How to get appropriate QEMU fit for gramine-tdx?

[Boo-seon-woong]

#14
/usr/bin/qemu-system-x86_64 -no-reboot -name debug-threads=on -enable-kvm -smp 1,sockets=1 -object tdx-guest,id=tdx -machine q35,accel=kvm,kernel_irqchip=split,confidential-guest-support=tdx -no-hpet -cpu host,host-phys-bits,+invtsc -m 2G -nographic -vga none -bios target/release/final-elf.bin

I've already checked those build instruction in that link and at the last commandline I realized that it require QEMU which support the tdx. I tried to find QEMU version which could fit for tdx project but couldn't find it. Maybe it is just my confusion but the newest QEMU master branch and 10.1 version was unable to launch TDX VM. So, could you let me know which version of QEMU did you use for this project and how do I able to get it? Thank you for reading.

[forkthus]

Hi! For Gramine-TDX you typically need a TDX-enabled QEMU build. The easiest way is to follow Canonical’s host setup guide and run the helper script, which installs QEMU, libvirt, and OVMF from the TDX Release PPA. You can check this script for more detail.

[LuaBerry]

QEMU 10.1 do have TDX support if you have linux kernel 6.16 or newer. The issue is current gramine-tdx uses td-shim to load gramine PAL into TD, which is not yet supported by QEMU 10.1. QEMU 10.1 requires TDVF (OVMF for TD) to start TD.

So if you want to use gramine-tdx, I'd recommend to use qemu 8.2.2 (with tdx.1.1) and linux 6.8.0-1028-intel.