Hi Michal, Thank you very much for your effort, the modification is very detail. I am rebasing it according to your comments. I have clone https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx to local, you can delete it. > -----Original Message----- > From: Michal Prívozník <mprivozn@redhat.com> > Sent: Friday, January 7, 2022 11:06 PM > To: Huang, Haibin <haibin.huang@intel.com>; libvir-list@redhat.com; Ding, > Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, > Lianhao <lianhao.lu@intel.com>; Zhong, Yang <yang.zhong@intel.com> > Subject: Re: [libvirt][PATCH v9 0/5] Support query and use SGX > > On 12/15/21 04:40, Haibin Huang wrote: > > This patch series provides support for enabling Intel's Software Guard > > Extensions (SGX) feature in guest VM. > > Giving the SGX support in QEMU be accepted and will be merged in two > > days Intel SGX is a set of instructions that increases the security of > > application code and data, giving them more protection from disclosure > > or modification. > > Developers can partition sensitive information into enclaves, which > > are areas of execution in memory with more security protection. > > > > The typical flow looks below at very high level: > > > > 1. Calls virConnectGetDomainCapabilities API to domain capabilities > > that includes the following SGX information. > > > > <feature> > > ... > > <sgx supported='yes'> > > <epc_size unit='KiB'>N</epc_size> > > </sgx> > > </feature> > > > > 2. User requests to start a guest calling virCreateXML() with SGX > requirement. > > It should contain > > > > <devices> > > ... > > <memory model='sgx-epc'> > > <target> > > <size unit='KiB'>N</size> > > </target> > > </memory> > > ... > > </devices> > > > > Haibin Huang (2): > > Get SGX Capabilities from QEMU > > Transfer Qemu SGX Capabilities to XML > > > > Lin Yang (3): > > conf: Introduce SGX EPC element into device memory xml > > qemu: Add command-line to generate SGX EPC memory backend > > Add unit tests for guest VM creation command with SGX EPC > > Next time please make sure that any patch you send is rebased onto the > master branch that's at least somewhat current. I had to go all the way down > to 7.8.0 to apply these (somewhere mid October). I believe libvirt is not the > only project that mandates this. > > I've uploaded these patches to my gitlab: > > https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx > > You'll find 'fixup' commits there which cover some of the points I am raising. > Might be worth looking at it. I'll keep the branch there for a while. > > Michal
On 1/20/22 02:33, Huang, Haibin wrote: > Hi Michal, > > Thank you very much for your effort, the modification is very detail. I am rebasing it according to your comments. > I have clone https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx to local, you can delete it. Cool, thanks. I tried to rebase onto current master but there were some conflicts which I didn't want to resolve. Removed. Michal
© 2016 - 2024 Red Hat, Inc.