[PATCH v5 4/6] Add guest use sgx document

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Haibin Huang <haibin.huang@xxxxxxxxx>
---
 docs/formatdomain.rst | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 218f0c1718..d7319133ac 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -7377,7 +7377,7 @@ Note: DEA/TDEA is synonymous with DES/TDES.
 
 Launch Security
 ---------------
-
+The Security includes sev and sgx.
 The contents of the ``<launchSecurity type='sev'>`` element is used to provide
 the guest owners input used for creating an encrypted VM using the AMD SEV
 feature (Secure Encrypted Virtualization). SEV is an extension to the AMD-V
@@ -7448,6 +7448,32 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf>`__
    session blob defined in the SEV API spec. See SEV spec LAUNCH_START section
    for the session blob format.
 
+The contents of the ``<launchSecurity type='sgx'>`` element is used to provide
+the guest owners input used for creating an encrypted VM using the INTEL SGX
+feature (Software Guard Extensions). Intel SGX is a technology that was developed
+to meet the needs of the Trusted Computing industry. It allows user-land code
+to create private memory regions, called enclaves, that are isolated from other
+process running at the same or higher privilege levels. The code running inside
+an enclave is effectively isolated from other applications, the operating system,
+the hyper-visor, et cetera. For more information see the `SGX
+developer Guide <https://software.intel.com/content/www/us/en/develop/documentation/sgx-developer-guide/top.html>`__
+
+::
+
+   <domain>
+     ...
+     <launchSecurity type='sgx'>
+       <epc_size unit='KiB'>1024</epc_size>
+     </launchSecurity>
+     ...
+   </domain>
+
+``epc_size``
+ The required ``epc_size`` element are limited developers should endeavor to
+ keep their applications small.enclave size. The value of ``epc_size`` is
+ hypervisor dependent and can be obtained through the ``sgx`` element from
+ the domain capabilities.
+
 :anchor:`<a id="examples"/>`
 
 Example configs
-- 
2.17.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux