)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"3379926285c5c6de446feec3c106dcdbb9ed06ef","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"a7a2c534_c55f25e4","updated":"2026-04-03 09:40:42.000000000","message":"Thank you for your interesting suggestion. I gave some comments and questions.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"35092502_4c5e7d13","in_reply_to":"a7a2c534_c55f25e4","updated":"2026-04-10 15:31:26.000000000","message":"Thank you for the review!","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"7c9b48a0a4b075faba48bf18c48c73eaed657ecc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"6849a4ac_00ecbfd8","updated":"2026-05-05 14:21:47.000000000","message":"Great spec Anton, very well written and thorough. I\u0027ve left a few comments\nmostly for clarification. Putting a -1 just to flag them, but overall this\nlooks very good to me.","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e2507a9990cea75dcd9e0097e9964ab85fe1442a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"303afc2a_e5d24187","updated":"2026-05-12 15:42:09.000000000","message":"Still minor things to amend. But the specs looks good to me.","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"d7672b3d2c2382091be5bd7ae38a590b677dfc6c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"b71bb0d0_0a023fef","updated":"2026-05-13 13:51:51.000000000","message":"Thanks Anton for the latest updates.\nBig +1 from my side.","commit_id":"78929519c10b5ac2230237fa2f932459dac87ca7"}],"specs/2026.2/approved/intel-tdx-libvirt-support.rst":[{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"0ed5e51ee328bb8c61d00ec9fc0dc0671c2d446e","unresolved":true,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Extend the libvirt driver to detect support for Intel TDX on the host through"},{"line_number":70,"context_line":"libvirt host and dom capabilities, as well as kernel kvm parameters. This is"},{"line_number":71,"context_line":"very similar to current capabilities checks for AMD SEV/SEV-ES."},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"2. **Resource tracking**:"},{"line_number":74,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"609a8a5e_c9619d1b","line":71,"range":{"start_line":71,"start_character":16,"end_line":71,"end_character":63},"updated":"2026-04-05 14:30:40.000000000","message":"So do we have to check any kvm_intel module parameter in addition to domain capabilities ? I found the tdx element in https://libvirt.org/formatdomaincaps.html#features but am not too sure about the module parameter.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":false,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Extend the libvirt driver to detect support for Intel TDX on the host through"},{"line_number":70,"context_line":"libvirt host and dom capabilities, as well as kernel kvm parameters. This is"},{"line_number":71,"context_line":"very similar to current capabilities checks for AMD SEV/SEV-ES."},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"2. **Resource tracking**:"},{"line_number":74,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"802ff540_a90e0de3","line":71,"range":{"start_line":71,"start_character":16,"end_line":71,"end_character":63},"in_reply_to":"609a8a5e_c9619d1b","updated":"2026-04-10 15:31:26.000000000","message":"Yes the kvm_intel module parameter is also needed. It is ``/sys/module/kvm_intel/parameters/tdx`` and should be ``Y`` for when TDX is enabled. There are also some MSR fields that can be checked, but they only show if it is configured in BIOS.\n\nThe domain capabilities, as far as I know, only indicates whether Libvirt/QEMU supports TDX.\n\nWill clarify in the spec.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"0ed5e51ee328bb8c61d00ec9fc0dc0671c2d446e","unresolved":true,"context_lines":[{"line_number":76,"context_line":"key slot tracking using resource provider inventory. The maximum number of"},{"line_number":77,"context_line":"TDX key slots is also needed for this, which depends on hardware and BIOS"},{"line_number":78,"context_line":"settings. For SEV maximum key slots are reported as a part of libvirt dom"},{"line_number":79,"context_line":"capabilities, this is not yet implemented for TDX, and thus a host"},{"line_number":80,"context_line":"configuration option is instead proposed. ``num_memory_encrypted_guests``"},{"line_number":81,"context_line":"already exists but has been deprecated since SEV implementation instead uses"},{"line_number":82,"context_line":"dom capabilities."}],"source_content_type":"text/x-rst","patch_set":2,"id":"8d973a27_5b4d4454","line":79,"range":{"start_line":79,"start_character":14,"end_line":79,"end_character":49},"updated":"2026-04-05 14:30:40.000000000","message":"Do you know if there is any on-going work to implement it ? I\u0027m asking these to understand if we eventually have to use that deprecated option for long term.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"bd88fae950bfae9bccce61558883dffb8f778214","unresolved":true,"context_lines":[{"line_number":76,"context_line":"key slot tracking using resource provider inventory. The maximum number of"},{"line_number":77,"context_line":"TDX key slots is also needed for this, which depends on hardware and BIOS"},{"line_number":78,"context_line":"settings. For SEV maximum key slots are reported as a part of libvirt dom"},{"line_number":79,"context_line":"capabilities, this is not yet implemented for TDX, and thus a host"},{"line_number":80,"context_line":"configuration option is instead proposed. ``num_memory_encrypted_guests``"},{"line_number":81,"context_line":"already exists but has been deprecated since SEV implementation instead uses"},{"line_number":82,"context_line":"dom capabilities."