From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 696781FF185 for ; Mon, 17 Nov 2025 11:48:59 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C561714364; Mon, 17 Nov 2025 11:48:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1763376531; x=1763981331; d=canarybit.eu; s=rsa1; h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date: subject:cc:to:from:from; bh=ZkiIpysXhImbCQF2CTp7p2Vl64Cgb8XGgO/ixzKeZeM=; b=noSfw2fR3m21QPc5dfWpdXggs2U42APJh43snhxGW6NDwikZmZw2nAumthQ3U49vmx1xtdmwInO9w SqSmlIVoDwuYzDfoZjk/S7PEgpKHmWeYHo7ZQGuzzYubpDBnUZBoiL9zIb0+u7gYdXNhzPYn47Q4sZ zw8v2ABSXk7IVzn6Pat936mIFCL/J74RhuJh35PujQegHrQn4CSHmsklCpMdUZ6J6DJncFXFnI9HRZ XieZH7iCajU+UcvsVIaoQkpVRSFDXg20ntgyzLad2+x32zL69f/rZHQE+UHQKf6+g1rJDlEs9qsCfz mlFajGXE82F/TZlaKs3nWjakvhML56Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1763376531; x=1763981331; d=canarybit.eu; s=ed1; h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date: subject:cc:to:from:from; bh=ZkiIpysXhImbCQF2CTp7p2Vl64Cgb8XGgO/ixzKeZeM=; b=a4npT+AgULc2iS0JM0xi29i3VM+cpKGhFsKae1cdJ+xb8kNNKSRTIkcY7+kLITTUaZfXpvbxoXZYt 4jqyFRABg== X-HalOne-ID: ffb82ddb-c3a2-11f0-a47b-c9fa7b04d629 From: Anton Iacobaeus To: pve-devel@lists.proxmox.com Date: Mon, 17 Nov 2025 11:47:59 +0100 Message-ID: <20251117104817.471815-2-anton.iacobaeus@canarybit.eu> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251117104817.471815-1-anton.iacobaeus@canarybit.eu> References: <20251117104817.471815-1-anton.iacobaeus@canarybit.eu> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.768 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_MISSING 0.1 Missing DMARC policy MIME_BASE64_TEXT 1.741 Message text disguised using base64 encoding RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [qemu.org, canarybit.eu] Subject: [pve-devel] [PATCH manager 1/1] Add support for TDX attestation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Add configuration options for the quote-generation-socket used to communicate with the Quote Generation Service. This enables attestation support for TDX using vsock. More information can be found at: https://www.qemu.org/docs/master/interop/qemu-storage-daemon-qmp-ref.html#object-QSD-qom.TdxGuestProperties This only includes support for vsock. The SocketAddress object in QEMU also supports unix, inet and fd, which are not commonly used in TDX. Signed-off-by: Anton Iacobaeus --- www/manager6/qemu/TdxEdit.js | 56 +++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/www/manager6/qemu/TdxEdit.js b/www/manager6/qemu/TdxEdit.js index 4a7ed0c4..71735e12 100644 --- a/www/manager6/qemu/TdxEdit.js +++ b/www/manager6/qemu/TdxEdit.js @@ -7,9 +7,11 @@ Ext.define('PVE.qemu.TdxInputPanel', { viewModel: { data: { type: '__default__', + attestation: 1, }, formulas: { tdxEnabled: (get) => get('type') === 'tdx', + attestationEnabled: (get) => Number(get('attestation')) === 1, }, }, @@ -65,7 +67,59 @@ Ext.define('PVE.qemu.TdxInputPanel', { }, ], - advancedItems: [], + advancedItems: [ + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('Enable Attestation'), + labelWidth: 150, + name: 'attestation', + value: 1, + uncheckedValue: 0, + bind: { + value: '{attestation}', + hidden: '{!tdxEnabled}', + disabled: '{!tdxEnabled}', + }, + }, + { + xtype: 'proxmoxKVComboBox', + fieldLabel: gettext('Socket Type'), + labelWidth: 150, + name: 'socket-type', + value: 'vsock', + comboItems: [['vsock', 'VSOCK']], + bind: { + hidden: '{!tdxEnabled}', + disabled: '{!attestationEnabled || !tdxEnabled}', + }, + }, + { + xtype: 'proxmoxintegerfield', + fieldLabel: gettext('CID'), + labelWidth: 150, + name: 'vsock-cid', + minValue: 2, + value: '2', + allowBlank: false, + bind: { + hidden: '{!tdxEnabled}', + disabled: '{!attestationEnabled || !tdxEnabled}', + }, + }, + { + xtype: 'proxmoxintegerfield', + fieldLabel: gettext('Port'), + labelWidth: 150, + name: 'vsock-port', + minValue: 0, + value: '4050', + allowBlank: false, + bind: { + hidden: '{!tdxEnabled}', + disabled: '{!attestationEnabled || !tdxEnabled}', + }, + }, + ], }); Ext.define('PVE.qemu.TdxEdit', { -- 2.43.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel