Signed-off-by: Haibin Huang <haibin.huang@xxxxxxxxx> --- docs/formatdomain.rst | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 218f0c1718..d7319133ac 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -7377,7 +7377,7 @@ Note: DEA/TDEA is synonymous with DES/TDES. Launch Security --------------- - +The Security includes sev and sgx. The contents of the ``<launchSecurity type='sev'>`` element is used to provide the guest owners input used for creating an encrypted VM using the AMD SEV feature (Secure Encrypted Virtualization). SEV is an extension to the AMD-V @@ -7448,6 +7448,32 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf>`__ session blob defined in the SEV API spec. See SEV spec LAUNCH_START section for the session blob format. +The contents of the ``<launchSecurity type='sgx'>`` element is used to provide +the guest owners input used for creating an encrypted VM using the INTEL SGX +feature (Software Guard Extensions). Intel SGX is a technology that was developed +to meet the needs of the Trusted Computing industry. It allows user-land code +to create private memory regions, called enclaves, that are isolated from other +process running at the same or higher privilege levels. The code running inside +an enclave is effectively isolated from other applications, the operating system, +the hyper-visor, et cetera. For more information see the `SGX +developer Guide <https://software.intel.com/content/www/us/en/develop/documentation/sgx-developer-guide/top.html>`__ + +:: + + <domain> + ... + <launchSecurity type='sgx'> + <epc_size unit='KiB'>1024</epc_size> + </launchSecurity> + ... + </domain> + +``epc_size`` + The required ``epc_size`` element are limited developers should endeavor to + keep their applications small.enclave size. The value of ``epc_size`` is + hypervisor dependent and can be obtained through the ``sgx`` element from + the domain capabilities. + :anchor:`<a id="examples"/>` Example configs -- 2.17.1
