On Mon, Jun 23, 2025 at 4:37 PM Cédric Le Goater <[email protected]> wrote: > > On 6/23/25 20:57, Stefan Hajnoczi wrote: > > On Mon, Jun 23, 2025 at 9:09 AM Daniel P. Berrangé <[email protected]> > > wrote: > >> > >> On Mon, Jun 23, 2025 at 09:04:33AM -0400, Stefan Hajnoczi wrote: > >>> On Mon, Jun 23, 2025 at 4:04 AM Daniel P. Berrangé <[email protected]> > >>> wrote: > >>>> > >>>> On Mon, Jun 23, 2025 at 03:03:19PM +0800, Xiaoyao Li wrote: > >>>>> On 6/23/2025 2:43 PM, Cédric Le Goater wrote: > >>>>>> Hello, > >>>>>> > >>>>>> On 6/20/25 18:40, Paolo Bonzini wrote: > >>>>>>> From: Isaku Yamahata <[email protected]> > >>>>>>> > >>>>>>> Add property "quote-generation-socket" to tdx-guest, which is a > >>>>>>> property > >>>>>>> of type SocketAddress to specify Quote Generation Service(QGS). > >>>>>>> > >>>>>>> On request of GetQuote, it connects to the QGS socket, read request > >>>>>>> data from shared guest memory, send the request data to the QGS, > >>>>>>> and store the response into shared guest memory, at last notify > >>>>>>> TD guest by interrupt. > >>>>>>> > >>>>>>> command line example: > >>>>>>> qemu-system-x86_64 \ > >>>>>>> -object '{"qom-type":"tdx-guest","id":"tdx0","quote-generation- > >>>>>>> socket":{"type":"unix", "path":"/var/run/tdx-qgs/qgs.socket"}}' \ > >>>>>>> -machine confidential-guest-support=tdx0 > >>>>>>> > >>>>>>> Note, above example uses the unix socket. It can be other types, > >>>>>>> like vsock, > >>>>>>> which depends on the implementation of QGS. > >>>>>>> > >>>>>>> To avoid no response from QGS server, setup a timer for the > >>>>>>> transaction. > >>>>>>> If timeout, make it an error and interrupt guest. Define the > >>>>>>> threshold of > >>>>>>> time to 30s at present, maybe change to other value if not > >>>>>>> appropriate. > >>>>>>> > >>>>>>> Signed-off-by: Isaku Yamahata <[email protected]> > >>>>>>> Co-developed-by: Chenyi Qiang <[email protected]> > >>>>>>> Signed-off-by: Chenyi Qiang <[email protected]> > >>>>>>> Co-developed-by: Xiaoyao Li <[email protected]> > >>>>>>> Signed-off-by: Xiaoyao Li <[email protected]> > >>>>>>> Tested-by: Xiaoyao Li <[email protected]> > >>>>>>> Signed-off-by: Paolo Bonzini <[email protected]> > >>>>>>> --- > >>>>>>> qapi/qom.json | 8 +- > >>>>>>> target/i386/kvm/tdx-quote-generator.h | 82 +++++++ > >>>>>>> target/i386/kvm/tdx.h | 10 + > >>>>>>> target/i386/kvm/kvm.c | 3 + > >>>>>>> target/i386/kvm/tdx-quote-generator.c | 300 > >>>>>>> ++++++++++++++++++++++++++ > >>>>>>> target/i386/kvm/tdx-stub.c | 4 + > >>>>>>> target/i386/kvm/tdx.c | 176 ++++++++++++++- > >>>>>>> target/i386/kvm/meson.build | 2 +- > >>>>>>> 8 files changed, 582 insertions(+), 3 deletions(-) > >>>>>>> create mode 100644 target/i386/kvm/tdx-quote-generator.h > >>>>>>> create mode 100644 target/i386/kvm/tdx-quote-generator.c > >>>>>> > >>>>>> These changes broke the build on 32-bit host. > >>>>>> > >>>>>> Could you please send a patch to avoid compiling TDX in such > >>>>>> environment ? > >>>>> > >>>>> Paolo is on vacation. > >>>>> > >>>>> I would like to help, but I don't have 32-bit host environment on hand. > >>>>> Do > >>>>> you know how to set up such environment quickly? (I tried to set up > >>>>> within a > >>>>> 32-bit VM but the 32-bit OS is too old and I didn't get it work to > >>>>> install > >>>>> the required package for building QEMU) > >>>> > >>>> You should be able to use QEMU's docker containers to get yourself a > >>>> Debian i386 container, on a x86_64 host. > >>> > >>> The cross-i686-system (Debian) build CI job succeeded: > >>> https://gitlab.com/qemu-project/qemu/-/jobs/10423776600 > >>> > >>> I wonder why the CI didn't catch the issue? > >> > >> It didn't build the x86_64 target: > >> > >> --target-list-exclude="arm-softmmu i386-softmmu microblaze-softmmu > >> mips-softmmu mipsel-softmmu mips64-softmmu ppc-softmmu riscv32-softmmu > >> sh4-softmmu sparc-softmmu xtensa-softmmu $CROSS_SKIP_TARGETS" > >> > >> so in turn didn't build any TDX code > > > > Here are the targets that were built by the CI job: > > > > target list : avr-softmmu m68k-softmmu microblazeel-softmmu > > or1k-softmmu rx-softmmu sh4eb-softmmu tricore-softmmu xtensaeb-softmmu > > > > 64-bit targets are not supported on 32-bit hosts since commit > > acce728cbc6c ("meson: Disallow 64-bit on 32-bit emulation"). I don't > > think the x86_64 target can be built on 32-bit hosts. > > > > But notice that i386-softmmu is missing from the target list. That > > could be why the CI job succeeded. > > > > Cédric: What were your ./configure options? > > Just : > > --target-list=arm-softmmu,ppc-softmmu,i386-softmmu
cross-i686-tci builds i386-softmmu on debian-i686-cross with --disable-kvm, but the TDX code isn't compiled: https://gitlab.com/qemu-project/qemu/-/jobs/10440424393 A new CI job could be added to cover TDX on 32-bit hosts if you think it's worthwhile. Maybe it's a corner case and not worth spending CI cycles on? Stefan
