[pve-devel] [PATCH edk2-firmware/manager/qemu-server v3 0/9] Add support for Intel TDX
Fiona Ebner
f.ebner at proxmox.com
Wed Nov 12 14:48:21 CET 2025
Hi Anton,
sorry for the delay!
Am 10.11.25 um 4:03 PM schrieb Anton Iacobaeus:
> Hi,
>
> I understand review time can vary but just wanted to check on the status
> of this series. Seems like it got formatted incorrectly in the archives,
> but it looks fine in my mail client. If a resend or other clarifications
> is needed before review I am happy to do so.
Yes, apparently something in our mail stack (upgrade is planned with the
hope it makes things better) mixes up line-endings somewhere even if
sent with '--transfer-encoding=base64' but that is fine, I can fix it up
when applying. I also needed to rebase the patches on top of the latest
changes [0].
I did not go ahead with applying the edk2 patches yet, because I got a
question: Don't we want to enroll the Microsoft and distro keys for the
image? Debian upstream added TDX support just a few days ago and they
enroll the Microsoft and distro keys and even dropped the variant
without pre-enrolled keys [1] that was part of the initial merge. The
changes [0] include an "enroll_vendor" helper so we could use that and
get an OVMF_TDX_4M.ms.fd image.
What do you think?
Best Regards,
Fiona
[0]:
https://git.proxmox.com/?p=pve-edk2-firmware.git;a=commitdiff;h=c50fc74a992c0913a0fb84dc33c8ce8c36230604;hp=714c8a05662580d4553e045b3c404b614dc1ac27
[1]:
https://salsa.debian.org/qemu-team/edk2/-/commit/4dd2f2c8de1e3c6c3391cd9c25377966f556f2ff
More information about the pve-devel
mailing list