On Tue, Jul 20, 2021 at 10:47:27AM +0200, Pavel Hrdina wrote:
> On Fri, Jul 16, 2021 at 12:58:19AM +0000, Huang, Haibin wrote:
> >
> > > -----Original Message-----
> > > From: Pavel Hrdina <phrdina@xxxxxxxxxx>
> > > Sent: Wednesday, July 7, 2021 5:48 PM
> > > To: Huang, Haibin <haibin.huang@xxxxxxxxx>
> > > Cc: libvir-list@xxxxxxxxxx; Ding, Jian-feng <jian-feng.ding@xxxxxxxxx>; Yang,
> > > Lin A <lin.a.yang@xxxxxxxxx>; Lu, Lianhao <lianhao.lu@xxxxxxxxx>
> > > Subject: Re: [PATCH v4 0/4] Support query and use SGX
> > >
> > > On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
> > > > This patch series provides support for enabling Intel's Software Guard
> > > Extensions (SGX) feature in guest VM.
> > > >
> > > > Giving the SGX support in QEMU is still pending for reviewing, this
> > > > patch series is not submmited for code review, but only describe the
> > > > SGX enabling solution design that contains changes to
> > > virConnectGetDomainCapabilities API response and domain definition. All
> > > comments/suggestions would be highly appreciated.
> > > >
> > > > Intel Software Guard Extensions (Intel® SGX) is a set of instructions
> > > > that increases the security of application code and data, giving them
> > > > more protection from disclosure or modification. Developers can partition
> > > sensitive information into enclaves, which are areas of execution in memory
> > > with more security protection.
> > > >
> > > > The typical flow looks below at very high level:
> > > >
> > > > 1. Calls virConnectGetDomainCapabilities API to domain capabilities that
> > > includes the following SGX information.
> > > >
> > > > <feature>
> > > > ...
> > > > <sgx supported='yes'>
> > > > <epc_size unit=’KiB’>N</epc_size>
> > > > </sgx>
> > > > </feature>
> > > >
> > > > 2. User requests to start a guest calling virCreateXML() with SGX requirement.
> > > > It should contain
> > > >
> > > > <launchSecurity type='sgx'>
> > > > <epc_size unit='KiB'>N</epc_size>
> > > > </launchSecurity>
> > >
> > > I don't think that Intel SGX belongs into <launchSecurity> in libvirt.
> > > Similar feature to AMD SEV is Intel TDX which would be implement using
> > > <launchSecurity> as it offers isolation between host and VM.
> > >
> > > Looking at the patches this doesn't even use confidential-guest-support machine
> > > option, it adds a new memory backend and enables CPU features only if libvirt
> > > uses <cpu mode='custom'> so it would not work with any other CPU mode.
> > >
> > > To me this sounds like we should split the feature into two components where
> > > one would add support for the new memory backend into correct XML part [1]
> > > and the other component would be support for CPU features related to Intel
> > > SGX [2].
> >
> > [Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2].
> > Do we need to add new element in memory backend for SGX EPC memory?
>
> Correct, reading QEMU and kernel patches to enable this feature in
> libvirt user will need to configure SGX EPC memory backend manually.
> However, we will not be able to reuse <memoryBacking> element in the VM
> XML without a lot of modification to the current code. Mainly, there can
> be mupltiple SGX EPC memory sections and each can have different size.
> Current code allows only single <memoryBacking> file and it is closely
> tied with VM RAM.
>
> To express SGX EPC in VM XML we will need new element, for example we
> can use <memory> device:
>
> <devices>
> ...
> <memory model='sgx-epc'>
> <target>
> <size unit='MiB'>64</size>
> <node>0</node>
> </target>
> </memory>
> ...
> </devices>
>
> but this would require to modify the current <memory> code as the
> 'sgx-epc' would be a special case where we would not use '-device'
> option because we need to add it to '-machine' parameter.
Where are you seeing the -machine params ? In the patch 2 here
it uses standalone parameters:
-object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \
-sgx-epc id=epc1,memdev=mem1
which makes sense given you say that multiple SGX regions can
be defined.
> Another option is to create completely new element, similar to
> <launchSecurity> outside of <devices> element. I'm not sure about the
> naming of the new element, one thing that comes to my mind is
> <memoryRegion> with type='sgx-epc'.
I think adding a <memoryRegion> outside <devices> feels a little
odd given that this parameter is defining new RAM blocks and we
already have <memory> inside <devices>. I'd be more inclined towards
the latter
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
