Stop hardcoding TDX guest object

2025-12-24 07:38:18 +00:00 · 2025-12-24 07:38:18 +00:00 · 91604c7b51
parent 284e193823
commit 91604c7b51
4 changed files with 9 additions and 11 deletions
--- a/book/src/osdk/guide/intel-tdx.md
+++ b/book/src/osdk/guide/intel-tdx.md
@ -51,7 +51,7 @@ supported_archs = ["x86_64"]
 boot.method = "grub-qcow2"
 grub.mkrescue_path = "~/tdx-tools/grub"
 grub.boot_protocol = "linux"
-qemu.args = """\
+qemu.args = '''\
    -accel kvm \
    -m 8G \
    -vga none \
@ -60,11 +60,12 @@ qemu.args = """\
    -drive file=target/osdk/asterinas/asterinas.qcow2,if=virtio,format=qcow2 \
    -monitor telnet:127.0.0.1:9001,server,nowait \
    -bios /root/ovmf/release/OVMF.fd \
+    -object '{ \"qom-type\": \"tdx-guest\", \"id\": \"tdx0\", \"sept-ve-disable\": true, \"quote-generation-socket\": { \"type\": \"vsock\", \"cid\": \"2\", \"port\": \"4050\" } }' \
    -cpu host,-kvm-steal-time,pmu=off \
    -machine q35,kernel-irqchip=split,confidential-guest-support=tdx0 \
    -smp 1 \
    -nographic \
-"""
+'''
 ```

 To choose the configurations specified by the TDX scheme over the default ones,
--- a/osdk/src/config/mod.rs
+++ b/osdk/src/config/mod.rs
@ -184,13 +184,6 @@ fn apply_args_after_finalize(action: &mut Action, args: &CommonArgs) {
        action.qemu.args += " --no-shutdown";
        action.qemu.with_monitor = true;
    }
-
-    // Since current QEMU argument parsing does not support QOM format, hardcode the argument here.
-    // The argument configures a TDX guest object with a vsock-based communication channel to the
-    // Quote Generation Service running on the host machine.
-    if std::env::var("INTEL_TDX").is_ok_and(|s| s == "1") {
-        action.qemu.args += " -object '{ \"qom-type\": \"tdx-guest\", \"id\": \"tdx0\", \"sept-ve-disable\": true, \"quote-generation-socket\": { \"type\": \"vsock\", \"cid\": \"2\", \"port\": \"4050\" } }'";
-    }
 }

 impl Config {
--- a/osdk/tests/util/scheme.tdx.template
+++ b/osdk/tests/util/scheme.tdx.template
@ -1,7 +1,7 @@
 [scheme."tdx"]
 boot.method = "grub-qcow2"
 grub.boot_protocol = "linux"
-qemu.args = """
+qemu.args = '''
    -accel kvm \
    -m 8G \
    -smp 1 \
@ -10,6 +10,7 @@ qemu.args = """
    -monitor pty \
    -nodefaults \
    -bios /root/ovmf/release/OVMF.fd \
+    -object '{ \"qom-type\": \"tdx-guest\", \"id\": \"tdx0\", \"sept-ve-disable\": true, \"quote-generation-socket\": { \"type\": \"vsock\", \"cid\": \"2\", \"port\": \"4050\" } }' \
    -cpu host,-kvm-steal-time,pmu=off \
    -machine q35,kernel-irqchip=split,confidential-guest-support=tdx0 \
    -device virtio-keyboard-pci,disable-legacy=on,disable-modern=off \
@ -19,4 +20,4 @@ qemu.args = """
    -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
    -monitor chardev:mux \
    -serial chardev:mux \
-"""
+'''
--- a/tools/qemu_args.sh
+++ b/tools/qemu_args.sh
@ -47,6 +47,8 @@ else
 fi

 if [ "$1" = "tdx" ]; then
+    TDX_OBJECT='{ "qom-type": "tdx-guest", "id": "tdx0", "sept-ve-disable": true, "quote-generation-socket": { "type": "vsock", "cid": "2", "port": "4050" } }'
+
    QEMU_ARGS="\
        -m ${MEM:-8G} \
        -smp ${SMP:-1} \
@ -57,6 +59,7 @@ if [ "$1" = "tdx" ]; then
        -bios /root/ovmf/release/OVMF.fd \
        -cpu host,-kvm-steal-time,pmu=off \
        -machine q35,kernel-irqchip=split,confidential-guest-support=tdx0 \
+        -object '$TDX_OBJECT' \
        -device virtio-net-pci,netdev=net01,disable-legacy=on,disable-modern=off$VIRTIO_NET_FEATURES \
        -device virtio-keyboard-pci,disable-legacy=on,disable-modern=off \
        $NETDEV_ARGS \