New: add Intel TDX (Trust Domain eXtension) tests

[hector-cao]

Description

Since Ubuntu Questing 25.10, we have the support out of the box for Intel Confidential Computing solution
(Intel TDX - Trust Domain eXtension)

This PR adds tests for Intel TDX in Questing 25.10

Resolved issues

N/A

Documentation

https://github.com/canonical/tdx/tree/ubuntu-25.10

Tests

To be able to run these tests, you would need a hardware that supports Intel TDX

I run these tests and all the test pass with following output:

=========================[ Running Selected Test Plan ]=========================
==============[ Running job 1 / 5. Estimated time left: 0:00:09 ]===============
-----------------------------[ Hardware Manifest ]------------------------------
ID: com.canonical.plainbox::manifest
Category: com.canonical.plainbox::info
... 8< -------------------------------------------------------------------------
$PROVIDERPATH is defined, so following provider sources are ignored ['/usr/local/share/plainbox-providers-1', '/usr/share/plainbox-providers-1', '/root/.local/share/plainbox-providers-1', '/var/tmp/checkbox-providers-develop']
ns: com.canonical.certification
name: checkbox-provider-base
has_audio_playback: False
has_audio_capture: False
has_audio_loopback_connector: False
has_line_out: False
has_line_in: False
has_headset: False
has_internal_speakers: False
has_internal_microphone: False
has_bt_adapter: False
has_bt_smart: False
has_bt_obex_support: False
has_rpi_camera: False
has_camera: False
has_led_camera: False
has_md_raid: False
has_fde: False
has_dock_ethernet_adapter: False
has_dock_headset: False
has_dock_thunderbolt3: False
has_dock_usbc_data: False
has_dock_usbc_video: False
has_eeprom: False
has_ethernet_adapter: False
has_ethernet_wake_on_lan_support: False
_ignore_disconnected_ethernet_interfaces: False
has_fingerprint_reader: False
gpio_loopback: False
has_hdmi: False
has_dp: False
has_vga: False
has_dvi: False
has_i2c: False
_dangerous_grade_core_image: False
has_intel_tdx: True
has_ishtp: False
has_eclite: False
has_key_battery_info: False
has_key_brightness: False
has_key_fn_lock: False
has_key_hibernate: False
has_key_keyboard_backlight: False
has_key_keyboard_overhead_light: False
has_key_lock_screen: False
has_key_media_control: False
has_key_microphone_mute: False
has_key_audio_mute: False
has_key_sleep: False
has_key_super: False
has_key_touchpad: False
has_key_video_out: False
has_key_volume: False
has_key_wireless: False
has_led_gpio_sysfs: False
has_led_power: False
has_led_suspend: False
has_led_caps_lock: False
has_led_touchpad: False
has_led_wireless: False
has_led_audio_mute: False
has_led_microphone_mute: False
has_led_serial: False
has_led_fn_lock: False
has_led_numeric_keypad: False
has_card_reader: False
has_mei: False
has_secure_boot: False
has_sriov: False
has_muxpi_hdmi: False
has_airplane_mode: False
has_dvd_bluray_inserted: False
has_amd_pmf: False
has_dc_mode: False
has_qep: False
need_kernel_snap_update_test: False
need_snapd_snap_update_test: False
need_gadget_snap_update_test: False
socket_can_echo_server_running: False
has_socket_can_fd: False
has_thunderbolt: False
has_thunderbolt3: False
has_touchpad: False
has_touchscreen: False
has_tpm_chip: False
has_usb_dwc3_controller: False
has_usbc_data: False
has_usbc_video: False
has_usb_storage: False
has_usbc_otg: False
has_va_api: False
has_hardware_watchdog: False
has_wlan_adapter: False
has_wwan_module: False
has_sim_card: False

ns: com.canonical.certification
name: checkbox-provider-resource

------------------------------------------------------------------------- >8 ---
Outcome: job passed
==============[ Running job 2 / 5. Estimated time left: 0:00:08 ]===============
-----------------------------[ Check Host support ]-----------------------------
ID: com.canonical.certification::intel-tdx-common/host_hardware
Category: com.canonical.certification::intel-tdx
... 8< -------------------------------------------------------------------------
------------------------------------------------------------------------- >8 ---
Outcome: job passed
==============[ Running job 3 / 5. Estimated time left: 0:00:06 ]===============
------------------------[ Check kernel support on Host ]------------------------
ID: com.canonical.certification::intel-tdx-common/host_kernel
Category: com.canonical.certification::intel-tdx
... 8< -------------------------------------------------------------------------
Y
Y
------------------------------------------------------------------------- >8 ---
Outcome: job passed
==============[ Running job 4 / 5. Estimated time left: 0:00:04 ]===============
---------------------------[ Check Host CPU support ]---------------------------
ID: com.canonical.certification::intel-tdx-common/host_cpu
Category: com.canonical.certification::intel-tdx
... 8< -------------------------------------------------------------------------
------------------------------------------------------------------------- >8 ---
Outcome: job passed
==============[ Running job 5 / 5. Estimated time left: 0:00:02 ]===============
--------------------------[ Boot an Intel TDX Guest ]---------------------------
ID: com.canonical.certification::intel-tdx-common/boot_guest
Category: com.canonical.certification::intel-tdx
... 8< -------------------------------------------------------------------------

