From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 6A6101FF15E
	for <inbox@lore.proxmox.com>; Mon, 10 Nov 2025 16:02:38 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 5DDF51996E;
	Mon, 10 Nov 2025 16:03:19 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1762786988;
 x=1763391788; d=canarybit.eu; s=rsa1;
 h=content-transfer-encoding:content-type:in-reply-to:from:references:to:subject:
 mime-version:date:message-id:from;
 bh=vMRfE/evYD06SJwLTR3S2+zTJbfDOpZQnIZF8LBG4NA=;
 b=fLAVbeKm2kcrPC7q2LfIdPZko9Wz4hUQz/mlu3/pMGkw4wb8s14ZxnieVOV0y9u4yVukqKEtZBz7A
 dBqP4AEkgtVuSZl8+PSBYJupFyefaHrdHmSz1EqC0XY628RJtqiR7qRh52fikIaBQ1Zb+Q1Ntokzs8
 7pHEeH9CUy3474X1A+ibeqZUwljXcRkJLdxEGB7FxYQFBwTQEkLNSfVoBp2ACtniWwiHmfi+jOSZh7
 aD919iIBH14fR/MNKxew9pR3cls/h4cNbwVRmbUMXuBMAaU5vKNWvdC9cR3MqCLZZk0lbhzjKiF05z
 yb5dw6RncjDBhsX735rKak1wnBfUIHw==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1762786988;
 x=1763391788; d=canarybit.eu; s=ed1;
 h=content-transfer-encoding:content-type:in-reply-to:from:references:to:subject:
 mime-version:date:message-id:from;
 bh=vMRfE/evYD06SJwLTR3S2+zTJbfDOpZQnIZF8LBG4NA=;
 b=dns5C6E66AB+S9F4zHDAwCtfqZc579xCRN+5q7YOxMmHLO17iON735A970+QDP7UxJhM0apUljmJi
 Yj0DK31CA==
X-HalOne-ID: 5cccff3b-be46-11f0-a9ee-81a63d10fb2d
Message-ID: <ee5913bd-4d57-4e39-b7d5-6f99862a10cb@canarybit.eu>
Date: Mon, 10 Nov 2025 16:03:07 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: pve-devel@lists.proxmox.com
References: <20251028125459.287308-1-anton.iacobaeus@canarybit.eu>
Content-Language: en-US
From: Anton Iacobaeus <anton.iacobaeus@canarybit.eu>
In-Reply-To: <20251028125459.287308-1-anton.iacobaeus@canarybit.eu>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.398 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain DMARC_MISSING             0.1 Missing DMARC policy
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: Re: [pve-devel] [PATCH edk2-firmware/manager/qemu-server v3 0/9]
 Add support for Intel TDX
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Hi,

I understand review time can vary but just wanted to check on the status
of this series. Seems like it got formatted incorrectly in the archives,
but it looks fine in my mail client. If a resend or other clarifications
is needed before review I am happy to do so.

On 10/28/25 13:54, Anton Iacobaeus wrote:
> This patches series adds support for launching Intel TDX confidential
> VMs via QEMU. Basic attestation support is also added.
> 
> Intel TDX requires QEMU >= v10.1 and kernel >= 6.16. A TDX compatible
> CPU is also required, with TDX enabled in the BIOS. Attestation also
> requires a running Quote Generation Service (QGS) on the host (or
> dedicated VM) connected to a Provisioning Certificate Caching Service
> (PCCS), more information can be found at:
> https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/02/infrastructure_setup/
> 
> Only a subset of the possible socket types are implemented with this
> patch. Ideally the SocketAddress object as defined in QEMU would be
> fully implemented, but for the sake of TDX this is not neccessary. More
> information at:
> https://www.qemu.org/docs/master/interop/qemu-storage-daemon-qmp-ref.html#object-QSD-sockets.SocketAddress
> 
> The TDX object can also be extended with additional configuration
> options, but these are not neccessary for regular usage of TDX. More
> information available at:
> https://www.qemu.org/docs/master/interop/qemu-storage-daemon-qmp-ref.html#object-QSD-qom.TdxGuestProperties
> 
> Future work can build upon this patch to improve these shortcomings.
> 
> Thanks to Fiona for the review.
> 
> Changes since v2: https://lists.proxmox.com/pipermail/pve-devel/2025-October/075766.html
> * Fixed nits and formatting
> * Added reasoning for firmware Config-B
> * Added reasoning for kernel_irqchip=split
> * Added support for configuration of the quote-generation-socket for attestation.
> 
> pve-edk2-firmware:
> 
> Philipp Giersfeld (3):
>    Change name of SEV-related OVMF files
>    Add firmware target for TDFV
>    Add SCSI in NCCFV for TD guest
> 
>   .../patches/Enable_SCSI_IntelTdx_DXEFV.patch  | 52 ++++++++++++++++
>   debian/patches/series                         |  1 +
>   debian/pve-edk2-firmware-ovmf.install         |  7 ++-
>   debian/pve-edk2-firmware-ovmf.links           |  3 +
>   debian/rules                                  | 59 +++++++++++++------
>   5 files changed, 100 insertions(+), 22 deletions(-)
>   create mode 100644 debian/patches/Enable_SCSI_IntelTdx_DXEFV.patch
>   create mode 100644 debian/pve-edk2-firmware-ovmf.links
> 
>   pve-manager:
>   
>   Anton Iacobaeus (1):
>     Add support for TDX attestation
>   
>   Philipp Giersfeld (1):
>     Add support for Intel TDX
>   
>    www/manager6/Makefile        |   1 +
>    www/manager6/qemu/Options.js |  12 +++
>    www/manager6/qemu/TdxEdit.js | 194 +++++++++++++++++++++++++++++++++++
>    3 files changed, 207 insertions(+)
>    create mode 100644 www/manager6/qemu/TdxEdit.js
>   
> qemu-server:
> 
> Anton Iacobaeus (1):
>    Add support for TDX quote-generation-socket object
> 
> Philipp Giersfeld (3):
>    Adapt AMD SEV code for compatibility with other platforms
>    Add check for TDX support
>    Add support for Intel TDX
> 
>   src/PVE/API2/Qemu.pm                          |   6 +-
>   src/PVE/QemuMigrate/Helpers.pm                |   1 +
>   src/PVE/QemuServer.pm                         |  28 +++-
>   src/PVE/QemuServer/CPUConfig.pm               | 129 ++++++++++++++++--
>   src/PVE/QemuServer/OVMF.pm                    |  53 ++++---
>   .../query-machine-capabilities.c              |  98 +++++++++++--
>   src/test/cfg2cmd/sev-es.conf.cmd              |   2 +-
>   src/test/cfg2cmd/sev-snp.conf.cmd             |   2 +-
>   src/test/cfg2cmd/sev-std.conf.cmd             |   2 +-
>   src/usr/modules-load.conf                     |   1 +
>   10 files changed, 270 insertions(+), 52 deletions(-)
>    

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel