This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
 
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code
review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities
API response and domain definition. All comments/suggestions would be highly appreciated.
 
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application
code and data, giving them more protection from disclosure or modification. Developers can partition sensitive
information into enclaves, which are areas of execution in memory with more security protection.
 
The typical flow looks below at very high level:
 
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
 
<feature>
...
  <sgx supported='yes'> 
    <epc_size unit=’KiB’>N</epc_size>
  </sgx>
</feature> 
 
2. User requests to start a guest calling virCreateXML() with SGX requirement. 
It should contain
 
<launchSecurity type='sgx'>
  <epc_size unit='KiB'>N</epc_size>
</launchSecurity> 


Haibin Huang (1):
  Support to query SGX capability

Lin Yang (3):
  conf: Introduce SGX related element into domain xml
  qemu: Add command-line to generate SGX EPC memory backend
  qemu: Add command-line to enable SGX

 src/conf/domain_capabilities.c                |  29 ++++
 src/conf/domain_capabilities.h                |  13 ++
 src/conf/domain_conf.c                        | 106 +++++++++----
 src/conf/domain_conf.h                        |  10 ++
 src/conf/virconftypes.h                       |   3 +
 src/libvirt_private.syms                      |   2 +-
 src/qemu/qemu_capabilities.c                  | 146 ++++++++++++++++++
 src/qemu/qemu_capabilities.h                  |   6 +
 src/qemu/qemu_command.c                       |  30 ++++
 src/qemu/qemu_monitor.c                       |  10 ++
 src/qemu/qemu_monitor.h                       |   3 +
 src/qemu/qemu_monitor_json.c                  |  91 +++++++++++
 src/qemu/qemu_monitor_json.h                  |   3 +
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
 tests/domaincapsdata/empty.xml                |   1 +
 tests/domaincapsdata/libxl-xenfv.xml          |   1 +
 tests/domaincapsdata/libxl-xenpv.xml          |   1 +
 .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_1.5.3.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_1.6.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_1.7.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.1.1.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml |   1 +
 .../qemu_2.10.0-virt.aarch64.xml              |   1 +
 tests/domaincapsdata/qemu_2.10.0.aarch64.xml  |   1 +
 tests/domaincapsdata/qemu_2.10.0.ppc64.xml    |   1 +
 tests/domaincapsdata/qemu_2.10.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.10.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |   1 +
 tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |   1 +
 .../qemu_2.12.0-virt.aarch64.xml              |   1 +
 tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |   1 +
 tests/domaincapsdata/qemu_2.12.0.ppc64.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.4.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.5.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml  |   1 +
 .../qemu_2.6.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_2.6.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_2.6.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_2.6.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.7.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.7.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.8.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.8.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.9.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_2.9.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.9.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_3.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.1.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_3.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_4.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
 109 files changed, 519 insertions(+), 29 deletions(-)

-- 
2.17.1

On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
> This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
>  
> Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code
> review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities
> API response and domain definition. All comments/suggestions would be highly appreciated.
>  
> Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application
> code and data, giving them more protection from disclosure or modification. Developers can partition sensitive
> information into enclaves, which are areas of execution in memory with more security protection.
>  
> The typical flow looks below at very high level:
>  
> 1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
>  
> <feature>
> ...
>   <sgx supported='yes'> 
>     <epc_size unit=’KiB’>N</epc_size>
>   </sgx>
> </feature> 
>  
> 2. User requests to start a guest calling virCreateXML() with SGX requirement. 
> It should contain
>  
> <launchSecurity type='sgx'>
>   <epc_size unit='KiB'>N</epc_size>
> </launchSecurity> 

I don't think that Intel SGX belongs into <launchSecurity> in libvirt.
Similar feature to AMD SEV is Intel TDX which would be implement using
<launchSecurity> as it offers isolation between host and VM.

Looking at the patches this doesn't even use confidential-guest-support
machine option, it adds a new memory backend and enables CPU features
only if libvirt uses <cpu mode='custom'> so it would not work with any
other CPU mode.

To me this sounds like we should split the feature into two components
where one would add support for the new memory backend into correct XML
part [1] and the other component would be support for CPU features
related to Intel SGX [2].

