[pve-devel] [PATCH manager/qemu-server 0/2] Add support for Intel TDX attestation
Anton Iacobaeus
anton.iacobaeus at canarybit.eu
Mon Nov 17 11:47:58 CET 2025
This patch series adds support for configuring the Quote Generation Socket
object used for attestation in Intel TDX.
This is effectively v4 of https://lists.proxmox.com/pipermail/pve-devel/2025-October/076262.html
without the already applied patches.
A part from Intel TDX support a running Quote Generation Service (QGS) on the
host (or dedicated VM) connected to a Provisioning Certificate Caching Service
(PCCS) is also required for attestation, more information can be found at:
https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/02/infrastructure_setup/
Only a subset of the possible socket types are implemented with this patch.
Ideally the SocketAddress object as defined in QEMU would be fully implemented,
but for the sake of TDX this is not neccessary. More information at:
https://www.qemu.org/docs/master/interop/qemu-storage-daemon-qmp-ref.html#object-QSD-sockets.SocketAddress
pve-manager:
Anton Iacobaeus (1):
Add support for TDX attestation
www/manager6/qemu/TdxEdit.js | 56 +++++++++++++++++++++++++++++++++++-
1 file changed, 55 insertions(+), 1 deletion(-)
qemu-server:
Anton Iacobaeus (1):
Add support for TDX quote-generation-socket object
src/PVE/QemuServer.pm | 3 +-
src/PVE/QemuServer/CPUConfig.pm | 60 +++++++++++++++++++++++++++++++--
2 files changed, 60 insertions(+), 3 deletions(-)
--
2.43.0
More information about the pve-devel
mailing list