-
Notifications
You must be signed in to change notification settings - Fork 31
Home
yamahata edited this page May 14, 2022
·
15 revisions
You need the four following component, TDX KVM, TDX qemu, TDX guest and TDVF(guest OS).
- [TDX KVM] https://github.com/intel/tdx/tree/kvm-upstream
- [TDX qemu] https://github.com/intel/qemu-tdx/tree/tdx-upstream
- [TDX guest] https://github.com/intel/tdx/tree/guest-upstream
- [TDVF] https://github.com/tianocore/edk2-staging/tree/TDVF
- [TDX KVM] https://github.com/intel/tdx/tree/kvm-upstream-workaround
- [TDX qemu] https://github.com/intel/qemu-tdx/tree/tdx-upstream-wip
- [TDX guest] https://github.com/intel/tdx/tree/guest-upstream
- [TDVF] https://github.com/tianocore/edk2-staging/tree/TDVF
- https://github.com/intel/tdx/tree/kvm-upstream The tree that includes patches sent for upstreaming. So some features can be missing. This is based on host-upstream branch. tag: kvm-upstream--
- https://github.com/intel/tdx/tree/kvm-upstream-workaround kvm-upstreaming + more patches for future submission to upstream. E.g. PMU support, off-TD debug, UPM support. tag: kvm-upstream---workaround
- https://github.com/intel/tdx/tree/host-upstream the branch that includes x86 TDX host patches.
- https://github.com/intel/tdx/tree/kvm old branches. corresonding tags is a format of tdx-kvm-- e.g. tdx-kvm-2021.11.24-v5.16-rc1 This tree is being deprecated.
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/?h=kvm-tdx-5.17 The tree that includes posted patches for v5.17
enable following configs
- CONFIG_INTEL_TDX_HOST=y
- CONFIG_KVM=y
- CONFIG_KVM_INTEL
- CONFIG_KVM_MMU_PRIVATE=y
- https://github.com/intel/qemu-tdx/tree/tdx-upstream The tree that includes patches for upstreaming. This corresponds to kvm-upstream repo. tag: tdx-upstream-
- https://github.com/intel/qemu-tdx/tree/tdx-upstream-wip tdx-upstream + more patches for future submission. E.g. off-TD debug, UPM.
- https://github.com/intel/qemu-tdx/tree/tdx The old tree. This branch is being deprecated. tag: tdx-qemu--
- configure --enable-kvm --target-list=x86_64-softmmu
- create TDX confidential computing object
- specify KVM (and KVM vm_type)
- specify q35 chipset
- specify TDVF as guest BIOS
- specify split ircqhip
- disable PIC and PIT
-
for tdx-upstream qemu-system-x86_64
-object tdx-guest,id=tdx0,debug=off,sept-ve-disable=on
-machine confidential-guest-support=tdx0
-machine q35,accel=kvm
-bios ${PATH_TO_TDVF}
-machine kernel-irqchip=split,pic=off,pit=off
(add more qemu command line you want) -
for tdx -object tdx-guest,id=tdx0,debug=off,sept-ve-disable=on
-machine confidential-guest-support=tdx0
-machine q35,accel=kvm,kvm-type=tdx
-device loader,file=${OVMF}
-machine kernel-irqchip=split,pic=off,pit=off
If UPM is wanted
- UPM (Unmapping Process Memory): create memfd-private backend
-object memory-backend-memfd-private,id=ram1,size=${MEM}
-machine memory-backend=ram1
- https://github.com/intel/tdx/tree/guest-upstream This tree that includes patches for upstreaming
- https://github.com/intel/tdx/tree/guest This tree is stable but old.
- CONFIG_INTEL_TDX_GUEST=y
- CONFIG_INTEL_TDX_ATTESTATION=y
- https://github.com/tianocore/edk2-staging/tree/TDVF Upstreaming tree.
- https://github.com/tianocore/edk2 EKD2 master branch. Some TDVF features has been merged.
Please refer to https://github.com/tianocore/edk2-staging/blob/TDVF/README.md