[PATCH 0/5] qemu-optios: Fix, cleanup and add description of tdx-guest

[PATCH 0/5] qemu-optios: Fix, cleanup and add description of tdx-guest

[Xiaoyao Li]

Patch 1 is the fix to generated doc html.

Patch 2-4 are the cleanup of memory-encryption

Patch 5 add description of tdx-guest.

Xiaoyao Li (5):
  qemu-options: Move sgx-epc options from "M" to "machine"
  i386/sev: Remove the example that references memory-encryption
  qemu-options: Change memory-encryption to confidential-guest-support
    in the example
  qemu-options: Add confidential-guest-support to machine options
  qemu-options: Add description of tdx-guest object

 qemu-options.hx   | 66 ++++++++++++++++++++++++++++++++++++++---------
 target/i386/sev.c |  4 ---
 2 files changed, 54 insertions(+), 16 deletions(-)

-- 
2.43.0

[PATCH 1/5] qemu-options: Move sgx-epc options from "M" to "machine"

[Xiaoyao Li]

It's weird to only put sgx-epc option in "M" while leaving others to
"machine". Besides currently in qemu-manpage.html, the "sgx-epc" option
is listed at the same level of "-machine", which looks incorrect.

Move "sgx-epc" ontion to "-machine" to address all above.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 qemu-options.hx | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 1f862b19a676..740323f22bc2 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -43,7 +43,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
 #endif
     "                memory-backend='backend-id' specifies explicitly provided backend for main RAM (default=none)\n"
     "                cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]\n"
-    "                smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n",
+    "                smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n"
+    "                sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n",
     QEMU_ARCH_ALL)
 SRST
 ``-machine [type=]name[,prop=value[,...]]``
@@ -200,17 +201,13 @@ SRST
         ::
 
             -machine smp-cache.0.cache=l1d,smp-cache.0.topology=core,smp-cache.1.cache=l1i,smp-cache.1.topology=core
-ERST
-
-DEF("M", HAS_ARG, QEMU_OPTION_M,
-    "                sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n",
-    QEMU_ARCH_ALL)
 
-SRST
-``sgx-epc.0.memdev=@var{memid},sgx-epc.0.node=@var{numaid}``
-    Define an SGX EPC section.
+    ``sgx-epc.0.memdev=@var{memid},sgx-epc.0.node=@var{numaid}``
+        Define an SGX EPC section.
 ERST
 
+DEF("M", HAS_ARG, QEMU_OPTION_M, "", QEMU_ARCH_ALL)
+
 DEF("cpu", HAS_ARG, QEMU_OPTION_cpu,
     "-cpu cpu        select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL)
 SRST
-- 
2.43.0

Re: [PATCH 1/5] qemu-options: Move sgx-epc options from "M" to "machine"

[Daniel P. Berrangé]

On Mon, Jul 14, 2025 at 05:19:49PM +0800, Xiaoyao Li wrote:
> It's weird to only put sgx-epc option in "M" while leaving others to
> "machine". Besides currently in qemu-manpage.html, the "sgx-epc" option
> is listed at the same level of "-machine", which looks incorrect.
> 
> Move "sgx-epc" ontion to "-machine" to address all above.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  qemu-options.hx | 15 ++++++---------
>  1 file changed, 6 insertions(+), 9 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH 2/5] i386/sev: Remove the example that references memory-encryption

[Xiaoyao Li]

"confidential-guest-support" is the recommended property to configure
sev for the machine, and amd-memory-encryption.rst has already switched
to use "confidential-guest-support" in the example.

Instead of changing "memory-encryption" to "confidential-guest-support"
in the comment of struct SevGuestState, just drop the example for
simplicity.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/sev.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 1a12f0671cc6..b1831e9ab14e 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -131,10 +131,6 @@ struct SevCommonStateClass {
  *
  * The SevGuestState object is used for creating and managing a SEV
  * guest.
- *
- * # $QEMU \
- *         -object sev-guest,id=sev0 \
- *         -machine ...,memory-encryption=sev0
  */
 struct SevGuestState {
     SevCommonState parent_obj;
-- 
2.43.0

Re: [PATCH 2/5] i386/sev: Remove the example that references memory-encryption

[Daniel P. Berrangé]

On Mon, Jul 14, 2025 at 05:19:50PM +0800, Xiaoyao Li wrote:
> "confidential-guest-support" is the recommended property to configure
> sev for the machine, and amd-memory-encryption.rst has already switched
> to use "confidential-guest-support" in the example.
> 
> Instead of changing "memory-encryption" to "confidential-guest-support"
> in the comment of struct SevGuestState, just drop the example for
> simplicity.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  target/i386/sev.c | 4 ----
>  1 file changed, 4 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH 3/5] qemu-options: Change memory-encryption to confidential-guest-support in the example

[Xiaoyao Li]

"confidential-guest-support" is the recommended property instead of
"memory-encryption". Switch to "confidential-guest-support" in the
example of sev-guest.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 qemu-options.hx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 740323f22bc2..27b7b79c6cad 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5986,7 +5986,7 @@ SRST
              # |qemu_system_x86| \\
                  ...... \\
                  -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \\
-                 -machine ...,memory-encryption=sev0 \\
+                 -machine ...,confidential-guest-support=sev0 \\
                  .....
 
     ``-object authz-simple,id=id,identity=string``
-- 
2.43.0

Re: [PATCH 3/5] qemu-options: Change memory-encryption to confidential-guest-support in the example

[Daniel P. Berrangé]

On Mon, Jul 14, 2025 at 05:19:51PM +0800, Xiaoyao Li wrote:
> "confidential-guest-support" is the recommended property instead of
> "memory-encryption". Switch to "confidential-guest-support" in the
> example of sev-guest.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  qemu-options.hx | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH 3/5] qemu-options: Change memory-encryption to confidential-guest-support in the example

[Daniel P. Berrangé]

On Fri, Sep 12, 2025 at 09:17:35AM +0100, Daniel P. Berrangé wrote:
> On Mon, Jul 14, 2025 at 05:19:51PM +0800, Xiaoyao Li wrote:
> > "confidential-guest-support" is the recommended property instead of
> > "memory-encryption". Switch to "confidential-guest-support" in the
> > example of sev-guest.
> > 
> > Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> > ---
> >  qemu-options.hx | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Incidentally, how about adding another patch that declares 'memory-encryption'
as deprecated (print a warning to stderr if used, and add note to
docs/about/deprecated.rst).

We've had 'confidential-guest-support' for long enough that no one should
be using 'memory-encryption' anymore, so it is time to start the clock
for its removal.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH 3/5] qemu-options: Change memory-encryption to confidential-guest-support in the example

[Xiaoyao Li]

On 9/12/2025 4:23 PM, Daniel P. Berrangé wrote:
> On Fri, Sep 12, 2025 at 09:17:35AM +0100, Daniel P. Berrangé wrote:
>> On Mon, Jul 14, 2025 at 05:19:51PM +0800, Xiaoyao Li wrote:
>>> "confidential-guest-support" is the recommended property instead of
>>> "memory-encryption". Switch to "confidential-guest-support" in the
>>> example of sev-guest.
>>>
>>> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
>>> ---
>>>   qemu-options.hx | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> Incidentally, how about adding another patch that declares 'memory-encryption'
> as deprecated (print a warning to stderr if used, and add note to
> docs/about/deprecated.rst).
> 
> We've had 'confidential-guest-support' for long enough that no one should
> be using 'memory-encryption' anymore, so it is time to start the clock
> for its removal.

Sure, I will add an additional patch to deprecate "memory-encryption".

And thanks for reviewing the series!

> 
> With regards,
> Daniel

[PATCH 4/5] qemu-options: Add confidential-guest-support to machine options

[Xiaoyao Li]

"confidential-guest-support" is the recommended property to configure
machine with confidential computing technology instead of
"memory-encryption".

Add "confidential-guest-support" to machine options and call out
explicitly "memory-encryption" is the alias of it and not recommended.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 qemu-options.hx | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 27b7b79c6cad..5c400114c2e5 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -36,7 +36,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
     "                dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n"
     "                suppress-vmdesc=on|off disables self-describing migration (default=off)\n"
     "                nvdimm=on|off controls NVDIMM support (default=off)\n"
-    "                memory-encryption=@var{} memory encryption object to use (default=none)\n"
+    "                confidential-guest-support='object-id' specifies confidential guest support object (default=none)\n"
+    "                memory-encryption='object-id' (memory-encryption is the alias of confidential-guest-support, recommend to use confidential-guest-support)\n"
     "                hmat=on|off controls ACPI HMAT support (default=off)\n"
 #ifdef CONFIG_POSIX
     "                aux-ram-share=on|off allocate auxiliary guest RAM as shared (default: off)\n"
@@ -99,8 +100,12 @@ SRST
     ``nvdimm=on|off``
         Enables or disables NVDIMM support. The default is off.
 
+    ``confidential-guest-support=``
+        confidential guest support object to use. The default is none.
+
     ``memory-encryption=``
-        Memory encryption object to use. The default is none.
+        The alias of ``confidential-guest-support``. Recommend to use
+        confidential-guest-support.
 
     ``hmat=on|off``
         Enables or disables ACPI Heterogeneous Memory Attribute Table
-- 
2.43.0

Re: [PATCH 4/5] qemu-options: Add confidential-guest-support to machine options

[Daniel P. Berrangé]

On Mon, Jul 14, 2025 at 05:19:52PM +0800, Xiaoyao Li wrote:
> "confidential-guest-support" is the recommended property to configure
> machine with confidential computing technology instead of
> "memory-encryption".
> 
> Add "confidential-guest-support" to machine options and call out
> explicitly "memory-encryption" is the alias of it and not recommended.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  qemu-options.hx | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH 5/5] qemu-options: Add description of tdx-guest object

[Xiaoyao Li]

Add description of tdx-guest object so that QEMU doc page can have the
description.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 qemu-options.hx | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/qemu-options.hx b/qemu-options.hx
index 5c400114c2e5..50c7874bbce9 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5994,6 +5994,46 @@ SRST
                  -machine ...,confidential-guest-support=sev0 \\
                  .....
 
+    ``-object tdx-guest,id=id,[attributes=attrs,sept-ve-disable=on|off,mrconfigid=sha384_digest,mrowner=sha384_digest,mrownerconfig=sha384_digest,quote-generation-socket=socketaddr]``
+        Create an Intel Trusted Domain eXtensions (TDX) guest object, which is
+        the type of ``confidentiala-guest-support`` object. When pass the object
+        ID to machine's ``confidentiala-guest-support`` property, it can create
+        a TDX guest.
+
+        The ``attributes`` is a 64-bit integer, which specifies the TD
+        attributes of the TD.
+
+        The ``sept-ve-disable`` controls the bit 28 of TD attributes
+        specifically. When it's on, the EPT violation conversion to #VE on
+        guest access of PENDING pages is disabled. Some guest OS (e.g., Linux
+        TD guest) may require this to be set, otherwise they refuse to boot.
+        The default value is on.
+
+        The ``mrconfigid`` is base64 encoded SHA384 digest, which provides the
+        ID for non-owner-defined configuration of the guest TD, e.g., run-time
+        or OS configuration. The default value is all zeros.
+
+        The ``mrowner`` is base64 encoded SHA384 digest, which provides the ID
+        for guest TD's owner. The default value is all zeros.
+
+        The ``mrownerconfig`` is base64 encoded SHA384 digest, which provides
+        the ID for owner-defined configuration of the guest TD, e.g., the
+        configuration specific to the workload rather than the run-time of OS.
+        The default value is all zeros.
+
+        The ``quote-generation-socket`` specifies the socket address of the
+        Quote Generation Service (QGS). QGS is a daemon running on the host.
+        QEMU forwards the <GetQuote> request from TD guest to QGS and sents the
+        reply (which contains generated QUOTE on success) from QGS to guest TD.
+
+        .. parsed-literal::
+
+             # |qemu_system_x86| \\
+                 ... \\
+                 -object tdx-guest,id=tdx0, \\
+                 -machine ...,confidential-guest-support=tdx0 \\
+                 ...
+
     ``-object authz-simple,id=id,identity=string``
         Create an authorization object that will control access to
         network services.
-- 
2.43.0

Re: [PATCH 5/5] qemu-options: Add description of tdx-guest object

[Daniel P. Berrangé]

On Mon, Jul 14, 2025 at 05:19:53PM +0800, Xiaoyao Li wrote:
> Add description of tdx-guest object so that QEMU doc page can have the
> description.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  qemu-options.hx | 40 ++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 40 insertions(+)
> 
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 5c400114c2e5..50c7874bbce9 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -5994,6 +5994,46 @@ SRST
>                   -machine ...,confidential-guest-support=sev0 \\
>                   .....
>  
> +    ``-object tdx-guest,id=id,[attributes=attrs,sept-ve-disable=on|off,mrconfigid=sha384_digest,mrowner=sha384_digest,mrownerconfig=sha384_digest,quote-generation-socket=socketaddr]``
> +        Create an Intel Trusted Domain eXtensions (TDX) guest object, which is
> +        the type of ``confidentiala-guest-support`` object. When pass the object
> +        ID to machine's ``confidentiala-guest-support`` property, it can create

Typo  in 'confidentiala' (both lines)

> +        a TDX guest.
> +
> +        The ``attributes`` is a 64-bit integer, which specifies the TD

"The ``attributes`` property is..."

> +        attributes of the TD.
> +
> +        The ``sept-ve-disable`` controls the bit 28 of TD attributes

"Ths ``sept-ve-disable`` property controls..."

> +        specifically. When it's on, the EPT violation conversion to #VE on
> +        guest access of PENDING pages is disabled. Some guest OS (e.g., Linux
> +        TD guest) may require this to be set, otherwise they refuse to boot.
> +        The default value is on.
> +
> +        The ``mrconfigid`` is base64 encoded SHA384 digest, which provides the

...add the word 'property' after the property name, and again in
the lines below

> +        ID for non-owner-defined configuration of the guest TD, e.g., run-time
> +        or OS configuration. The default value is all zeros.
> +
> +        The ``mrowner`` is base64 encoded SHA384 digest, which provides the ID
> +        for guest TD's owner. The default value is all zeros.
> +
> +        The ``mrownerconfig`` is base64 encoded SHA384 digest, which provides
> +        the ID for owner-defined configuration of the guest TD, e.g., the
> +        configuration specific to the workload rather than the run-time of OS.
> +        The default value is all zeros.
> +
> +        The ``quote-generation-socket`` specifies the socket address of the
> +        Quote Generation Service (QGS). QGS is a daemon running on the host.
> +        QEMU forwards the <GetQuote> request from TD guest to QGS and sents the
> +        reply (which contains generated QUOTE on success) from QGS to guest TD.
> +
> +        .. parsed-literal::
> +
> +             # |qemu_system_x86| \\
> +                 ... \\
> +                 -object tdx-guest,id=tdx0, \\
> +                 -machine ...,confidential-guest-support=tdx0 \\
> +                 ...

I'd suggest making the example include 'quote-generation-socket'
too as that usage is non-obvious to users unless familiar with
QMP.

> +
>      ``-object authz-simple,id=id,identity=string``
>          Create an authorization object that will control access to
>          network services.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH 0/5] qemu-optios: Fix, cleanup and add description of tdx-guest

[Xiaoyao Li]

On 7/14/2025 5:19 PM, Xiaoyao Li wrote:
> Patch 1 is the fix to generated doc html.
> 
> Patch 2-4 are the cleanup of memory-encryption
> 
> Patch 5 add description of tdx-guest.

get_maintainer.pl doesn't provide me the maintainer of qemu-options.hx.

I have to send the series to the folks I'm familiar with in the QEMU 
community. Hope you can help cc the correct people.

> Xiaoyao Li (5):
>    qemu-options: Move sgx-epc options from "M" to "machine"
>    i386/sev: Remove the example that references memory-encryption
>    qemu-options: Change memory-encryption to confidential-guest-support
>      in the example
>    qemu-options: Add confidential-guest-support to machine options
>    qemu-options: Add description of tdx-guest object
> 
>   qemu-options.hx   | 66 ++++++++++++++++++++++++++++++++++++++---------
>   target/i386/sev.c |  4 ---
>   2 files changed, 54 insertions(+), 16 deletions(-)
> 

Re: [PATCH 0/5] qemu-optios: Fix, cleanup and add description of tdx-guest

[Xiaoyao Li]

On 7/14/2025 5:19 PM, Xiaoyao Li wrote:
> Patch 1 is the fix to generated doc html.
> 
> Patch 2-4 are the cleanup of memory-encryption
> 
> Patch 5 add description of tdx-guest.

Gentle ping.

Appreciated if anyone could help cc the folks who are responsible for 
the qemu-option but I missed to cc.

> Xiaoyao Li (5):
>    qemu-options: Move sgx-epc options from "M" to "machine"
>    i386/sev: Remove the example that references memory-encryption
>    qemu-options: Change memory-encryption to confidential-guest-support
>      in the example
>    qemu-options: Add confidential-guest-support to machine options
>    qemu-options: Add description of tdx-guest object
> 
>   qemu-options.hx   | 66 ++++++++++++++++++++++++++++++++++++++---------
>   target/i386/sev.c |  4 ---
>   2 files changed, 54 insertions(+), 16 deletions(-)
>