QemuMachine created.
qemu-system-x86_64 -cpu host -smp 16,sockets=1 -accel kvm -nographic -nodefaults -no-user-config -m 2G -bios /usr/share/ovmf/OVMF.fd -chardev file,id=c1,path=/tmp/tdxtest-default-5g628fou/serial.log,signal=off -device isa-serial,chardev=c1 -object {'qom-type': 'tdx-guest', 'id': 'tdx'} -machine q35,kernel_irqchip=split,confidential-guest-support=tdx -drive file=/tmp/tdxtest-default-5g628fou/image.qcow2,if=none,id=virtio-disk0 -device virtio-blk-pci,drive=virtio-disk0 -pidfile /tmp/tdxtest-default-5g628fou/qemu.pid -monitor unix:/tmp/tdxtest-default-5g628fou/monitor.sock,server,nowait -qmp unix:/tmp/tdxtest-default-5g628fou/qmp.sock,server=on,wait=off -device virtio-net-pci,netdev=nic0_td -netdev user,id=nic0_td,hostfwd=tcp::45375-:22 -D /tmp/tdxtest-default-5g628fou/qemu-log.txt
Try to connect to qemu : /tmp/tdxtest-default-5g628fou/monitor.sock
Exception [Errno 2] No such file or directory
Try to connect to qemu : /tmp/tdxtest-default-5g628fou/monitor.sock
Connected : /tmp/tdxtest-default-5g628fou/monitor.sock, wait for prompt.
Exception timed out
Try to connect to qemu : /tmp/tdxtest-default-5g628fou/monitor.sock
Connected : /tmp/tdxtest-default-5g628fou/monitor.sock, wait for prompt.
Exception timed out
[QEMU>>] system_powerdown
Exception timed out
[QEMU<<] system_powerdown

[QEMU<<]
Exception Command '['qemu-system-x86_64', '-cpu', 'host', '-smp', '16,sockets=1', '-accel', 'kvm', '-nographic', '-nodefaults', '-no-user-config', '-m', '2G', '-bios', '/usr/share/ovmf/OVMF.fd', '-chardev', 'file,id=c1,path=/tmp/tdxtest-default-5g628fou/serial.log,signal=off', '-device', 'isa-serial,chardev=c1', '-object', "{'qom-type': 'tdx-guest', 'id': 'tdx'}", '-machine', 'q35,kernel_irqchip=split,confidential-guest-support=tdx', '-drive', 'file=/tmp/tdxtest-default-5g628fou/image.qcow2,if=none,id=virtio-disk0', '-device', 'virtio-blk-pci,drive=virtio-disk0', '-pidfile', '/tmp/tdxtest-default-5g628fou/qemu.pid', '-monitor', 'unix:/tmp/tdxtest-default-5g628fou/monitor.sock,server,nowait', '-qmp', 'unix:/tmp/tdxtest-default-5g628fou/qmp.sock,server=on,wait=off', '-device', 'virtio-net-pci,netdev=nic0_td', '-netdev', 'user,id=nic0_td,hostfwd=tcp::45375-:22', '-D', '/tmp/tdxtest-default-5g628fou/qemu-log.txt']' timed out after 60 seconds
Qemu process did not shutdown properly, terminate it ... (/tmp/tdxtest-default-5g628fou)
------------------------------------------------------------------------- >8 ---
Outcome: job passed
Finalizing session that hasn't been submitted anywhere: checkbox-run-2025-10-24T11.46.53
==================================[ Results ]===================================
☑ : Hardware Manifest
☑ : Check Host support
☑ : Check kernel support on Host
☑ : Check Host CPU support
☑ : Boot an Intel TDX Guest

[codecov]

Codecov Report

❌ Patch coverage is 0% with 430 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.02%. Comparing base (5f08d3c) to head (d6ae8cd).
⚠️ Report is 43 commits behind head on main.

Files with missing lines	Patch %	Lines
providers/base/bin/cc_tdx_test.py	0.00%	430 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2175      +/-   ##
==========================================
- Coverage   52.24%   52.02%   -0.22%     
==========================================
  Files         391      395       +4     
  Lines       41966    42683     +717     
  Branches     7774     7866      +92     
==========================================
+ Hits        21924    22206     +282     
- Misses      19266    19698     +432     
- Partials      776      779       +3     

Flag	Coverage Δ
provider-base	28.57% <0.00%> (+0.48%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mreed8855]

Hi Hector,

I see a couple things that need fixing.

• A unit test will be needed for providers/base/bin/cc_tdx_test.py
• check the black formatting
• I listed some of the f-strings that will cause one of the checks to break but there are several more.
• Overall the code is well structured and easy to follow.
• Are any results submitted to C3? I am mostly curious here as we probably do not have any systems in C3 that are TDX capable.