Pavel

[1] <https://libvirt.org/formatdomain.html#memory-backing>
[2] <https://libvirt.org/formatdomain.html#cpu-model-and-topology>

> Haibin Huang (1):
>   Support to query SGX capability
> 
> Lin Yang (3):
>   conf: Introduce SGX related element into domain xml
>   qemu: Add command-line to generate SGX EPC memory backend
>   qemu: Add command-line to enable SGX
> 
>  src/conf/domain_capabilities.c                |  29 ++++
>  src/conf/domain_capabilities.h                |  13 ++
>  src/conf/domain_conf.c                        | 106 +++++++++----
>  src/conf/domain_conf.h                        |  10 ++
>  src/conf/virconftypes.h                       |   3 +
>  src/libvirt_private.syms                      |   2 +-
>  src/qemu/qemu_capabilities.c                  | 146 ++++++++++++++++++
>  src/qemu/qemu_capabilities.h                  |   6 +
>  src/qemu/qemu_command.c                       |  30 ++++
>  src/qemu/qemu_monitor.c                       |  10 ++
>  src/qemu/qemu_monitor.h                       |   3 +
>  src/qemu/qemu_monitor_json.c                  |  91 +++++++++++
>  src/qemu/qemu_monitor_json.h                  |   3 +
>  tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
>  tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
>  tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
>  tests/domaincapsdata/empty.xml                |   1 +
>  tests/domaincapsdata/libxl-xenfv.xml          |   1 +
>  tests/domaincapsdata/libxl-xenpv.xml          |   1 +
>  .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_1.5.3.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_1.6.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_1.7.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.1.1.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml |   1 +
>  .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml |   1 +
>  .../qemu_2.10.0-virt.aarch64.xml              |   1 +
>  tests/domaincapsdata/qemu_2.10.0.aarch64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.10.0.ppc64.xml    |   1 +
>  tests/domaincapsdata/qemu_2.10.0.s390x.xml    |   1 +
>  tests/domaincapsdata/qemu_2.10.0.x86_64.xml   |   1 +
>  .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |   1 +
>  .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |   1 +
>  tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
>  tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |   1 +
>  .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |   1 +
>  .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |   1 +
>  .../qemu_2.12.0-virt.aarch64.xml              |   1 +
>  tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.12.0.ppc64.xml    |   1 +
>  tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
>  tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |   1 +
>  .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.4.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.5.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml  |   1 +
>  .../qemu_2.6.0-virt.aarch64.xml               |   1 +
>  tests/domaincapsdata/qemu_2.6.0.aarch64.xml   |   1 +
>  tests/domaincapsdata/qemu_2.6.0.ppc64.xml     |   1 +
>  tests/domaincapsdata/qemu_2.6.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.7.0.s390x.xml     |   1 +
>  tests/domaincapsdata/qemu_2.7.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.8.0.s390x.xml     |   1 +
>  tests/domaincapsdata/qemu_2.8.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_2.9.0.ppc64.xml     |   1 +
>  tests/domaincapsdata/qemu_2.9.0.s390x.xml     |   1 +
>  tests/domaincapsdata/qemu_2.9.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_3.0.0.ppc64.xml     |   1 +
>  tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
>  tests/domaincapsdata/qemu_3.0.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_3.1.0.ppc64.xml     |   1 +
>  tests/domaincapsdata/qemu_3.1.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |   1 +
>  .../qemu_4.0.0-virt.aarch64.xml               |   1 +
>  tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |   1 +
>  tests/domaincapsdata/qemu_4.0.0.ppc64.xml     |   1 +
>  tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
>  tests/domaincapsdata/qemu_4.0.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_4.1.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
>  .../qemu_4.2.0-virt.aarch64.xml               |   1 +
>  tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
>  tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
>  tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
>  tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
>  .../qemu_5.0.0-virt.aarch64.xml               |   1 +
>  tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
>  tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
>  tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
>  .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
>  .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
>  tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
>  109 files changed, 519 insertions(+), 29 deletions(-)
> 
> -- 
> 2.17.1
> 

