F692143F1; Mon, 17 Nov 2025 11:49:00 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1763376530; x=1763981330; d=canarybit.eu; s=rsa1; h=content-transfer-encoding:mime-version:message-id:date:subject:cc:to:from: from; bh=NH/WZlyAcZtfkBafXDhuJHLZ0IkTFWYQPYGMSSPO4aI=; b=TRBsya31tkVosz9un/yshkr16ymhoVI207d9LBgFCzYizqVlxcu7UD+noVWhh2GpKQL8UJrvS5Kw1 Q9RQs2zNlU3Icnxp7YtXOkyKIMO+K3hRuFZ8VJyF0muKJUu8K3i49oSg0hqXf3ZsRyZzdnk+uvlPtv 66Chfb87hcJLYIicJq/212FqXHvkwbunhK4ToGDJH3r7Xh8uCL25zx6/zGnAtqnrK21P77HmZANPEL YefphO6wvPUPjS1JI0SYLLO2yHVxhGuJpMTsP+FG8fuI/q1c9eH/gEfKrLl7UHxcU1E+AZpRuCsSsO 1jFhSVSJGhx/Bhvs5LujcIEKqtgADog== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1763376530; x=1763981330; d=canarybit.eu; s=ed1; h=content-transfer-encoding:mime-version:message-id:date:subject:cc:to:from: from; bh=NH/WZlyAcZtfkBafXDhuJHLZ0IkTFWYQPYGMSSPO4aI=; b=34FdiDbk0wu+q0d9WBR5b7GRxR/49ov18+tOooNCScsu6XspjVVX69ezcsnkvvPCFM83HIfTnQdZR pZPviEbBw== X-HalOne-ID: fd55a5c5-c3a2-11f0-a478-c9fa7b04d629 From: Anton Iacobaeus To: pve-devel@lists.proxmox.com Date: Mon, 17 Nov 2025 11:47:58 +0100 Message-ID: <20251117104817.471815-1-anton.iacobaeus@canarybit.eu> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.864 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_MISSING 0.1 Missing DMARC policy MIME_BASE64_TEXT 1.741 Message text disguised using base64 encoding RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [intel.com, canarybit.eu, cpuconfig.pm, qemuserver.pm, qemu.org, proxmox.com] Subject: [pve-devel] [PATCH manager/qemu-server 0/2] Add support for Intel TDX attestation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" This patch series adds support for configuring the Quote Generation Socket object used for attestation in Intel TDX. This is effectively v4 of https://lists.proxmox.com/pipermail/pve-devel/2025-October/076262.html without the already applied patches. A part from Intel TDX support a running Quote Generation Service (QGS) on the host (or dedicated VM) connected to a Provisioning Certificate Caching Service (PCCS) is also required for attestation, more information can be found at: https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/02/infrastructure_setup/ Only a subset of the possible socket types are implemented with this patch. Ideally the SocketAddress object as defined in QEMU would be fully implemented, but for the sake of TDX this is not neccessary. More information at: https://www.qemu.org/docs/master/interop/qemu-storage-daemon-qmp-ref.html#object-QSD-sockets.SocketAddress pve-manager: Anton Iacobaeus (1): Add support for TDX attestation www/manager6/qemu/TdxEdit.js | 56 +++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) qemu-server: Anton Iacobaeus (1): Add support for TDX quote-generation-socket object src/PVE/QemuServer.pm | 3 +- src/PVE/QemuServer/CPUConfig.pm | 60 +++++++++++++++++++++++++++++++-- 2 files changed, 60 insertions(+), 3 deletions(-) -- 2.43.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel