Merge pull request #11057 from mythi/tdx-qgs-uds

runtime: qemu: add support to use TDX QGS via Unix Domain Sockets
2025-07-17 08:53:26 +00:00 · 2025-04-07 07:27:48 -07:00 · 2025-04-07 07:27:48 -07:00 · 8779abd0a1
commit 8779abd0a1
parent e606a8deb5 85f3391bcf
2 changed files with 37 additions and 5 deletions
--- a/src/runtime/pkg/govmm/qemu/qemu.go
+++ b/src/runtime/pkg/govmm/qemu/qemu.go
@ -45,6 +45,8 @@ type Machine struct {
 const (
 	// MachineTypeMicrovm is the QEMU microvm machine type for amd64
 	MachineTypeMicrovm string = "microvm"
 	// (fixed) Unix Domain Socket Path served by Intel TDX Quote Generation Service
 	qgsSocketPath string = "/var/run/tdx-qgs/qgs.socket"
 )
 const (
@ -316,7 +318,7 @@ type Object struct {
 	// Prealloc enables memory preallocation
 	Prealloc bool
-	// QgsPort defines Intel Quote Generation Service port exposed from the host
+	// QgsPort defines Intel TDX Quote Generation Service port configuration
 	QgsPort uint32
 	// SnpIdBlock is the 96-byte, base64-encoded blob to provide the ‘ID Block’ structure
@ -336,7 +338,7 @@ func (object Object) Valid() bool {
 	case MemoryBackendEPC:
 		return object.ID != "" && object.Size != 0
 	case TDXGuest:
-		return object.ID != "" && object.File != "" && object.DeviceID != "" && object.QgsPort != 0
+		return object.ID != "" && object.File != "" && object.DeviceID != ""
 	case SEVGuest:
 		fallthrough
 	case SNPGuest:
@ -436,8 +438,9 @@ func (object Object) QemuParams(config *Config) []string {
 type SocketAddress struct {
 	Type string `json:"type"`
-	Cid  string `json:"cid"`
+	Cid  string `json:"cid,omitempty"`
-	Port string `json:"port"`
+	Port string `json:"port,omitempty"`
 	Path string `json:"path,omitempty"`
 }
 type TdxQomObject struct {
@ -472,8 +475,16 @@ func (this *TdxQomObject) String() string {
 	return string(b)
 }
 func getQgsSocketAddress(portNum uint32) SocketAddress {
 	if portNum == 0 {
 		return SocketAddress{Type: "unix", Path: qgsSocketPath}
 	}
 	return SocketAddress{Type: "vsock", Cid: fmt.Sprint(VsockHostCid), Port: fmt.Sprint(portNum)}
 }
 func prepareTDXObject(object Object) string {
-	qgsSocket := SocketAddress{"vsock", fmt.Sprint(VsockHostCid), fmt.Sprint(object.QgsPort)}
+	qgsSocket := getQgsSocketAddress(object.QgsPort)
 	tdxObject := TdxQomObject{
 		string(object.Type), // qom-type
 		object.ID,           // id
--- a/src/runtime/pkg/govmm/qemu/qemu_test.go
+++ b/src/runtime/pkg/govmm/qemu/qemu_test.go
@ -127,6 +127,27 @@ func TestAppendDeviceNVDIMM(t *testing.T) {
 	testAppend(object, deviceNVDIMMString, t)
 }
 var (
 	tdxObjectVsock = `-object {"qom-type":"tdx-guest","id":"tdx","quote-generation-socket":{"type":"vsock","cid":"2","port":"4050"}}`
 	tdxObjectUnix  = `-object {"qom-type":"tdx-guest","id":"tdx","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"}}`
 )
 func TestTdxQuoteSocket(t *testing.T) {
 	object := Object{
 		Type:     TDXGuest,
 		ID:       "tdx",
 		File:     "unused",
 		DeviceID: "unused",
 		QgsPort:  0,
 	}
 	testAppend(object, tdxObjectUnix, t)
 	object.QgsPort = 4050
 	testAppend(object, tdxObjectVsock, t)
 }
 var objectEPCString = "-object memory-backend-epc,id=epc0,size=65536,prealloc=on"
 func TestAppendEPCObject(t *testing.T) {