Hi Michal, Thank you very much for your effort, the modification is very detail. I am rebasing it according to your comments. I have clone https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx to local, you can delete it. > -----Original Message----- > From: Michal Prívozník <mprivozn@xxxxxxxxxx> > Sent: Friday, January 7, 2022 11:06 PM > To: Huang, Haibin <haibin.huang@xxxxxxxxx>; libvir-list@xxxxxxxxxx; Ding, > Jian-feng <jian-feng.ding@xxxxxxxxx>; Yang, Lin A <lin.a.yang@xxxxxxxxx>; Lu, > Lianhao <lianhao.lu@xxxxxxxxx>; Zhong, Yang <yang.zhong@xxxxxxxxx> > Subject: Re: [PATCH v9 0/5] Support query and use SGX > > On 12/15/21 04:40, Haibin Huang wrote: > > This patch series provides support for enabling Intel's Software Guard > > Extensions (SGX) feature in guest VM. > > Giving the SGX support in QEMU be accepted and will be merged in two > > days Intel SGX is a set of instructions that increases the security of > > application code and data, giving them more protection from disclosure > > or modification. > > Developers can partition sensitive information into enclaves, which > > are areas of execution in memory with more security protection. > > > > The typical flow looks below at very high level: > > > > 1. Calls virConnectGetDomainCapabilities API to domain capabilities > > that includes the following SGX information. > > > > <feature> > > ... > > <sgx supported='yes'> > > <epc_size unit='KiB'>N</epc_size> > > </sgx> > > </feature> > > > > 2. User requests to start a guest calling virCreateXML() with SGX > requirement. > > It should contain > > > > <devices> > > ... > > <memory model='sgx-epc'> > > <target> > > <size unit='KiB'>N</size> > > </target> > > </memory> > > ... > > </devices> > > > > Haibin Huang (2): > > Get SGX Capabilities from QEMU > > Transfer Qemu SGX Capabilities to XML > > > > Lin Yang (3): > > conf: Introduce SGX EPC element into device memory xml > > qemu: Add command-line to generate SGX EPC memory backend > > Add unit tests for guest VM creation command with SGX EPC > > Next time please make sure that any patch you send is rebased onto the > master branch that's at least somewhat current. I had to go all the way down > to 7.8.0 to apply these (somewhere mid October). I believe libvirt is not the > only project that mandates this. > > I've uploaded these patches to my gitlab: > > https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx > > You'll find 'fixup' commits there which cover some of the points I am raising. > Might be worth looking at it. I'll keep the branch there for a while. > > Michal