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1c859874_fa27ec4d","line":79,"range":{"start_line":79,"start_character":14,"end_line":79,"end_character":49},"in_reply_to":"0d451816_6a194ec1","updated":"2026-04-23 14:38:24.000000000","message":"Can confirm this is in 6.16, which is when TDX was introduced.\n\nSee:\nhttps://elixir.bootlin.com/linux/v6.16/source/arch/x86/kvm/vmx/tdx.c#L3514","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d9ee4e71aea4d42c012ee86d34c873ec680ee1cc","unresolved":true,"context_lines":[{"line_number":76,"context_line":"key slot tracking using resource provider inventory. The maximum number of"},{"line_number":77,"context_line":"TDX key slots is also needed for this, which depends on hardware and BIOS"},{"line_number":78,"context_line":"settings. For SEV maximum key slots are reported as a part of libvirt dom"},{"line_number":79,"context_line":"capabilities, this is not yet implemented for TDX, and thus a host"},{"line_number":80,"context_line":"configuration option is instead proposed. ``num_memory_encrypted_guests``"},{"line_number":81,"context_line":"already exists but has been deprecated since SEV implementation instead uses"},{"line_number":82,"context_line":"dom capabilities."}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf980303_ba43fa03","line":79,"range":{"start_line":79,"start_character":14,"end_line":79,"end_character":49},"in_reply_to":"77601b87_07c48af8","updated":"2026-04-22 12:46:39.000000000","message":"That\u0027s a good news ! However if we solely rely on this interface we should bump the min kernel version.\n\nAs far as I read the web articles Ubuntu 26.04 is supposed to include kernel 7.0 so this requirement may be acceptable, or in case anyone wants this with lower version of kernel then we can use the option for transition period.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":true,"context_lines":[{"line_number":76,"context_line":"key slot tracking using resource provider inventory. The maximum number of"},{"line_number":77,"context_line":"TDX key slots is also needed for this, which depends on hardware and BIOS"},{"line_number":78,"context_line":"settings. For SEV maximum key slots are reported as a part of libvirt dom"},{"line_number":79,"context_line":"capabilities, this is not yet implemented for TDX, and thus a host"},{"line_number":80,"context_line":"configuration option is instead proposed. ``num_memory_encrypted_guests``"},{"line_number":81,"context_line":"already exists but has been deprecated since SEV implementation instead uses"},{"line_number":82,"context_line":"dom capabilities."}],"source_content_type":"text/x-rst","patch_set":2,"id":"bcb567b0_6d0f34ff","line":79,"range":{"start_line":79,"start_character":14,"end_line":79,"end_character":49},"in_reply_to":"8d973a27_5b4d4454","updated":"2026-04-10 15:31:26.000000000","message":"No on-going work as of now. Will bring it up with maintainers and see if there are some alternative solutions or paths forward.\n\nThe current alternatives are: \n- parse dmesg \n- read MSR\n- host config option","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"111068522e218bc59b3c09ea2b635e3cc761067f","unresolved":true,"context_lines":[{"line_number":76,"context_line":"key slot tracking using resource provider inventory. The maximum number of"},{"line_number":77,"context_line":"TDX key slots is also needed for this, which depends on hardware and BIOS"},{"line_number":78,"context_line":"settings. For SEV maximum key slots are reported as a part of libvirt dom"},{"line_number":79,"context_line":"capabilities, this is not yet implemented for TDX, and thus a host"},{"line_number":80,"context_line":"configuration option is instead proposed. ``num_memory_encrypted_guests``"},{"line_number":81,"context_line":"already exists but has been deprecated since SEV implementation instead uses"},{"line_number":82,"context_line":"dom capabilities."}],"source_content_type":"text/x-rst","patch_set":2,"id":"77601b87_07c48af8","line":79,"range":{"start_line":79,"start_character":14,"end_line":79,"end_character":49},"in_reply_to":"bcb567b0_6d0f34ff","updated":"2026-04-17 09:06:30.000000000","message":"Some good news on this! Turns out the kernel is already exposing these values via a simple interface:\n\ncat /sys/fs/cgroup/misc.capacity \u003c-- Total TD capacity\n\nIt also tracks the number of currently used keys\ncat /sys/fs/cgroup/misc.current  \u003c-- Used TD capacity\n\nThis does all the hard work for us and can be read without elevated privileges\n\nRelated position in the kernel: https://elixir.bootlin.com/linux/v7.0-rc7/source/arch/x86/kvm/vmx/tdx.c#L3473","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"54369fab5409a7de7f60158718d7b833134249ab","unresolved":true,"context_lines":[{"line_number":76,"context_line":"key slot tracking using resource provider inventory. The maximum number of"},{"line_number":77,"context_line":"TDX key slots is also needed for this, which depends on hardware and BIOS"},{"line_number":78,"context_line":"settings. For SEV maximum key slots are reported as a part of libvirt dom"},{"line_number":79,"context_line":"capabilities, this is not yet implemented for TDX, and thus a host"},{"line_number":80,"context_line":"configuration option is instead proposed. ``num_memory_encrypted_guests``"},{"line_number":81,"context_line":"already exists but has been deprecated since SEV implementation instead uses"},{"line_number":82,"context_line":"dom capabilities."}],"source_content_type":"text/x-rst","patch_set":2,"id":"0d451816_6a194ec1","line":79,"range":{"start_line":79,"start_character":14,"end_line":79,"end_character":49},"in_reply_to":"bf980303_ba43fa03","updated":"2026-04-22 12:54:06.000000000","message":"Apologies, that link was just a reference to the latest kernel code. It was introduced in an older version. Will take some digging to identify exactly when it was introduced, but for instance using canonical/tdx patches on ubuntu 24.04 also works.\n\nWill do some digging to make sure it is included with the suggested kernel version.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"3379926285c5c6de446feec3c106dcdbb9ed06ef","unresolved":true,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"3. **Image and flavor**:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Use the existing ``hw:mem_encryption\u003dTrue`` flavor extra spec and"},{"line_number":87,"context_line":"``hw_mem_encryption\u003dtrue`` image property, and introduce"},{"line_number":88,"context_line":"``hw:mem_encryption_model\u003dintel-tdx`` to specify TDX encryption, following the"},{"line_number":89,"context_line":"pattern used for SEV (``amd-sev``, ``amd-sev-es``)."},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"4. **XML generation**:"},{"line_number":92,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"288b1ad0_5d8dbee0","line":89,"range":{"start_line":86,"start_character":0,"end_line":89,"end_character":51},"updated":"2026-04-03 09:40:42.000000000","message":"In the current Nova implementation, if a user specifies only hw:mem_encryption\u003dTrue without hw:mem_encryption_model, Nova defaults to AMD SEV ([scheduler.utils._translate_mem_encryption_request()](https://github.com/openstack/nova/blob/327c790ec87e95e81900118537b68ed94e8e4475/nova/scheduler/utils.py#L319) and [hardware.get_mem_encryption_constraint()](https://github.com/openstack/nova/blob/327c790ec87e95e81900118537b68ed94e8e4475/nova/virt/hardware.py#L1252). The [generalize-sev-code patches](https://review.opendev.org/q/topic:%22bp/generalize-sev-code%22) do not change this behavior. \n\nThis creates an issue in an environment where the compute nodes are composed only of Intel TDX-capable nodes and there are no nodes supporting AMD SEV. In such a case, users may expect that hw:mem_encryption\u003dTrue without mem_encryption_model is sufficient for TDX-based VMs but Nova would still attempt to boot an SEV-based VM and fail, even though the infrastructure is fully capable of providing memory encryption via TDX.\n\nIdeally, hw:mem_encryption\u003dTrue without hw:mem_encryption_model should be a generic trigger that allows Nova to automatically select the appropriate encryption model based on the resource providers for MEM_ENCRYPTION_CONTEXT.\n\nIt would be great if we solve this issue when TDX support is implemented in Nova, but adding a note that hw:mem_encryption_model\u003dintel-tdx is required for booting a TDX VM might be sufficient so far.  I think this point requires discussion including other reviewers.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"0ed5e51ee328bb8c61d00ec9fc0dc0671c2d446e","unresolved":true,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"3. **Image and flavor**:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Use the existing ``hw:mem_encryption\u003dTrue`` flavor extra spec and"},{"line_number":87,"context_line":"``hw_mem_encryption\u003dtrue`` image property, and introduce"},{"line_number":88,"context_line":"``hw:mem_encryption_model\u003dintel-tdx`` to specify TDX encryption, following the"},{"line_number":89,"context_line":"pattern used for SEV (``amd-sev``, ``amd-sev-es``)."},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"4. **XML generation**:"},{"line_number":92,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"99ba4ab1_f6ed1fd5","line":89,"range":{"start_line":86,"start_character":0,"end_line":89,"end_character":51},"in_reply_to":"288b1ad0_5d8dbee0","updated":"2026-04-05 14:30:40.000000000","message":"We discussed this when we introduced SEV-ES support but we decided to use SEV as \"the default\" model to avoid breaking existing usage of AMD SEV, without explicit memory-model. It\u0027s highly possible that an old image with only SEV capability doesn\u0027t work with TDX.\n\nA possible option is to make the default model configurable, but AFAIK we generally avoid changing behavior of the API according to a config option for cross-cloud operability.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":true,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"3. **Image and flavor**:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Use the existing ``hw:mem_encryption\u003dTrue`` flavor extra spec and"},{"line_number":87,"context_line":"``hw_mem_encryption\u003dtrue`` image property, and introduce"},{"line_number":88,"context_line":"``hw:mem_encryption_model\u003dintel-tdx`` to specify TDX encryption, following the"},{"line_number":89,"context_line":"pattern used for SEV (``amd-sev``, ``amd-sev-es``)."},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"4. **XML generation**:"},{"line_number":92,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"a09b8055_beef55fc","line":89,"range":{"start_line":86,"start_character":0,"end_line":89,"end_character":51},"in_reply_to":"99ba4ab1_f6ed1fd5","updated":"2026-04-10 15:31:26.000000000","message":"I noticed this was not addressed when going over the generalize-sev-code, although I didn\u0027t entirely capture the implications for TDX yet. Great to get some context. I was more or less assuming that when TDX is requested, ``hw:mem_encryption_model\u003dintel-tdx`` should be used and I think a note about it is a reasonable solution. This limitation can also be addressed in this spec if it is considered in scope.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"d097f35366855b3a4f0c27dfa106b51af8352288","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"3. **Image and flavor**:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Use the existing ``hw:mem_encryption\u003dTrue`` flavor extra spec and"},{"line_number":87,"context_line":"``hw_mem_encryption\u003dtrue`` image property, and introduce"},{"line_number":88,"context_line":"``hw:mem_encryption_model\u003dintel-tdx`` to specify TDX encryption, following the"},{"line_number":89,"context_line":"pattern used for SEV (``amd-sev``, ``amd-sev-es``)."},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"4. **XML generation**:"},{"line_number":92,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"b032f5d2_a8dca309","line":89,"range":{"start_line":86,"start_character":0,"end_line":89,"end_character":51},"in_reply_to":"a09b8055_beef55fc","updated":"2026-04-23 01:05:28.000000000","message":"We agreed in the PTG that do not address the default logic, and force hw:mem_encryption_model to be set.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"3379926285c5c6de446feec3c106dcdbb9ed06ef","unresolved":true,"context_lines":[{"line_number":108,"context_line":"the options. Therefore, for an initial implementation of TDX the following is"},{"line_number":109,"context_line":"proposed:"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"- Hardcode policy to ``0x00000001``, which disables debugging."},{"line_number":112,"context_line":"- Expose quoteGenerationSocket path as a host config (nova.conf)."},{"line_number":113,"context_line":"- Remaining fields are meant for user configuration and will be left as"},{"line_number":114,"context_line":"  default (empty)."}],"source_content_type":"text/x-rst","patch_set":2,"id":"084e705b_df44cb50","line":111,"updated":"2026-04-03 09:40:42.000000000","message":"I agree that bit 0 could be fixed for now, since debug mode is still considered future work according to [the QEMU documentation](https://www.qemu.org/docs/master/system/i386/tdx.html#debugging). However, it appears that `0x00000001` enables debug mode (off-TD debug) rather than disable it([other reference](https://github.com/canonical/tdx/issues/384)). If the intention is to disable debugging, would `0x00000000` be a appropriate instead?","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"3379926285c5c6de446feec3c106dcdbb9ed06ef","unresolved":true,"context_lines":[{"line_number":108,"context_line":"the options. Therefore, for an initial implementation of TDX the following is"},{"line_number":109,"context_line":"proposed:"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"- Hardcode policy to ``0x00000001``, which disables debugging."},{"line_number":112,"context_line":"- Expose quoteGenerationSocket path as a host config (nova.conf)."},{"line_number":113,"context_line":"- Remaining fields are meant for user configuration and will be left as"},{"line_number":114,"context_line":"  default (empty)."}],"source_content_type":"text/x-rst","patch_set":2,"id":"8bbf3355_329d0c14","line":111,"range":{"start_line":111,"start_character":25,"end_line":111,"end_character":26},"updated":"2026-04-03 09:40:42.000000000","message":"My understanding is that the current libvirt implementations allows configurating bit 28(`SEPT_VE_DISABLE`) via `\u003cpolicy\u003e`, in addition to bit 0.\n\n[This QEMU patch](https://patchew.org/QEMU/20240229063726.610065-1-xiaoyao.li@intel.com/20240229063726.610065-26-xiaoyao.li@intel.com/) mentions that some guest OSes (e.g., Linux TD guest) may require bit28(sept-ve-disable) as 1, otherwise refuse to boot. Given this, I\u0027m wondering whether it is appropriate to always unset bit 28 ([Other reference](https://github.com/asterinas/asterinas/issues/2902)).","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":false,"context_lines":[{"line_number":108,"context_line":"the options. Therefore, for an initial implementation of TDX the following is"},{"line_number":109,"context_line":"proposed:"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"- Hardcode policy to ``0x00000001``, which disables debugging."},{"line_number":112,"context_line":"- Expose quoteGenerationSocket path as a host config (nova.conf)."},{"line_number":113,"context_line":"- Remaining fields are meant for user configuration and will be left as"},{"line_number":114,"context_line":"  default (empty)."}],"source_content_type":"text/x-rst","patch_set":2,"id":"72933043_b0f72a39","line":111,"in_reply_to":"084e705b_df44cb50","updated":"2026-04-10 15:31:26.000000000","message":"Yes indeed, I had this all flipped. My intention was for bit 0 to be 0 to\ndisable debug and bit 28 to be 1 for SEPT_VE_DISABLE, so ``0x10000000``.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":false,"context_lines":[{"line_number":108,"context_line":"the options. Therefore, for an initial implementation of TDX the following is"},{"line_number":109,"context_line":"proposed:"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"- Hardcode policy to ``0x00000001``, which disables debugging."},{"line_number":112,"context_line":"- Expose quoteGenerationSocket path as a host config (nova.conf)."},{"line_number":113,"context_line":"- Remaining fields are meant for user configuration and will be left as"},{"line_number":114,"context_line":"  default (empty)."}],"source_content_type":"text/x-rst","patch_set":2,"id":"8bdfea4e_3731bbd5","line":111,"range":{"start_line":111,"start_character":25,"end_line":111,"end_character":26},"in_reply_to":"8bbf3355_329d0c14","updated":"2026-04-10 15:31:26.000000000","message":"Same as above. Will update policy to `0x10000000` which sets bit 28.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"3379926285c5c6de446feec3c106dcdbb9ed06ef","unresolved":true,"context_lines":[{"line_number":109,"context_line":"proposed:"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"- Hardcode policy to ``0x00000001``, which disables debugging."},{"line_number":112,"context_line":"- Expose quoteGenerationSocket path as a host config (nova.conf)."},{"line_number":113,"context_line":"- Remaining fields are meant for user configuration and will be left as"},{"line_number":114,"context_line":"  default (empty)."},{"line_number":115,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"fef21377_b2d2dbd8","line":112,"range":{"start_line":112,"start_character":0,"end_line":112,"end_character":65},"updated":"2026-04-03 09:40:42.000000000","message":"According to [this libvirt patch](https://www.mail-archive.com/devel%40lists.libvirt.org/msg11392.html), If this option is not specified, `/var/run/tdx-qgs/qgs.socket` is used.\nIs it necessary to expose this as a configurable option within nova.conf because the socket path differs across host environments and there\u0027s no way to detect this path automatically?","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":true,"context_lines":[{"line_number":109,"context_line":"proposed:"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"- Hardcode policy to ``0x00000001``, which disables debugging."},{"line_number":112,"context_line":"- Expose quoteGenerationSocket path as a host config (nova.conf)."},{"line_number":113,"context_line":"- Remaining fields are meant for user configuration and will be left as"},{"line_number":114,"context_line":"  default (empty)."},{"line_number":115,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"400debd1_625d2189","line":112,"range":{"start_line":112,"start_character":0,"end_line":112,"end_character":65},"in_reply_to":"fef21377_b2d2dbd8","updated":"2026-04-10 15:31:26.000000000","message":"The quoteGenerationSocket object is optional, but has to be declared in order to use attestation. The path field of the quoteGenerationSocket object is also optional and will indeed default to ``/var/run/tdx-qgs/qgs.socket``. I agree that this default is probably enough in most cases.\n\nThere are some cases where it could be useful to have it configurable, but not really from the host perspective but rather the user. There could for example be multiple Quote Generation Services running on the same node and a user could want to choose which one to use for that particular VM. If we manage to create a good interface for user supplied options the path should be included there.\n\nWill update the spec accordingly.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"3379926285c5c6de446feec3c106dcdbb9ed06ef","unresolved":true,"context_lines":[{"line_number":175,"context_line":"  interface for user provided options for confidential computing is implemented"},{"line_number":176,"context_line":"  in Nova. TDX will function without the user provided data and getting partial"},{"line_number":177,"context_line":"  TDX support is considered better than none."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"Data model impact"},{"line_number":180,"context_line":"-----------------"},{"line_number":181,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"34b0c420_d4e5e5ff","line":178,"updated":"2026-04-03 09:40:42.000000000","message":"Are there additional limitations or specification differences compared to [SEV](https://docs.openstack.org/nova/latest/admin/sev.html#limitations)? \n\nsuch as:\n\n* Are there restrictions on `hw_disk_bus`?\n* Is `memlocked` required to specify in the domain XML?\n* Can `hw_page_size` option be used together with TDX?","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"a9d4005a6f101d7bee651e91b297b4c9d42ada87","unresolved":true,"context_lines":[{"line_number":175,"context_line":"  interface for user provided options for confidential computing is implemented"},{"line_number":176,"context_line":"  in Nova. TDX will function without the user provided data and getting partial"},{"line_number":177,"context_line":"  TDX support is considered better than none."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"Data model impact"},{"line_number":180,"context_line":"-----------------"},{"line_number":181,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"74e11e7a_02211704","line":178,"in_reply_to":"34b0c420_d4e5e5ff","updated":"2026-04-10 15:31:26.000000000","message":"Good question! I will update the spec with some clarifications here. In general TDX inherits many of the limitations from SEV, but mainly has similar limitations as SEV-SNP.\n\nRight now I can confirm:\n- memlocked is not required for Intel TDX\n- Hugepages (hw:mem_page_size) support is ongoing, but not merged, and can be tracked here:\nhttps://lore.kernel.org/kvm/20260106101646.24809-1-yan.y.zhao@intel.com/","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"aa20b1882ea4a9901155b01d48cb6afd8fe230be","unresolved":true,"context_lines":[{"line_number":175,"context_line":"  interface for user provided options for confidential computing is implemented"},{"line_number":176,"context_line":"  in Nova. TDX will function without the user provided data and getting partial"},{"line_number":177,"context_line":"  TDX support is considered better than none."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"Data model impact"},{"line_number":180,"context_line":"-----------------"},{"line_number":181,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"7c16a773_8ce7e216","line":178,"in_reply_to":"390577dd_6c2e78b9","updated":"2026-05-07 14:55:11.000000000","message":"Briefly mentioned under \"Other end user impact\". The limitations there will also be documented, can clarify in the spec.