> -----Original Message-----
> From: Pavel Hrdina <phrdina@redhat.com>
> Sent: Wednesday, July 7, 2021 5:48 PM
> To: Huang, Haibin <haibin.huang@intel.com>
> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang,
> Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com>
> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
> 
> On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
> > This patch series provides support for enabling Intel's Software Guard
> Extensions (SGX) feature in guest VM.
> >
> > Giving the SGX support in QEMU is still pending for reviewing, this
> > patch series is not submmited for code review, but only describe the
> > SGX enabling solution design that contains changes to
> virConnectGetDomainCapabilities API response and domain definition. All
> comments/suggestions would be highly appreciated.
> >
> > Intel Software Guard Extensions (Intel® SGX) is a set of instructions
> > that increases the security of application code and data, giving them
> > more protection from disclosure or modification. Developers can partition
> sensitive information into enclaves, which are areas of execution in memory
> with more security protection.
> >
> > The typical flow looks below at very high level:
> >
> > 1. Calls virConnectGetDomainCapabilities API to domain capabilities that
> includes the following SGX information.
> >
> > <feature>
> > ...
> >   <sgx supported='yes'>
> >     <epc_size unit=’KiB’>N</epc_size>
> >   </sgx>
> > </feature>
> >
> > 2. User requests to start a guest calling virCreateXML() with SGX requirement.
> > It should contain
> >
> > <launchSecurity type='sgx'>
> >   <epc_size unit='KiB'>N</epc_size>
> > </launchSecurity>
> 
> I don't think that Intel SGX belongs into <launchSecurity> in libvirt.
> Similar feature to AMD SEV is Intel TDX which would be implement using
> <launchSecurity> as it offers isolation between host and VM.
> 
> Looking at the patches this doesn't even use confidential-guest-support machine
> option, it adds a new memory backend and enables CPU features only if libvirt
> uses <cpu mode='custom'> so it would not work with any other CPU mode.
> 
> To me this sounds like we should split the feature into two components where
> one would add support for the new memory backend into correct XML part [1]
> and the other component would be support for CPU features related to Intel
> SGX [2].
[Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2].
Do we need to add new element in memory backend for SGX EPC memory?
> 
> Pavel
> 
> [1] <https://libvirt.org/formatdomain.html#memory-backing>
> [2] <https://libvirt.org/formatdomain.html#cpu-model-and-topology>
> 
> > Haibin Huang (1):
> >   Support to query SGX capability
> >
> > Lin Yang (3):
> >   conf: Introduce SGX related element into domain xml
> >   qemu: Add command-line to generate SGX EPC memory backend
> >   qemu: Add command-line to enable SGX
> >
> >  src/conf/domain_capabilities.c                |  29 ++++
> >  src/conf/domain_capabilities.h                |  13 ++
> >  src/conf/domain_conf.c                        | 106 +++++++++----
> >  src/conf/domain_conf.h                        |  10 ++
> >  src/conf/virconftypes.h                       |   3 +
> >  src/libvirt_private.syms                      |   2 +-
> >  src/qemu/qemu_capabilities.c                  | 146 ++++++++++++++++++
> >  src/qemu/qemu_capabilities.h                  |   6 +
> >  src/qemu/qemu_command.c                       |  30 ++++
> >  src/qemu/qemu_monitor.c                       |  10 ++
> >  src/qemu/qemu_monitor.h                       |   3 +
> >  src/qemu/qemu_monitor_json.c                  |  91 +++++++++++
> >  src/qemu/qemu_monitor_json.h                  |   3 +
> >  tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
> >  tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
> >  tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
> >  tests/domaincapsdata/empty.xml                |   1 +
> >  tests/domaincapsdata/libxl-xenfv.xml          |   1 +
> >  tests/domaincapsdata/libxl-xenpv.xml          |   1 +
> >  .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_1.5.3.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_1.6.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_1.7.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.1.1.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml |   1 +
> >  .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml |   1 +
> >  .../qemu_2.10.0-virt.aarch64.xml              |   1 +
> >  tests/domaincapsdata/qemu_2.10.0.aarch64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.10.0.ppc64.xml    |   1 +
> >  tests/domaincapsdata/qemu_2.10.0.s390x.xml    |   1 +
> >  tests/domaincapsdata/qemu_2.10.0.x86_64.xml   |   1 +
> >  .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |   1 +
> >  .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |   1 +
> >  tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
> >  tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |   1 +
> >  .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |   1 +
> >  .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |   1 +
> >  .../qemu_2.12.0-virt.aarch64.xml              |   1 +
> >  tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.12.0.ppc64.xml    |   1 +
> >  tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
> >  tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |   1 +
> >  .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.4.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.5.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml  |   1 +
> >  .../qemu_2.6.0-virt.aarch64.xml               |   1 +
> >  tests/domaincapsdata/qemu_2.6.0.aarch64.xml   |   1 +
> >  tests/domaincapsdata/qemu_2.6.0.ppc64.xml     |   1 +
> >  tests/domaincapsdata/qemu_2.6.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.7.0.s390x.xml     |   1 +
> >  tests/domaincapsdata/qemu_2.7.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.8.0.s390x.xml     |   1 +
> >  tests/domaincapsdata/qemu_2.8.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_2.9.0.ppc64.xml     |   1 +
> >  tests/domaincapsdata/qemu_2.9.0.s390x.xml     |   1 +
> >  tests/domaincapsdata/qemu_2.9.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_3.0.0.ppc64.xml     |   1 +
> >  tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
> >  tests/domaincapsdata/qemu_3.0.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_3.1.0.ppc64.xml     |   1 +
> >  tests/domaincapsdata/qemu_3.1.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |   1 +
> >  .../qemu_4.0.0-virt.aarch64.xml               |   1 +
> >  tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |   1 +
> >  tests/domaincapsdata/qemu_4.0.0.ppc64.xml     |   1 +
> >  tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
> >  tests/domaincapsdata/qemu_4.0.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_4.1.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
> >  .../qemu_4.2.0-virt.aarch64.xml               |   1 +
> >  tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
> >  tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
> >  tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
> >  tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
> >  .../qemu_5.0.0-virt.aarch64.xml               |   1 +
> >  tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
> >  tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
> >  tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
> >  .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
> >  .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
> >  tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
> >  109 files changed, 519 insertions(+), 29 deletions(-)
> >
> > --
> > 2.17.1
> >

