search

canonical / tdx

Intel confidential computing - TDX
GNU General Public License v3.0
99 stars 40 forks source link

Customize TDX host and TD guest kernel #124

Closed Icegrave0391 closed 5 months ago

Icegrave0391 commented 5 months ago

Hi, I would like to ask some questions about host/guest kernel customization.

  1. Host kernel/KVM

From the noble-24.04 branch, the host OS is Ubuntu 24.04.

4.1 Install Ubuntu 24.04 Server Image Download and install Ubuntu 24.04 server on the host machine.

In this case, can I update the host kernel with my customized KVM? Which kernel source code should I work on, and what should be the host OS .config?

From the Release 2.0:

The host kernel, known as -intel, is based on 6.8 with the TDX v19 KVM patchset. Source link.

It seems that I can work on the kernel source from the intel 6.8 link? What should be the host kernel configurations?

  1. Guest TD kernel

For the Create TD Image, it is described as:

In this section, you will create an Ubuntu 24.04-based TD image from scratch or convert an existing VM image into a TD image. This can be performed on any Ubuntu 22.04 or newer system - an Intel TDX-specific environment is not required.

In this case, instead of using the default ubuntu-24.04-server-cloudimg-amd64.img, can I use a Ubuntu 22.04 image? Moreover, after creating the .qcow2 disk, can I arbitrarily update the TD guest kernel by compiling my own version (e.g., linux 6.6)?

syncronize-issues-to-jira[bot] commented 5 months ago

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-681.

This message was autogenerated

hector-cao commented 5 months ago

Hello, for the host kernel customization, you can read : https://github.com/canonical/tdx/issues/113 For the guest, the image should not be a problem itself, the kernel is important, so if you use a 22.04 image with an appropriate kernel, it should be ok.

Icegrave0391 commented 5 months ago

Hello, for the host kernel customization, you can read : #113 For the guest, the image should not be a problem itself, the kernel is important, so if you use a 22.04 image with an appropriate kernel, it should be ok.

Thanks for the reply @hector-cao ! For the guest kernel, is there any specific .config I should follow? I tried to use Linux 6.6.0 (even with Ubuntu 24.04), and here are the TDX-related configs:

CONFIG_X86_X2APIC=y
CONFIG_INTEL_TDX_GUEST=y
CONFIG_TDX_GUEST_DRIVER=y
CONFIG_SGX=y

However, after executing run-td.sh, my host cannot ssh into the guest (it seems that the boot procedure hangs). In this case, is there any specific kernel config I should enable, or is there any way to diagnose the problem?

hector-cao commented 5 months ago

First thing you can do is to use the tdvirsh tool to run a normal VM with your image to check if the image boot fine

cd guest-tools
XML_TEMPLATE=$PWD/regular_vm.xml.template TD_IMG=<path_to_your_image> ./tdvirsh new
hector-cao commented 5 months ago

For the guest kernel config, it depends on the kernel version but for 6.6, this config should be enough:

CONFIG_INTEL_TDX_GUEST=y
CONFIG_TDX_GUEST_DRIVER=y
Icegrave0391 commented 5 months ago

Thanks for your suggestions. I resolved the problem :)