1. Patchew
  2. Libvirt
  3. View series

RE: [libvirt][PATCH RESEND v10 0/5] Support query and use SGX

Huang, Haibin posted 5 patches 2 years, 2 months ago
Only 0 patches received!
RE: [libvirt][PATCH RESEND v10 0/5] Support query and use SGX
Posted by Huang, Haibin 2 years, 2 months ago 
Ok, thank you very much! Nice, It is very helpful.

> -----Original Message-----
> From: Michal Prívozník <mprivozn@redhat.com>
> Sent: Wednesday, February 16, 2022 6:25 PM
> To: Huang, Haibin <haibin.huang@intel.com>; libvir-list@redhat.com;
> berrange@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang,
> Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com>
> Subject: Re: [libvirt][PATCH RESEND v10 0/5] Support query and use SGX
> 
> On 2/8/22 06:21, Haibin Huang wrote:
> > Because the 5th patch was sent by mistake, so replace the 5th patch
> > and send it again.
> >
> > This patch series provides support for enabling Intel's Software Guard
> > Extensions (SGX) feature in guest VM.
> > Giving the SGX support in QEMU had been merged. Intel SGX is a set of
> > instructions that increases the security of application code  and
> > data, giving them more protection from disclosure or modification.
> > Developers can partition sensitive information into enclaves, which
> > are areas of execution in memory with more security protection.
> >
> > It depends on QEMU fixing[1], which will move cpu QOM object from
> > /machine/unattached/device[nn] to /machine/cpu[nn]. It requires
> > libvirt to change the default cpu QOM object location once QEMU patch
> > gets accepted, but it is out of this SGX patch scope.
> >
> > The typical flow looks below at very high level:
> >
> > 1. Calls virConnectGetDomainCapabilities API to domain capabilities
> > that includes the following SGX information.
> >
> > <feature>
> >    ...
> >    <sgx supported='yes'>
> >      <epc_size unit='KiB'>N</epc_size>
> >    </sgx>
> >    ...
> >  </feature>
> >
> > 2. User requests to start a guest calling virCreateXML() with SGX
> > requirement. It does not support NUMA yet, since latest QEMU 6.2
> > release does not support NUMA.
> > It should contain
> >
> > <devices>
> >     ...
> >     <memory model='sgx-epc'>
> >        <target>
> >            <size unit='KiB'>N</size>
> >        </target>
> >     </memory>
> >     ...
> > </devices>
> >
> > [1]
> > https://lists.nongnu.org/archive/html/qemu-devel/2022-
> 01/msg03534.html
> >
> > Haibin Huang (3):
> >   qemu: provide support to query the SGX capability
> >   conf: expose SGX feature in domain capabilities
> >   Add unit test for domaincapsdata sgx
> >
> > Lin Yang (2):
> >   conf: Introduce SGX EPC element into device memory xml
> >   Update default CPU location in qemu QOM tree
> >
> 
> 
> Hey, so I've done review and found mostly small issues. I would squash them
> in and push, but the point I'm raising in 5/5 (about -M vs
> -machine) ruined my confidence in doing so. Nevertheless, I've uploaded the
> changes I would make here:
> 
> https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx/
> 
> I hope you'll find it helpful.
> 
> Michal

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.