Really appreciate if anyone can give comments/opinions on this patch. Thank you in advance. > -----Original Message----- > From: Huang, Haibin <haibin.huang@xxxxxxxxx> > Sent: Wednesday, September 8, 2021 9:16 AM > To: libvir-list@xxxxxxxxxx; Huang, Haibin <haibin.huang@xxxxxxxxx>; Ding, > Jian-feng <jian-feng.ding@xxxxxxxxx>; Yang, Lin A <lin.a.yang@xxxxxxxxx>; Lu, > Lianhao <lianhao.lu@xxxxxxxxx>; pbonzini@xxxxxxxxxx; > pkrempa@xxxxxxxxxx; twiederh@xxxxxxxxxx; phrdina@xxxxxxxxxx; > berrange@xxxxxxxxxx; mprivozn@xxxxxxxxxx > Subject: [PATCH v7 0/5] Support query and use SGX > > This patch series provides support for enabling Intel's Software Guard > Extensions (SGX) feature in guest VM. > Giving the SGX support in QEMU be accepted and will be merged in two days > Intel Software Guard Extensions (Intel® SGX) is a set of instructions that > increases the security of application code and data, giving them more > protection from disclosure or modification. Developers can partition sensitive > information into enclaves, which are areas of execution in memory with more > security protection. > > The typical flow looks below at very high level: > > 1. Calls virConnectGetDomainCapabilities API to domain capabilities that > includes the following SGX information. > > <feature> > ... > <sgx supported='yes'> > <epc_size unit=’KiB’>N</epc_size> > </sgx> > </feature> > > 2. User requests to start a guest calling virCreateXML() with SGX requirement. > It should contain > > <devices> > ... > <memory model='sgx-epc'> > <target> > <size unit='KiB'>N</size> > </target> > </memory> > ... > </devices> > > Haibin Huang (2): > Support to query SGX capability > Add get domaincaps unit test > > Lin Yang (3): > conf: Introduce SGX EPC element into device memory xml > qemu: Add command-line to generate SGX EPC memory backend > Add unit tests for guest VM creation command with SGX EPC > > docs/schemas/domaincaps.rng | 19 ++- > docs/schemas/domaincommon.rng | 1 + > src/conf/domain_capabilities.c | 29 ++++ > src/conf/domain_capabilities.h | 13 ++ > src/conf/domain_conf.c | 5 + > src/conf/domain_conf.h | 1 + > src/conf/domain_validate.c | 1 + > src/libvirt_private.syms | 2 +- > src/qemu/qemu_alias.c | 6 +- > src/qemu/qemu_capabilities.c | 142 ++++++++++++++++++ > src/qemu/qemu_capabilities.h | 4 + > src/qemu/qemu_command.c | 39 ++++- > src/qemu/qemu_domain.c | 10 +- > src/qemu/qemu_domain_address.c | 4 + > src/qemu/qemu_monitor.c | 10 ++ > src/qemu/qemu_monitor.h | 3 + > src/qemu/qemu_monitor_json.c | 89 +++++++++++ > src/qemu/qemu_monitor_json.h | 3 + > src/qemu/qemu_process.c | 2 + > src/qemu/qemu_validate.c | 8 + > src/security/security_apparmor.c | 1 + > src/security/security_dac.c | 2 + > src/security/security_selinux.c | 2 + > tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + > tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + > tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + > tests/domaincapsdata/empty.xml | 1 + > tests/domaincapsdata/libxl-xenfv.xml | 1 + > tests/domaincapsdata/libxl-xenpv.xml | 1 + > .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + > .../qemu_2.12.0-virt.aarch64.xml | 1 + > tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + > tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + > .../qemu_2.6.0-virt.aarch64.xml | 1 + > tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + > tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + > .../qemu_4.0.0-virt.aarch64.xml | 1 + > tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + > tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + > .../qemu_4.2.0-virt.aarch64.xml | 1 + > tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + > tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + > .../qemu_5.0.0-virt.aarch64.xml | 1 + > tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + > tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + > tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + > .../qemu_5.2.0-virt.aarch64.xml | 1 + > tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + > tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + > tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + > .../qemu_6.0.0-virt.aarch64.xml | 1 + > tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + > tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + > tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + > .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + > .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + > tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + > .../sgx-epc.x86_64-5.1.0.args | 37 +++++ > tests/qemuxml2argvdata/sgx-epc.xml | 40 +++++ > tests/qemuxml2argvtest.c | 1 + > 120 files changed, 560 insertions(+), 8 deletions(-) create mode 100644 > tests/qemuxml2argvdata/sgx-epc.x86_64-5.1.0.args > create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml > > -- > 2.17.1
