> -----Original Message----- > From: Pavel Hrdina <phrdina@xxxxxxxxxx> > Sent: Wednesday, July 7, 2021 5:48 PM > To: Huang, Haibin <haibin.huang@xxxxxxxxx> > Cc: libvir-list@xxxxxxxxxx; Ding, Jian-feng <jian-feng.ding@xxxxxxxxx>; Yang, > Lin A <lin.a.yang@xxxxxxxxx>; Lu, Lianhao <lianhao.lu@xxxxxxxxx> > Subject: Re: [PATCH v4 0/4] Support query and use SGX > > On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote: > > This patch series provides support for enabling Intel's Software Guard > Extensions (SGX) feature in guest VM. > > > > Giving the SGX support in QEMU is still pending for reviewing, this > > patch series is not submmited for code review, but only describe the > > SGX enabling solution design that contains changes to > virConnectGetDomainCapabilities API response and domain definition. All > comments/suggestions would be highly appreciated. > > > > Intel Software Guard Extensions (Intel® SGX) is a set of instructions > > that increases the security of application code and data, giving them > > more protection from disclosure or modification. Developers can partition > sensitive information into enclaves, which are areas of execution in memory > with more security protection. > > > > The typical flow looks below at very high level: > > > > 1. Calls virConnectGetDomainCapabilities API to domain capabilities that > includes the following SGX information. > > > > <feature> > > ... > > <sgx supported='yes'> > > <epc_size unit=’KiB’>N</epc_size> > > </sgx> > > </feature> > > > > 2. User requests to start a guest calling virCreateXML() with SGX requirement. > > It should contain > > > > <launchSecurity type='sgx'> > > <epc_size unit='KiB'>N</epc_size> > > </launchSecurity> > > I don't think that Intel SGX belongs into <launchSecurity> in libvirt. > Similar feature to AMD SEV is Intel TDX which would be implement using > <launchSecurity> as it offers isolation between host and VM. > > Looking at the patches this doesn't even use confidential-guest-support machine > option, it adds a new memory backend and enables CPU features only if libvirt > uses <cpu mode='custom'> so it would not work with any other CPU mode. > > To me this sounds like we should split the feature into two components where > one would add support for the new memory backend into correct XML part [1] > and the other component would be support for CPU features related to Intel > SGX [2]. [Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2]. Do we need to add new element in memory backend for SGX EPC memory? > > Pavel > > [1] <https://libvirt.org/formatdomain.html#memory-backing> > [2] <https://libvirt.org/formatdomain.html#cpu-model-and-topology> > > > Haibin Huang (1): > > Support to query SGX capability > > > > Lin Yang (3): > > conf: Introduce SGX related element into domain xml > > qemu: Add command-line to generate SGX EPC memory backend > > qemu: Add command-line to enable SGX > > > > src/conf/domain_capabilities.c | 29 ++++ > > src/conf/domain_capabilities.h | 13 ++ > > src/conf/domain_conf.c | 106 +++++++++---- > > src/conf/domain_conf.h | 10 ++ > > src/conf/virconftypes.h | 3 + > > src/libvirt_private.syms | 2 +- > > src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ > > src/qemu/qemu_capabilities.h | 6 + > > src/qemu/qemu_command.c | 30 ++++ > > src/qemu/qemu_monitor.c | 10 ++ > > src/qemu/qemu_monitor.h | 3 + > > src/qemu/qemu_monitor_json.c | 91 +++++++++++ > > src/qemu/qemu_monitor_json.h | 3 + > > tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + > > tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + > > tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + > > tests/domaincapsdata/empty.xml | 1 + > > tests/domaincapsdata/libxl-xenfv.xml | 1 + > > tests/domaincapsdata/libxl-xenpv.xml | 1 + > > .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + > > .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + > > .../qemu_2.10.0-virt.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + > > .../qemu_2.12.0-virt.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + > > .../qemu_2.6.0-virt.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + > > .../qemu_4.0.0-virt.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + > > .../qemu_4.2.0-virt.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + > > tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + > > .../qemu_5.0.0-virt.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + > > tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + > > tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + > > .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + > > .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + > > tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + > > 109 files changed, 519 insertions(+), 29 deletions(-) > > > > -- > > 2.17.1 > >