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"7c9b48a0a4b075faba48bf18c48c73eaed657ecc","unresolved":true,"context_lines":[{"line_number":175,"context_line":"  interface for user provided options for confidential computing is implemented"},{"line_number":176,"context_line":"  in Nova. TDX will function without the user provided data and getting partial"},{"line_number":177,"context_line":"  TDX support is considered better than none."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"Data model impact"},{"line_number":180,"context_line":"-----------------"},{"line_number":181,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"390577dd_6c2e78b9","line":178,"in_reply_to":"74e11e7a_02211704","updated":"2026-05-05 14:21:47.000000000","message":"Hugepages, it could be good to document that later in the doc patch.","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e2507a9990cea75dcd9e0097e9964ab85fe1442a","unresolved":false,"context_lines":[{"line_number":175,"context_line":"  interface for user provided options for confidential computing is implemented"},{"line_number":176,"context_line":"  in Nova. TDX will function without the user provided data and getting partial"},{"line_number":177,"context_line":"  TDX support is considered better than none."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"Data model impact"},{"line_number":180,"context_line":"-----------------"},{"line_number":181,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"d0578159_82e39be3","line":178,"in_reply_to":"7c16a773_8ce7e216","updated":"2026-05-12 15:42:09.000000000","message":"Acknowledged","commit_id":"32a6cde45bb96313f6cd8779c5cb9f8ba495daf8"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"234b770c9406837118cd202c43fe8843bf162a3e","unresolved":true,"context_lines":[{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Internally these properties will be translated into"},{"line_number":143,"context_line":"``resources:MEM_ENCRYPTION_CONTEXT\u003d1`` and"},{"line_number":144,"context_line":"``trait:HW_CPU_X86_INTEL_TDX\u003drequired``. Conflicting requests between flavor"},{"line_number":145,"context_line":"and image will be rejected."},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"The current implementation defaults to ``trait:HW_CPU_X86_AMD_SEV\u003drequired`` if"},{"line_number":148,"context_line":"no ``hw:mem_encryption_model`` is configured but ``hw:mem_encryption\u003dTrue`` is."}],"source_content_type":"text/x-rst","patch_set":3,"id":"f533ccef_188a2396","line":145,"range":{"start_line":144,"start_character":41,"end_line":145,"end_character":27},"updated":"2026-04-22 15:51:21.000000000","message":"Can we also require hw_firmware_stateless\u003dTrue in image, based on the discussion we had for SEV-SNP ? (assuming firmware for tdx should be also stateless always)","commit_id":"70031334b0cd2938caa8a49b7822c6b9d7d2948b"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"bd88fae950bfae9bccce61558883dffb8f778214","unresolved":true,"context_lines":[{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Internally these properties will be translated into"},{"line_number":143,"context_line":"``resources:MEM_ENCRYPTION_CONTEXT\u003d1`` and"},{"line_number":144,"context_line":"``trait:HW_CPU_X86_INTEL_TDX\u003drequired``. Conflicting requests between flavor"},{"line_number":145,"context_line":"and image will be rejected."},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"The current implementation defaults to ``trait:HW_CPU_X86_AMD_SEV\u003drequired`` if"},{"line_number":148,"context_line":"no ``hw:mem_encryption_model`` is configured but ``hw:mem_encryption\u003dTrue`` is."}],"source_content_type":"text/x-rst","patch_set":3,"id":"93eaf8c1_6dc067a7","line":145,"range":{"start_line":144,"start_character":41,"end_line":145,"end_character":27},"in_reply_to":"f533ccef_188a2396","updated":"2026-04-23 14:38:24.000000000","message":"Updated the spec to include it","commit_id":"70031334b0cd2938caa8a49b7822c6b9d7d2948b"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"4d0b676ff5f7c065a45a44212895f37f3797f224","unresolved":true,"context_lines":[{"line_number":199,"context_line":""},{"line_number":200,"context_line":"Introduce MemEncryptionConfigTdx (based on MemEncryptionConfig) to verify"},{"line_number":201,"context_line":"instance flavor and image configuration. Intel TDX requires machine_type q35"},{"line_number":202,"context_line":"and UEFI firmware. CPU type of host-passthrough is also required, there is no"},{"line_number":203,"context_line":"model in Libvirt which is compatible with TDX."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"TDX also does not currently support features like migration, and will thus need"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9d6c00a9_b1272bed","line":202,"range":{"start_line":202,"start_character":19,"end_line":202,"end_character":65},"updated":"2026-04-22 12:00:31.000000000","message":"My understanding is that we should specify this in nova.conf and there is no option in flavor and image, right?\nhttps://docs.openstack.org/nova/latest/configuration/extra-specs.html#hw","commit_id":"70031334b0cd2938caa8a49b7822c6b9d7d2948b"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"f6eb297ef95836d7a3cbfbc44eea83040ca672d6","unresolved":true,"context_lines":[{"line_number":199,"context_line":""},{"line_number":200,"context_line":"Introduce MemEncryptionConfigTdx (based on MemEncryptionConfig) to verify"},{"line_number":201,"context_line":"instance flavor and image configuration. Intel TDX requires machine_type q35"},{"line_number":202,"context_line":"and UEFI firmware. CPU type of host-passthrough is also required, there is no"},{"line_number":203,"context_line":"model in Libvirt which is compatible with TDX."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"TDX also does not currently support features like migration, and will thus need"}],"source_content_type":"text/x-rst","patch_set":3,"id":"cc8f5f2c_53bc0fda","line":202,"range":{"start_line":202,"start_character":19,"end_line":202,"end_character":65},"in_reply_to":"9d6c00a9_b1272bed","updated":"2026-04-22 12:38:58.000000000","message":"Yes that seems to be the case, good catch!\n\nnova.conf option for reference:\nhttps://docs.openstack.org/nova/latest/configuration/config.html#libvirt.cpu_mode","commit_id":"70031334b0cd2938caa8a49b7822c6b9d7d2948b"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"7c9b48a0a4b075faba48bf18c48c73eaed657ecc","unresolved":false,"context_lines":[{"line_number":166,"context_line":"  ``/var/run/tdx-qgs/qgs.socket``. This default should not conflict with other"},{"line_number":167,"context_line":"  sockets and will integrate directly with the Quote Generation Service (QGS)"},{"line_number":168,"context_line":"  for attestation."},{"line_number":169,"context_line":"- Remaining fields are meant for user configuration and will be left as"},{"line_number":170,"context_line":"  default (empty)."},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"The resulting launchSecurity:"},{"line_number":173,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"17c227a4_3c5f56ad","line":170,"range":{"start_line":169,"start_character":2,"end_line":170,"end_character":18},"updated":"2026-05-05 14:21:47.000000000","message":"The approach of leaving these fields empty for now and deferring user-facing configuration to a future generic API (covering TDX, SEV-SNP, ARM CCA) sounds like the right call to me.","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"7c9b48a0a4b075faba48bf18c48c73eaed657ecc","unresolved":true,"context_lines":[{"line_number":202,"context_line":"Block device mappings configuration with ``hw_disk_bus\u003dscsi`` also needs to be"},{"line_number":203,"context_line":"rejected. Only needed if the block device is intended to be booted from."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"TDX also does not currently support features like migration, and will thus need"},{"line_number":206,"context_line":"a reject function like ``reject_sev_instances``."},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"d0e71732_d9dbe09a","line":205,"range":{"start_line":205,"start_character":50,"end_line":205,"end_character":59},"updated":"2026-05-05 14:21:47.000000000","message":"It would be helpful to have an explicit list of the operations that will be\nblocked for TDX instances. For example: live migration, cold migration, resize,\nshelve, etc. Just saying \"migration\" is a bit vague, knowing exactly which\nactions are rejected makes it easier to review the implementation later.","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"aa20b1882ea4a9901155b01d48cb6afd8fe230be","unresolved":true,"context_lines":[{"line_number":202,"context_line":"Block device mappings configuration with ``hw_disk_bus\u003dscsi`` also needs to be"},{"line_number":203,"context_line":"rejected. Only needed if the block device is intended to be booted from."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"TDX also does not currently support features like migration, and will thus need"},{"line_number":206,"context_line":"a reject function like ``reject_sev_instances``."},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"f602620b_06ad5c0e","line":205,"range":{"start_line":205,"start_character":50,"end_line":205,"end_character":59},"in_reply_to":"d0e71732_d9dbe09a","updated":"2026-05-07 14:55:11.000000000","message":"Live migration is the main blocked operation. In general it matches what ``reject_sev_instances`` already targets (live-migration and suspend). Will clarify in the spec.\n\nReboot also isn\u0027t supported, but Libvirt adds ``\u003con_reboot\u003erestart\u003c/on_reboot\u003e`` to handle this.","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e2507a9990cea75dcd9e0097e9964ab85fe1442a","unresolved":false,"context_lines":[{"line_number":202,"context_line":"Block device mappings configuration with ``hw_disk_bus\u003dscsi`` also needs to be"},{"line_number":203,"context_line":"rejected. Only needed if the block device is intended to be booted from."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"TDX also does not currently support features like migration, and will thus need"},{"line_number":206,"context_line":"a reject function like ``reject_sev_instances``."},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"074daa13_a0d6c682","line":205,"range":{"start_line":205,"start_character":50,"end_line":205,"end_character":59},"in_reply_to":"f602620b_06ad5c0e","updated":"2026-05-12 15:42:09.000000000","message":"Acknowledged","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"7c9b48a0a4b075faba48bf18c48c73eaed657ecc","unresolved":true,"context_lines":[{"line_number":236,"context_line":""},{"line_number":237,"context_line":"      tdx 3"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"This could be used to account for TDX guests started outside of Nova\u0027s control."},{"line_number":240,"context_line":"This is, however, not necessary and the pattern of letting the operator"},{"line_number":241,"context_line":"configure the ``reserved`` field manually is preferred."},{"line_number":242,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"ed968fa4_29197bb4","line":239,"range":{"start_line":239,"start_character":37,"end_line":239,"end_character":78},"updated":"2026-05-05 14:21:47.000000000","message":"Minor note: running guests outside of Nova\u0027s control is not a supported scenario — Nova expects to be the sole manager of compute resources on the host.","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"aa20b1882ea4a9901155b01d48cb6afd8fe230be","unresolved":false,"context_lines":[{"line_number":236,"context_line":""},{"line_number":237,"context_line":"      tdx 3"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"This could be used to account for TDX guests started outside of Nova\u0027s control."},{"line_number":240,"context_line":"This is, however, not necessary and the pattern of letting the operator"},{"line_number":241,"context_line":"configure the ``reserved`` field manually is preferred."},{"line_number":242,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"ef7df6fe_78f9de8b","line":239,"range":{"start_line":239,"start_character":37,"end_line":239,"end_character":78},"in_reply_to":"ed968fa4_29197bb4","updated":"2026-05-07 14:55:11.000000000","message":"Acknowledged","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"7c9b48a0a4b075faba48bf18c48c73eaed657ecc","unresolved":true,"context_lines":[{"line_number":342,"context_line":""},{"line_number":343,"context_line":"https://github.com/tianocore/edk2/commit/c3f4f5a949a9e94bafe081c24dbd4110834b11ea"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* VNC is not supported, but configuring VNC will not prevent the VM from"},{"line_number":346,"context_line":"  starting."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"Performance Impact"},{"line_number":349,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"04cb2c28_284d770e","line":346,"range":{"start_line":345,"start_character":2,"end_line":346,"end_character":11},"updated":"2026-05-05 14:21:47.000000000","message":"I\u0027m not sure I understand the VNC limitation. QEMU provides the VNC server\nand handles the rendering through the emulated graphics device, so I\u0027m\nunclear why VNC wouldn\u0027t work with TDX. Could you clarify what this means\nin practice for end users? Does that mean the console will not work at all?","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"aa20b1882ea4a9901155b01d48cb6afd8fe230be","unresolved":true,"context_lines":[{"line_number":342,"context_line":""},{"line_number":343,"context_line":"https://github.com/tianocore/edk2/commit/c3f4f5a949a9e94bafe081c24dbd4110834b11ea"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* VNC is not supported, but configuring VNC will not prevent the VM from"},{"line_number":346,"context_line":"  starting."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"Performance Impact"},{"line_number":349,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"336246ce_0dea95ed","line":346,"range":{"start_line":345,"start_character":2,"end_line":346,"end_character":11},"in_reply_to":"04cb2c28_284d770e","updated":"2026-05-07 14:55:11.000000000","message":"I am not completely versed in the details of this limitation, but I suspect it has to do with that TDX encrypts, or otherwise prevents access to, memory regions that the graphics device exposes to the VNC server. \n\nPreviously a TDX VM would crash if VNC was added by QEMU/Libvirt. This was then fixed but VNC is still not supported [1][2].\n\nCanonical lists this as a limitation [3], also other cloud implementations [4][5]. In practice it means that VNC will not work at all but the VM still operates as expected. From my experience when trying to use a VNC viewer it gets stuck in \"Guest has not initialized display (yet).\" and it is unable to show anything.\n\n[1] https://github.com/canonical/tdx/issues/202#issuecomment-2783650038\n[2] https://lore.kernel.org/all/20250226195529.2314580-28-pbonzini@redhat.com/\n[3] https://github.com/canonical/tdx/releases/tag/3.3\n[4] https://cloud.ibm.com/docs/vpc?topic\u003dvpc-about-confidential-computing-vpc\n[5] https://www.alibabacloud.com/help/en/ecs/user-guide/build-a-tdx-confidential-computing-environment?spm\u003da2c63.p38356.help-menu-25365.d_0_8_7_2_1.312822dedpKuEf","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e2507a9990cea75dcd9e0097e9964ab85fe1442a","unresolved":true,"context_lines":[{"line_number":342,"context_line":""},{"line_number":343,"context_line":"https://github.com/tianocore/edk2/commit/c3f4f5a949a9e94bafe081c24dbd4110834b11ea"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* VNC is not supported, but configuring VNC will not prevent the VM from"},{"line_number":346,"context_line":"  starting."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"Performance Impact"},{"line_number":349,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"a13069c5_a4aef3c2","line":346,"range":{"start_line":345,"start_character":2,"end_line":346,"end_character":11},"in_reply_to":"336246ce_0dea95ed","updated":"2026-05-12 15:42:09.000000000","message":"From my understanding with the link provided, I would say `VNC console is not supported`....","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"},{"author":{"_account_id":38744,"name":"Anton Iacobaeus","display_name":"antia","email":"anton.iacobaeus@canarybit.eu","username":"antia","status":"Canary Bit"},"change_message_id":"2959850a14d8c4ffb8002940dca7df7a72bab340","unresolved":false,"context_lines":[{"line_number":342,"context_line":""},{"line_number":343,"context_line":"https://github.com/tianocore/edk2/commit/c3f4f5a949a9e94bafe081c24dbd4110834b11ea"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* VNC is not supported, but configuring VNC will not prevent the VM from"},{"line_number":346,"context_line":"  starting."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"Performance Impact"},{"line_number":349,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"434484d9_78242fbb","line":346,"range":{"start_line":345,"start_character":2,"end_line":346,"end_character":11},"in_reply_to":"a13069c5_a4aef3c2","updated":"2026-05-13 13:47:08.000000000","message":"Yes meant the VNC console, clarified in the spec","commit_id":"bb9f74c3714610482accdf599f5000a3cb69ed01"}]}