config: Add configuration for QEMU TDX

As the QEMU configuration for TDX differs quite a lot from the normal QEMU configuration, let's add a new configuration file for the QEMU TDX. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2026-01-24 00:34:21 +01:00 · 2023-03-23 08:42:06 +01:00
parent 3e15800199
commit 98682805be
3 changed files with 726 additions and 0 deletions
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -95,6 +95,7 @@ GENERATED_VARS = \
 		VERSION \
 		CONFIG_ACRN_IN \
 		CONFIG_QEMU_IN \
+		CONFIG_QEMU_TDX_IN \
 		CONFIG_CLH_IN \
 		CONFIG_FC_IN \
 		$(USER_VARS)
@@ -121,6 +122,9 @@ DEFROOTFSTYPE := $(ROOTFSTYPE_EXT4)
 FIRMWAREPATH :=
 FIRMWAREVOLUMEPATH :=

+FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF.fd
+FIRMWARETDVFVOLUMEPATH :=
+
 # Name of default configuration file the runtime will use.
 CONFIG_FILE = configuration.toml

@@ -138,6 +142,9 @@ HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVIS
 QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD)
 QEMUVALIDHYPERVISORPATHS := [\"$(QEMUPATH)\"]

+QEMUTDXPATH := $(QEMUBINDIR)/$(QEMUTDXCMD)
+QEMUTDXVALIDHYPERVISORPATHS := [\"$(QEMUTDXPATH)\"]
+
 QEMUVIRTIOFSPATH := $(QEMUBINDIR)/$(QEMUVIRTIOFSCMD)

 CLHPATH := $(CLHBINDIR)/$(CLHCMD)
@@ -195,6 +202,7 @@ DEFVALIDENTROPYSOURCES := [\"/dev/urandom\",\"/dev/random\",\"\"]
 DEFDISABLEBLOCK := false
 DEFSHAREDFS_CLH_VIRTIOFS := virtio-fs
 DEFSHAREDFS_QEMU_VIRTIOFS := virtio-fs
+DEFSHAREDFS_QEMU_TDX_VIRTIOFS := virtio-9p
 DEFVIRTIOFSDAEMON := $(LIBEXECDIR)/virtiofsd
 ifeq ($(ARCH),ppc64le)
 DEFVIRTIOFSDAEMON := $(LIBEXECDIR)/qemu/virtiofsd
@@ -265,13 +273,30 @@ ifneq (,$(QEMUCMD))

    CONFIGS += $(CONFIG_QEMU)

+    CONFIG_FILE_QEMU_TDX = configuration-qemu-tdx.toml
+    CONFIG_QEMU_TDX = config/$(CONFIG_FILE_QEMU_TDX)
+    CONFIG_QEMU_TDX_IN = $(CONFIG_QEMU_TDX).in
+
+    CONFIG_PATH_QEMU_TDX = $(abspath $(CONFDIR)/$(CONFIG_FILE_QEMU_TDX))
+    CONFIG_PATHS += $(CONFIG_PATH_QEMU_TDX)
+
+    SYSCONFIG_QEMU_TDX = $(abspath $(SYSCONFDIR)/$(CONFIG_FILE_QEMU_TDX))
+    SYSCONFIG_PATHS_TDX += $(SYSCONFIG_QEMU_TDX)
+
+    CONFIGS += $(CONFIG_QEMU_TDX)
+
    # qemu-specific options (all should be suffixed by "_QEMU")
    DEFBLOCKSTORAGEDRIVER_QEMU := virtio-scsi
    DEFBLOCKDEVICEAIO_QEMU := io_uring
    DEFNETWORKMODEL_QEMU := tcfilter
+
    KERNELTYPE = uncompressed
    KERNELNAME = $(call MAKE_KERNEL_NAME,$(KERNELTYPE))
    KERNELPATH = $(KERNELDIR)/$(KERNELNAME)
+
+    KERNELTDXTYPE = compressed
+    KERNELTDXNAME = $(call MAKE_KERNEL_TDX_NAME,$(KERNELTDXTYPE))
+    KERNELTDXPATH = $(KERNELDIR)/$(KERNELTDXNAME)
 endif

 ifneq (,$(CLHCMD))
@@ -427,15 +452,20 @@ USER_VARS += KERNELTYPE_ACRN
 USER_VARS += KERNELTYPE_CLH
 USER_VARS += KERNELPATH_ACRN
 USER_VARS += KERNELPATH
+USER_VARS += KERNELTDXPATH
 USER_VARS += KERNELPATH_CLH
 USER_VARS += KERNELPATH_FC
 USER_VARS += KERNELVIRTIOFSPATH
 USER_VARS += FIRMWAREPATH
+USER_VARS += FIRMWARETDVFPATH
 USER_VARS += FIRMWAREVOLUMEPATH
+USER_VARS += FIRMWARETDVFVOLUMEPATH
 USER_VARS += MACHINEACCELERATORS
 USER_VARS += CPUFEATURES
+USER_VARS += TDXCPUFEATURES
 USER_VARS += DEFMACHINETYPE_CLH
 USER_VARS += KERNELPARAMS
+USER_VARS += KERNELTDXPARAMS
 USER_VARS += LIBEXECDIR
 USER_VARS += LOCALSTATEDIR
 USER_VARS += PKGDATADIR
@@ -451,8 +481,11 @@ USER_VARS += PROJECT_TYPE
 USER_VARS += PROJECT_URL
 USER_VARS += QEMUBINDIR
 USER_VARS += QEMUCMD
+USER_VARS += QEMUTDXCMD
 USER_VARS += QEMUPATH
+USER_VARS += QEMUTDXPATH
 USER_VARS += QEMUVALIDHYPERVISORPATHS
+USER_VARS += QEMUTDXVALIDHYPERVISORPATHS
 USER_VARS += QEMUVIRTIOFSCMD
 USER_VARS += QEMUVIRTIOFSPATH
 USER_VARS += RUNTIME_NAME
@@ -482,6 +515,7 @@ USER_VARS += DEFBLOCKSTORAGEDRIVER_QEMU
 USER_VARS += DEFBLOCKDEVICEAIO_QEMU
 USER_VARS += DEFSHAREDFS_CLH_VIRTIOFS
 USER_VARS += DEFSHAREDFS_QEMU_VIRTIOFS
+USER_VARS += DEFSHAREDFS_QEMU_TDX_VIRTIOFS
 USER_VARS += DEFVIRTIOFSDAEMON
 USER_VARS += DEFVALIDVIRTIOFSDAEMONPATHS
 USER_VARS += DEFVIRTIOFSCACHESIZE
@@ -587,6 +621,10 @@ define MAKE_KERNEL_VIRTIOFS_NAME
 $(if $(findstring uncompressed,$1),vmlinux-virtiofs.container,vmlinuz-virtiofs.container)
 endef

+define MAKE_KERNEL_TDX_NAME
+$(if $(findstring uncompressed,$1),vmlinux-tdx.container,vmlinuz-tdx.container)
+endef
+
 GENERATED_FILES += pkg/katautils/config-settings.go

 $(RUNTIME_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary