Create TD with NVIDIA failed #413
Description
Describe the bug
I run create-td-image.sh, the output looks good, the image build looks also good, but the /tmp/tdx-guest-setup.txt seems wrong, and the network and username is also not set up.
SUCCESS: TDX guest image : /home/tdx/tdx-guest-ubuntu-24.04-generic.qcow2
Starting install...
Creating domain... | 0 B 00:00
[Wed, 12 Nov 2025 12:38:24 virt-install 3407927] DEBUG (cli:384) Running: virsh --connect qemu:///system console tdx-config-cloud-init
[Wed, 12 Nov 2025 12:38:24 virt-install 3407927] DEBUG (cli:266) Running text console command: virsh --connect qemu:///system console tdx-config-cloud-init
Connected to domain 'tdx-config-cloud-init'
Escape character is ^] (Ctrl + ])
[Wed, 12 Nov 2025 12:38:26 virt-install 3407927] DEBUG (cli:266) Domain creation completed.
[Wed, 12 Nov 2025 12:38:26 virt-install 3407927] DEBUG (cli:266) You can restart your domain by running:
virsh --connect qemu:///system start tdx-config-cloud-init
Running text console command: virsh --connect qemu:///system console tdx-config-cloud-init
Domain creation completed.
You can restart your domain by running:
virsh --connect qemu:///system start tdx-config-cloud-init
TD started by QEMU with PID: 3403004.
To log in with the non-root user (default: tdx / password: 123456), as specified in setup-tdx-config, use:
$ ssh -p 10022 <username>@localhost
To log in as root (default password: 123456), use:
$ ssh -p 10022 root@localhost
But the ssh stucks, it seems the username and password are not set. And from the above logs, we can see the setup-guest.sh is not fully executed. So it fails to setup some configs.
To Reproduce
Steps to reproduce the behavior:
sudo TDX_SETUP_NVIDIA_H100=1 ./guest-tools/image/create-td-image.sh -v 24.04 -s 512
Expected behavior
A clear and concise description of what you expected to happen.
I think it is good if I can reproduce the setup-guest.sh, but I don't know how.
System report
Please run the system-report.sh script (located in the root directory of this repo) on your host system and copy the output below.
If you are running this for reporting an issue on GitHub,
copy all output between the markers below.
<======== COPY BELOW HERE ========>
### Git ref
### Operating system details
Distributor ID: Ubuntu
Description: Ubuntu 24.04.3 LTS
Release: 24.04
Codename: noble
### Kernel version
6.13.0-rc2-tdxvfio #1 SMP PREEMPT_DYNAMIC Sat Jan 25 06:35:55 UTC 2025 x86_64 x86_64 GNU/Linux
### TDX kernel logs
[ 0.000000] Linux version 6.13.0-rc2-tdxvfio (phalaadmin@s-gpu08-208) (gcc (Ubuntu 13.3.0-6ubuntu224.04) 13.3.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #1 SMP PREEMPT_DYNAMIC Sat Jan 25 06:35:55 UTC 202524.04) 13.3.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #1 SMP PREEMPT_DYNAMIC Sat Jan 25 06:35:55 UTC 2025
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.13.0-rc2-tdxvfio root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on nohibernate intel_iommu=on video=efifb:off vfio_iommu_type1.dma_entry_limit=1048576 vfio-pci.ids=10de:2335,10de:22a3 kvm_intel.tdx=1 default_hugepagesz=1G hugepagesz=1G hugepages=10
[ 5.097322] Kernel command line: BOOT_IMAGE=/vmlinuz-6.13.0-rc2-tdxvfio root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on nohibernate intel_iommu=on video=efifb:off vfio_iommu_type1.dma_entry_limit=1048576 vfio-pci.ids=10de:2335,10de:22a3 kvm_intel.tdx=1 default_hugepagesz=1G hugepagesz=1G hugepages=10
[ 5.097544] Unknown kernel command line parameters "BOOT_IMAGE=/vmlinuz-6.13.0-rc2-tdxvfio", will be passed to user space.
[ 10.115303] virt/tdx: BIOS enabled: private KeyID range [64, 128)
[ 10.115307] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
[ 25.480009] virt/tdx: SEAMCALL (0x00000000000000fe) failed: 0xc000050500000000
[ 25.480298] virt/tdx: module version: 1.5.06.00.0744 (build_date 20240407).
[ 31.765358] virt/tdx: 8405028 KB allocated for PAMT
[ 31.765366] virt/tdx: module initialized
...
[ 0.000000] Linux version 6.13.0-rc2-tdxvfio (phalaadmin@s-gpu08-208) (gcc (Ubuntu 13.3.0-6ubuntu2
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.13.0-rc2-tdxvfio root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on nohibernate intel_iommu=on video=efifb:off vfio_iommu_type1.dma_entry_limit=1048576 vfio-pci.ids=10de:2335,10de:22a3 kvm_intel.tdx=1 default_hugepagesz=1G hugepagesz=1G hugepages=10
[ 5.097322] Kernel command line: BOOT_IMAGE=/vmlinuz-6.13.0-rc2-tdxvfio root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on nohibernate intel_iommu=on video=efifb:off vfio_iommu_type1.dma_entry_limit=1048576 vfio-pci.ids=10de:2335,10de:22a3 kvm_intel.tdx=1 default_hugepagesz=1G hugepagesz=1G hugepages=10
[ 5.097544] Unknown kernel command line parameters "BOOT_IMAGE=/vmlinuz-6.13.0-rc2-tdxvfio", will be passed to user space.
