Re: [PATCH] Add query-tdx-capabilities

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: marcandre.lureau@redhat.com,  qemu-devel@nongnu.org,
	 Eric Blake <eblake@redhat.com>,
	 Paolo Bonzini <pbonzini@redhat.com>,
	 Marcelo Tosatti <mtosatti@redhat.com>,
	 "open list:X86 KVM CPUs" <kvm@vger.kernel.org>
Subject: Re: [PATCH] Add query-tdx-capabilities
Date: Fri, 09 Jan 2026 11:29:47 +0100	[thread overview]
Message-ID: <87cy3jkrj8.fsf@pond.sub.org> (raw)
In-Reply-To: <aWDTXvXxPRj2fs2b@redhat.com> ("Daniel P. Berrangé"'s message of "Fri, 9 Jan 2026 10:07:26 +0000")

Daniel P. Berrangé <berrange@redhat.com> writes:

> On Fri, Jan 09, 2026 at 11:01:27AM +0100, Markus Armbruster wrote:
>> Daniel P. Berrangé <berrange@redhat.com> writes:
>> 
>> > On Fri, Jan 09, 2026 at 10:30:32AM +0100, Markus Armbruster wrote:
>> >> Daniel P. Berrangé <berrange@redhat.com> writes:
>> >> 
>> >> > On Tue, Jan 06, 2026 at 10:36:20PM +0400, marcandre.lureau@redhat.com wrote:
>> >> >> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>> >> >> 
>> >> >> Return an empty TdxCapability struct, for extensibility and matching
>> >> >> query-sev-capabilities return type.
>> >> >> 
>> >> >> Fixes: https://issues.redhat.com/browse/RHEL-129674
>> >> >> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> 
>> [...]
>> 
>> >> > This matches the conceptual design used with query-sev-capabilities,
>> >> > where the lack of SEV support has to be inferred from the command
>> >> > returning "GenericError".
>> >> 
>> >> Such guesswork is brittle.  An interface requiring it is flawed, and
>> >> should be improved.
>> >> 
>> >> Our SEV interface doesn't actually require it: query-sev tells you
>> >> whether we have SEV.  Just run that first.
>> >
>> > Actually these commands are intended for different use cases.
>> >
>> > "query-sev" only returns info if you have launched qemu with
>> >
>> >   $QEMU -object sev-guest,id=cgs0  -machine confidential-guest-support=cgs0
>> >
>> > The goal of "query-sev-capabilities" is to allow you to determine
>> > if the combination of host+kvm+qemu are capable of running a guest
>> > with "sev-guest".
>> >
>> > IOW, query-sev-capabilities alone is what you want/need in order
>> > to probe host features.
>> >
>> > query-sev is for examining running guest configuration
>> 
>> The doc comments fail to explain this.  Needs fixing.
>> 
>> Do management applications need to know more than "this combination of
>> host + KVM + QEMU can do SEV, yes / no?
>> 
>> If yes, what do they need?  "No" split up into serval "No, because X"?
>
> When libvirt runs  query-sev-capabilities it does not care about the
> reason for it being unsupported.   Any "GenericError" is considered
> to mark the lack of host support, and no fine grained checks are
> performed on the err msg.
>
> If query-sev-capabilities succeeds (indicating SEV is supported), then
> all the returned info is exposed to mgmt apps in the libvirt domain
> capabilities XML document.

So query-sev-capabilities is good enough as is?

If yes, then the proposed query-tdx-capabilities should also be good
enough, shouldn't it?

next prev parent reply	other threads:[~2026-01-09 10:29 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-06 18:36 [PATCH] Add query-tdx-capabilities marcandre.lureau
2026-01-07 10:27 ` Daniel P. Berrangé
2026-01-09  9:30   ` Markus Armbruster
2026-01-09  9:37     ` Daniel P. Berrangé
2026-01-09 10:01       ` Markus Armbruster
2026-01-09 10:07         ` Daniel P. Berrangé
2026-01-09 10:29           ` Markus Armbruster [this message]
2026-01-09 10:38             ` Daniel P. Berrangé
2026-01-09 12:26               ` Markus Armbruster
2026-01-26 15:20                 ` Marc-André Lureau
2026-02-03  7:03                   ` Markus Armbruster
2026-02-09 14:01                     ` Daniel P. Berrangé
2026-02-09 13:55                 ` Marc-André Lureau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87cy3jkrj8.fsf@pond.sub.org \
    --to=armbru@redhat.com \
    --cc=berrange@redhat.com \
    --cc=eblake@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=marcandre.lureau@redhat.com \
    --cc=mtosatti@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox