kvm: vm-type tdx not supported by KVM
phelanmi opened this issue · comments
Hi,
I am trying to setup my FCP EMR server with TDX enabled and a Ubuntu 23.10 OS.
I have ran the setup script from this repo and enabled TDX settings in the BIOS. I have also generated a guest image using the script provided however when I try to use the script to boot the VM through libvirt or qemu I get the error "kvm: vm-type tdx not supported by KVM".
The output of dmesg | grep -i tdx is:
[ 1.387218] tdx: BIOS enabled: private KeyID range [32, 64)
[ 10.348460] tdx: not enabled by BIOS.
The output of qemu-system-x86_64 -version is:
QEMU emulator version 8.0.4 (Debian 1:8.0.4+dfsg-1ubuntu3+tdx1.0)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers
Could you please provide some help with this?
Hello, from the dmesg output, i think that you have a problem enabling tdx in the BIOS, can you double check the BIOS configuration ?
Hi,
BIOS settings are as follows:
o Socket Configuration->Processor Configuration->Memory Encryption (TME)->Enabled
o Socket Configuration->Processor Configuration->Total Memory Encryption (TME) Bypass->Disabled
o Socket Configuration->Processor Configuration->Total Memory Encryption Multi-Tenant(TME-MT)->Enabled
o Socket Configuration->Processor Configuration->Trust Domain Extension (TDX)->Enable
o Socket Configuration->Processor Configuration->TDX Secure Arbitration Mode Loader (SEAM Loader)->Enabled
o Socket Configuration->Processor Configuration->SW Guard Extensions (SGX)->Enabled
o Socket Configuration->Processor Configuration->SGX PRM Size->whatever size needed
When I check the command sudo rdmsr 0xa0 to check for SGX enablement I get output 1381 instead of the expected output which is 0.
Do you know what might cause this?
Are you using a non-production board? and have never enabled TDX, right? Some HW setting is not correct, you may need to consult your vendor.
@phelanmi Hello, do you have any update of your problem, please be aware that we released TDX for Ubuntu 24.04, the latest LTS Ubuntu release
Thank you for reporting us your feedback!
The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-664.
This message was autogenerated
Same errors occur when trying to create a TD VM, steps as follows:
./run_td.sh
Error: Failed to create TD VM. Please check logfile "/tmp/tdx-guest-td.log" for more information.
more /tmp/tdx-guest-td.log
qemu-system-x86_64: -accel kvm: vm-type tdx not supported by KVM
qemu-system-x86_64 --version
QEMU emulator version 8.2.1 (Debian 1:8.2.1+ds-1ubuntu9~tdx1.202404092149~ubuntu24.04.1)
Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers
test@test:~$ cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
test@test:~$ uname -a
Linux test 6.8.0-1004-intel #11-Ubuntu SMP PREEMPT_DYNAMIC Thu May 9 00:47:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
test@test:~$ sudo dmesg|grep tdx
[sudo] password for test:
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.8.0-1004-intel root=UUID=f75ae682-553d-4804-a991-1c046529b132 ro kvm_intel.tdx=1 nohibernate
[ 4.670663] Kernel command line: BOOT_IMAGE=/vmlinuz-6.8.0-1004-intel root=UUID=f75ae682-553d-4804-a991-1c046529b132 ro kvm_intel.tdx=1 nohibernate
[ 8.963897] virt/tdx: BIOS enabled: private KeyID range [32, 64)
[ 8.963901] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
test@test:~$
