From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 85F241FF15E for ; Mon, 13 Oct 2025 11:31:05 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CF167FB20; Mon, 13 Oct 2025 11:31:20 +0200 (CEST) Message-ID: <9f98346e-9a41-4060-ac06-84cc355cf4ca@proxmox.com> Date: Mon, 13 Oct 2025 11:30:45 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Fiona Ebner To: Proxmox VE development discussion , Anton Iacobaeus References: <20251001151237.50385-1-anton.iacobaeus@canarybit.eu> <20251001151237.50385-8-anton.iacobaeus@canarybit.eu> Content-Language: en-US In-Reply-To: X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1760347809214 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.021 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [intel.com] Subject: Re: [pve-devel] [PATCH qemu-server v2 3/3] Add support for Intel TDX X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Am 08.10.25 um 12:21 PM schrieb Fiona Ebner: > Am 04.10.25 um 3:23 PM schrieb Anton Iacobaeus: >> From: Philipp Giersfeld >> >> This commit adds support for setting up an Intel TDX VM. A Intel TDX VM >> can be setup similar to AMD SEV but uses a different firmware image. >> >> Signed-off-by: Philipp Giersfeld >> Signed-off-by: Anton Iacobaeus > > Apart from a few nits, see below: > Reviewed-by: Fiona Ebner >> @@ -3965,6 +3978,10 @@ sub config_to_command { >> if ($conf->{'amd-sev'}) { >> push @$devices, '-object', get_amd_sev_object($conf->{'amd-sev'}, $conf->{bios}); >> push @$machineFlags, 'confidential-guest-support=sev0'; >> + } elsif ($conf->{'intel-tdx'}) { >> + push @$devices, '-object', get_intel_tdx_object($conf->{'intel-tdx'}, $conf->{bios}); >> + push @$machineFlags, 'confidential-guest-support=tdx0'; >> + push @$machineFlags, 'kernel_irqchip=split'; One more thing I noticed/remembered: Don't we also need something like -device vhost-vsock-pci,guest-cid=3 for communication between QGS and TD VM like described in the docs: https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/05/host_os_setup/#setup-communication-path-between-qgs-and-td ? > > Nit: would be nice to have a comment describing the rationale behind the > kernel_irqchip option and/or a sentence in the commit message. > >> } >> >> PVE::QemuServer::Virtiofs::config($conf, $vmid, $devices); _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel