Because the 5th patch was sent by mistake, so replace the 5th patch and
send it again.

This patch series provides support for enabling Intel's Software 
Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU had been merged. Intel SGX is a
set of instructions that increases the security of application code
 and data, giving them more protection from disclosure or modification.
Developers can partition sensitive information into enclaves, which 
are areas of execution in memory with more security protection.

It depends on QEMU fixing[1], which will move cpu QOM object from 
/machine/unattached/device[nn] to /machine/cpu[nn]. It requires libvirt
to change the default cpu QOM object location once QEMU patch gets
accepted, but it is out of this SGX patch scope.

The typical flow looks below at very high level:

1. Calls virConnectGetDomainCapabilities API to domain capabilities 
that includes the following SGX information.

<feature>
   ...
   <sgx supported='yes'>
     <epc_size unit='KiB'>N</epc_size>
   </sgx>
   ...
 </feature>

2. User requests to start a guest calling virCreateXML() with SGX
requirement. It does not support NUMA yet, since latest QEMU 6.2
release does not support NUMA.
It should contain

<devices>
    ...
    <memory model='sgx-epc'>
       <target>
           <size unit='KiB'>N</size>
       </target>
    </memory>
    ...
</devices>

[1] https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg03534.html

Haibin Huang (3):
  qemu: provide support to query the SGX capability
  conf: expose SGX feature in domain capabilities
  Add unit test for domaincapsdata sgx

Lin Yang (2):
  conf: Introduce SGX EPC element into device memory xml
  Update default CPU location in qemu QOM tree

 docs/formatdomain.rst                         |   9 +-
 docs/formatdomaincaps.html.in                 |  26 ++++
 docs/schemas/domaincaps.rng                   |  22 ++-
 docs/schemas/domaincommon.rng                 |   1 +
 src/conf/domain_capabilities.c                |  29 ++++
 src/conf/domain_capabilities.h                |  13 ++
 src/conf/domain_conf.c                        |   6 +
 src/conf/domain_conf.h                        |   1 +
 src/conf/domain_validate.c                    |  16 ++
 src/libvirt_private.syms                      |   1 +
 src/qemu/qemu_alias.c                         |   3 +
 src/qemu/qemu_capabilities.c                  | 137 ++++++++++++++++++
 src/qemu/qemu_capabilities.h                  |   4 +
 src/qemu/qemu_capspriv.h                      |   4 +
 src/qemu/qemu_command.c                       |   1 +
 src/qemu/qemu_domain.c                        |  38 +++--
 src/qemu/qemu_domain_address.c                |   6 +
 src/qemu/qemu_driver.c                        |   1 +
 src/qemu/qemu_monitor.c                       |  10 ++
 src/qemu/qemu_monitor.h                       |   3 +
 src/qemu/qemu_monitor_json.c                  |  84 ++++++++++-
 src/qemu/qemu_monitor_json.h                  |   9 ++
 src/qemu/qemu_process.c                       |   2 +
 src/qemu/qemu_validate.c                      |   8 +
 src/security/security_apparmor.c              |   1 +
 src/security/security_dac.c                   |   2 +
 src/security/security_selinux.c               |   2 +
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
 tests/domaincapsdata/empty.xml                |   1 +
 tests/domaincapsdata/libxl-xenfv.xml          |   1 +
 tests/domaincapsdata/libxl-xenpv.xml          |   1 +
 .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |   1 +
 tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |   1 +
 .../qemu_2.12.0-virt.aarch64.xml              |   1 +
 tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |   1 +
 tests/domaincapsdata/qemu_2.12.0.ppc64.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.4.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.5.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml  |   1 +
 .../qemu_2.6.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_2.6.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_2.6.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_2.6.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.7.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.7.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.8.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.8.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.9.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_2.9.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.9.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_3.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.1.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_3.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_4.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_5.1.0.sparc.xml     |   1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_6.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   4 +
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   4 +
 .../qemu_6.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_6.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_6.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |   4 +
 .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml  |   4 +
 .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml  |   4 +
 tests/domaincapsdata/qemu_7.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_7.0.0.x86_64.xml    |   4 +
 .../caps_6.2.0.x86_64.replies                 |  22 ++-
 .../caps_6.2.0.x86_64.xml                     |   5 +
 .../caps_7.0.0.x86_64.replies                 |  22 ++-
 .../caps_7.0.0.x86_64.xml                     |   5 +
 tests/qemuxml2argvdata/sgx-epc.xml            |  36 +++++
 .../sgx-epc.x86_64-latest.xml                 |  52 +++++++
 tests/qemuxml2xmltest.c                       |   2 +
 138 files changed, 675 insertions(+), 30 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
 create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-latest.xml

-- 
2.17.1

On 2/8/22 06:21, Haibin Huang wrote:
> Because the 5th patch was sent by mistake, so replace the 5th patch and
> send it again.
> 
> This patch series provides support for enabling Intel's Software 
> Guard Extensions (SGX) feature in guest VM.
> Giving the SGX support in QEMU had been merged. Intel SGX is a
> set of instructions that increases the security of application code
>  and data, giving them more protection from disclosure or modification.
> Developers can partition sensitive information into enclaves, which 
> are areas of execution in memory with more security protection.
> 
> It depends on QEMU fixing[1], which will move cpu QOM object from 
> /machine/unattached/device[nn] to /machine/cpu[nn]. It requires libvirt
> to change the default cpu QOM object location once QEMU patch gets
> accepted, but it is out of this SGX patch scope.
> 
> The typical flow looks below at very high level:
> 
> 1. Calls virConnectGetDomainCapabilities API to domain capabilities 
> that includes the following SGX information.
> 
> <feature>
>    ...
>    <sgx supported='yes'>
>      <epc_size unit='KiB'>N</epc_size>
>    </sgx>
>    ...
>  </feature>
> 
> 2. User requests to start a guest calling virCreateXML() with SGX
> requirement. It does not support NUMA yet, since latest QEMU 6.2
> release does not support NUMA.
> It should contain
> 
> <devices>
>     ...
>     <memory model='sgx-epc'>
>        <target>
>            <size unit='KiB'>N</size>
>        </target>
>     </memory>
>     ...
> </devices>
> 
> [1] https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg03534.html
> 
> Haibin Huang (3):
>   qemu: provide support to query the SGX capability
>   conf: expose SGX feature in domain capabilities
>   Add unit test for domaincapsdata sgx
> 
> Lin Yang (2):
>   conf: Introduce SGX EPC element into device memory xml
>   Update default CPU location in qemu QOM tree
> 


Hey, so I've done review and found mostly small issues. I would squash
them in and push, but the point I'm raising in 5/5 (about -M vs
-machine) ruined my confidence in doing so. Nevertheless, I've uploaded
the changes I would make here:

https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx/

I hope you'll find it helpful.

Michal

Ok, thank you very much! Nice, It is very helpful.

> -----Original Message-----
> From: Michal Prívozník <mprivozn@redhat.com>
> Sent: Wednesday, February 16, 2022 6:25 PM
> To: Huang, Haibin <haibin.huang@intel.com>; libvir-list@redhat.com;
> berrange@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang,
> Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com>
> Subject: Re: [libvirt][PATCH RESEND v10 0/5] Support query and use SGX
> 
> On 2/8/22 06:21, Haibin Huang wrote:
> > Because the 5th patch was sent by mistake, so replace the 5th patch
> > and send it again.
> >
> > This patch series provides support for enabling Intel's Software Guard
> > Extensions (SGX) feature in guest VM.
> > Giving the SGX support in QEMU had been merged. Intel SGX is a set of
> > instructions that increases the security of application code  and
> > data, giving them more protection from disclosure or modification.
> > Developers can partition sensitive information into enclaves, which
> > are areas of execution in memory with more security protection.
> >
> > It depends on QEMU fixing[1], which will move cpu QOM object from
> > /machine/unattached/device[nn] to /machine/cpu[nn]. It requires
> > libvirt to change the default cpu QOM object location once QEMU patch
> > gets accepted, but it is out of this SGX patch scope.
> >
> > The typical flow looks below at very high level:
> >
> > 1. Calls virConnectGetDomainCapabilities API to domain capabilities
> > that includes the following SGX information.
> >
> > <feature>
> >    ...
> >    <sgx supported='yes'>
> >      <epc_size unit='KiB'>N</epc_size>
> >    </sgx>
> >    ...
> >  </feature>
> >
> > 2. User requests to start a guest calling virCreateXML() with SGX
> > requirement. It does not support NUMA yet, since latest QEMU 6.2
> > release does not support NUMA.
> > It should contain
> >
> > <devices>
> >     ...
> >     <memory model='sgx-epc'>
> >        <target>
> >            <size unit='KiB'>N</size>
> >        </target>
> >     </memory>
> >     ...
> > </devices>
> >
> > [1]
> > https://lists.nongnu.org/archive/html/qemu-devel/2022-
> 01/msg03534.html
> >
> > Haibin Huang (3):
> >   qemu: provide support to query the SGX capability
> >   conf: expose SGX feature in domain capabilities
> >   Add unit test for domaincapsdata sgx
> >
> > Lin Yang (2):
> >   conf: Introduce SGX EPC element into device memory xml
> >   Update default CPU location in qemu QOM tree
> >
> 
> 
> Hey, so I've done review and found mostly small issues. I would squash them
> in and push, but the point I'm raising in 5/5 (about -M vs
> -machine) ruined my confidence in doing so. Nevertheless, I've uploaded the
> changes I would make here:
> 
> https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx/
> 
> I hope you'll find it helpful.
> 
> Michal