[ 10.115303] virt/tdx: BIOS enabled: private KeyID range [64, 128)
[ 10.115307] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
[ 25.480009] virt/tdx: SEAMCALL (0x00000000000000fe) failed: 0xc000050500000000
[ 25.480298] virt/tdx: module version: 1.5.06.00.0744 (build_date 20240407).
[ 31.765358] virt/tdx: 8405028 KB allocated for PAMT
[ 31.765366] virt/tdx: module initialized
[ 32.135404] usb usb1: Manufacturer: Linux 6.13.0-rc2-tdxvfio xhci-hcd
[ 32.138353] usb usb2: Manufacturer: Linux 6.13.0-rc2-tdxvfio xhci-hcd
[ 32.758541] BOOT_IMAGE=/vmlinuz-6.13.0-rc2-tdxvfio
[3668234.765063] CPU: 27 UID: 1004 PID: 6627 Comm: tmux: server Not tainted 6.13.0-rc2-tdxvfio #1
[10156051.884980] CPU: 174 UID: 0 PID: 3168995 Comm: qemu-system-x86 Tainted: G W 6.13.0-rc2-tdxvfio #1
[10156051.885220] ? tdx_vcpu_load+0x1b/0xe0
[10156051.885282] tdx_handle_exit+0x69e/0xd90
### TDX CPU instruction support
CPU supports TDX according to /proc/cpuinfo
### Model specific registers (MSRs)
MK_TME_ENABLED bit: 1 (expected value: 1)
SEAM_RR bit: 1 (expected value: 1)
NUM_TDX_PRIV_KEYS: 40
SGX_AND_MCHECK_STATUS: 0 (expected value: 0)
Production platform: Production (expected value: Production)
### CPU details
INTEL(R) XEON(R) PLATINUM 8558
### QEMU package details
Status: Installed
Package: qemu-system-x86
Version: 2:8.2.2+ds-0ubuntu1.4+tdx1.1
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages
### Libvirt package details
Status: Installed
Package: libvirt-clients
Version: 10.0.0-2ubuntu8.3+tdx1.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages
### OVMF package details
Status: Installed
Package: ovmf
Version: 2024.02-3+tdx1.0
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages
### sgx-dcap-pccs package details
Status: Installed
Package: sgx-dcap-pccs
Version: 1.21-0ubuntu1
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages
### tdx-qgs package details
Status: Installed
Package: tdx-qgs
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages
### sgx-ra-service package details
Status: Installed
Package: sgx-ra-service
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages
Description: Intel(R) Software Guard Extensions Multi-Package Registration Agent Service
### sgx-pck-id-retrieval-tool package details
Status: Installed
Package: sgx-pck-id-retrieval-tool
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages
### QGSD service status
● qgsd.service - Intel(R) TD Quoting Generation Service
Loaded: loaded (/usr/lib/systemd/system/qgsd.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-09-05 13:35:12 UTC; 2 months 7 days ago
Main PID: 1196352 (qgs)
Tasks: 5 (limit: 629145)
Memory: 10.6M (peak: 13.9M swap: 1.2M swap peak: 1.2M)
CPU: 1min 2.669s
CGroup: /system.slice/qgsd.service
└─1196352 /usr/bin/qgs
### PCCS service status
● pccs.service - Provisioning Certificate Caching Service (PCCS)
Loaded: loaded (/usr/lib/systemd/system/pccs.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-07-16 03:47:49 UTC; 3 months 28 days ago
Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
Main PID: 3340 (node)
Tasks: 15 (limit: 629145)
Memory: 127.8M (peak: 130.8M)
CPU: 2min 50.709s
CGroup: /system.slice/pccs.service
└─3340 /usr/bin/node /opt/intel/sgx-dcap-pccs/pccs_server.js
Warning: some journal files were not opened due to insufficient permissions.
### MPA registration logs (last 30 lines)
[16-07-2025 02:42:54] INFO: SGX Registration Agent version: 1.21.100.3
[16-07-2025 02:42:54] INFO: Starts Registration Agent Flow.
[16-07-2025 02:42:54] INFO: SGX MP Server configuration flag indicates that Registration Server won't save encrypted platform keys.
[16-07-2025 02:42:54] INFO: Platform registration request (PLATFORM_MANIFEST) won't be send to Registration Server.
[16-07-2025 02:42:54] INFO: Please use management tool or PCKCertIDRetrievalTool to read PLATFORM_MANIFEST.
[16-07-2025 02:42:54] INFO: Finished Registration Agent Flow.
[16-07-2025 03:49:48] INFO: SGX Registration Agent version: 1.21.100.3
[16-07-2025 03:49:48] INFO: Starts Registration Agent Flow.
[16-07-2025 03:49:48] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[16-07-2025 03:49:48] INFO: Finished Registration Agent Flow.
<======== COPY ABOVE HERE ========>