From nobody Mon Feb  9 09:09:14 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1626332751083369.6258426170473;
 Thu, 15 Jul 2021 00:05:51 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-347-6HrIhzVZOi6MHb2kR5tWow-1; Thu, 15 Jul 2021 03:05:48 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B609E80292B;
	Thu, 15 Jul 2021 07:05:42 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8F01B1017CE8;
	Thu, 15 Jul 2021 07:05:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 56DF81801258;
	Thu, 15 Jul 2021 07:05:42 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 16F75fDd026422 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 15 Jul 2021 03:05:41 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 047CF1032A7; Thu, 15 Jul 2021 07:05:41 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id F3F841032B0
	for <libvir-list@redhat.com>; Thu, 15 Jul 2021 07:05:40 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DD1AE800B28
	for <libvir-list@redhat.com>; Thu, 15 Jul 2021 07:05:40 +0000 (UTC)
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (Using TLS)
	by relay.mimecast.com with ESMTP id us-mta-364-r_ARTRluMBiTOfVk9EJLvg-1;
	Thu, 15 Jul 2021 03:05:38 -0400
Received: from orsmga003.jf.intel.com ([10.7.209.27])
	by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
	15 Jul 2021 00:05:37 -0700
Received: from nhsgx.sh.intel.com ([10.239.36.138])
	by orsmga003.jf.intel.com with ESMTP; 15 Jul 2021 00:05:26 -0700
X-MC-Unique: 6HrIhzVZOi6MHb2kR5tWow-1
X-MC-Unique: r_ARTRluMBiTOfVk9EJLvg-1
X-IronPort-AV: E=McAfee;i="6200,9189,10045"; a="296131580"
X-IronPort-AV: E=Sophos;i="5.84,240,1620716400"; d="scan'208";a="296131580"
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.84,240,1620716400"; d="scan'208";a="413552999"
From: Haibin Huang <haibin.huang@intel.com>
To: libvir-list@redhat.com, haibin.huang@intel.com, jian-feng.ding@intel.com,
	lin.a.yang@intel.com, lianhao.lu@intel.com
Subject: [libvirt][PATCH v5 4/6] Add guest use sgx document
Date: Thu, 15 Jul 2021 15:02:59 +0800
Message-Id: <20210715070301.8078-5-haibin.huang@intel.com>
In-Reply-To: <20210715070301.8078-1-haibin.huang@intel.com>
References: <20210715070301.8078-1-haibin.huang@intel.com>
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 2
X-Mimecast-Originator: redhat.com
X-ZM-MESSAGEID: 1626332751816100001
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Haibin Huang <haibin.huang@intel.com>
---
 docs/formatdomain.rst | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 218f0c1718..d7319133ac 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -7377,7 +7377,7 @@ Note: DEA/TDEA is synonymous with DES/TDES.
=20
 Launch Security
 ---------------
-
+The Security includes sev and sgx.
 The contents of the ``<launchSecurity type=3D'sev'>`` element is used to p=
rovide
 the guest owners input used for creating an encrypted VM using the AMD SEV
 feature (Secure Encrypted Virtualization). SEV is an extension to the AMD-V
@@ -7448,6 +7448,32 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_=
API_Specification.pdf>`__
    session blob defined in the SEV API spec. See SEV spec LAUNCH_START sec=
tion
    for the session blob format.
=20
+The contents of the ``<launchSecurity type=3D'sgx'>`` element is used to p=
rovide
+the guest owners input used for creating an encrypted VM using the INTEL S=
GX
+feature (Software Guard Extensions). Intel SGX is a technology that was de=
veloped
+to meet the needs of the Trusted Computing industry. It allows user-land c=
ode
+to create private memory regions, called enclaves, that are isolated from =
other
+process running at the same or higher privilege levels. The code running i=
nside
+an enclave is effectively isolated from other applications, the operating =
system,
+the hyper-visor, et cetera. For more information see the `SGX
+developer Guide <https://software.intel.com/content/www/us/en/develop/docu=
mentation/sgx-developer-guide/top.html>`__
+
+::
+
+   <domain>
+     ...
+     <launchSecurity type=3D'sgx'>
+       <epc_size unit=3D'KiB'>1024</epc_size>
+     </launchSecurity>
+     ...
+   </domain>
+
+``epc_size``
+ The required ``epc_size`` element are limited developers should endeavor =
to
+ keep their applications small.enclave size. The value of ``epc_size`` is
+ hypervisor dependent and can be obtained through the ``sgx`` element from
+ the domain capabilities.
+
 :anchor:`<a id=3D"examples"/>`
=20
 Example configs
--=20
2.17.1