On Wed, Jul 07, 2021 at 11:47:37AM +0200, Pavel Hrdina wrote:
> On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
> > This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
> >  
> > Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code
> > review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities
> > API response and domain definition. All comments/suggestions would be highly appreciated.
> >  
> > Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application
> > code and data, giving them more protection from disclosure or modification. Developers can partition sensitive
> > information into enclaves, which are areas of execution in memory with more security protection.
> >  
> > The typical flow looks below at very high level:
> >  
> > 1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
> >  
> > <feature>
> > ...
> >   <sgx supported='yes'> 
> >     <epc_size unit=’KiB’>N</epc_size>
> >   </sgx>
> > </feature> 
> >  
> > 2. User requests to start a guest calling virCreateXML() with SGX requirement. 
> > It should contain
> >  
> > <launchSecurity type='sgx'>
> >   <epc_size unit='KiB'>N</epc_size>
> > </launchSecurity> 
> 
> I don't think that Intel SGX belongs into <launchSecurity> in libvirt.
> Similar feature to AMD SEV is Intel TDX which would be implement using
> <launchSecurity> as it offers isolation between host and VM.
> 
> Looking at the patches this doesn't even use confidential-guest-support
> machine option, it adds a new memory backend and enables CPU features
> only if libvirt uses <cpu mode='custom'> so it would not work with any
> other CPU mode.

This just looks like a bug - there's no reason I see why it shouldn't
work with all CPU modes. In fact the user could just specify the
<feature> elements under <cpu> using existing syntax. We just need
the cpu map to know about them

> To me this sounds like we should split the feature into two components
> where one would add support for the new memory backend into correct XML
> part [1] and the other component would be support for CPU features
> related to Intel SGX [2].

Yeah, sounds more sensible


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|