Ok, thank you very much! Nice, It is very helpful. > -----Original Message----- > From: Michal Prívozník <mprivozn@xxxxxxxxxx> > Sent: Wednesday, February 16, 2022 6:25 PM > To: Huang, Haibin <haibin.huang@xxxxxxxxx>; libvir-list@xxxxxxxxxx; > berrange@xxxxxxxxxx; Ding, Jian-feng <jian-feng.ding@xxxxxxxxx>; Yang, > Lin A <lin.a.yang@xxxxxxxxx>; Lu, Lianhao <lianhao.lu@xxxxxxxxx> > Subject: Re: [PATCH RESEND v10 0/5] Support query and use SGX > > On 2/8/22 06:21, Haibin Huang wrote: > > Because the 5th patch was sent by mistake, so replace the 5th patch > > and send it again. > > > > This patch series provides support for enabling Intel's Software Guard > > Extensions (SGX) feature in guest VM. > > Giving the SGX support in QEMU had been merged. Intel SGX is a set of > > instructions that increases the security of application code and > > data, giving them more protection from disclosure or modification. > > Developers can partition sensitive information into enclaves, which > > are areas of execution in memory with more security protection. > > > > It depends on QEMU fixing[1], which will move cpu QOM object from > > /machine/unattached/device[nn] to /machine/cpu[nn]. It requires > > libvirt to change the default cpu QOM object location once QEMU patch > > gets accepted, but it is out of this SGX patch scope. > > > > The typical flow looks below at very high level: > > > > 1. Calls virConnectGetDomainCapabilities API to domain capabilities > > that includes the following SGX information. > > > > <feature> > > ... > > <sgx supported='yes'> > > <epc_size unit='KiB'>N</epc_size> > > </sgx> > > ... > > </feature> > > > > 2. User requests to start a guest calling virCreateXML() with SGX > > requirement. It does not support NUMA yet, since latest QEMU 6.2 > > release does not support NUMA. > > It should contain > > > > <devices> > > ... > > <memory model='sgx-epc'> > > <target> > > <size unit='KiB'>N</size> > > </target> > > </memory> > > ... > > </devices> > > > > [1] > > https://lists.nongnu.org/archive/html/qemu-devel/2022- > 01/msg03534.html > > > > Haibin Huang (3): > > qemu: provide support to query the SGX capability > > conf: expose SGX feature in domain capabilities > > Add unit test for domaincapsdata sgx > > > > Lin Yang (2): > > conf: Introduce SGX EPC element into device memory xml > > Update default CPU location in qemu QOM tree > > > > > Hey, so I've done review and found mostly small issues. I would squash them > in and push, but the point I'm raising in 5/5 (about -M vs > -machine) ruined my confidence in doing so. Nevertheless, I've uploaded the > changes I would make here: > > https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx/ > > I hope you'll find it helpful. > > Michal