This patch series provides support for enabling Intel's Software Guard
Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU be accepted and will be merged in two
days Intel SGX is a set of instructions that increases the security
of application code and data, giving them more protection from disclosure
or modification.
Developers can partition sensitive information into enclaves, which are
areas of execution in memory with more security protection.

The typical flow looks below at very high level:

1. Calls virConnectGetDomainCapabilities API to domain capabilities that
includes the following SGX information.

<feature>
...
  <sgx supported='yes'>
    <epc_size unit='KiB'>N</epc_size>
  </sgx>
</feature>

2. User requests to start a guest calling virCreateXML() with SGX requirement.
It should contain

 <devices>
      ...
      <memory model='sgx-epc'>
        <target>
          <size unit='KiB'>N</size>
        </target>
      </memory>
      ...
  </devices>

Haibin Huang (2):
  Get SGX Capabilities from QEMU
  Transfer Qemu SGX Capabilities to XML

Lin Yang (3):
  conf: Introduce SGX EPC element into device memory xml
  qemu: Add command-line to generate SGX EPC memory backend
  Add unit tests for guest VM creation command with SGX EPC

 docs/schemas/domaincaps.rng                   |  22 ++-
 docs/schemas/domaincommon.rng                 |   1 +
 src/conf/domain_capabilities.c                |  29 ++++
 src/conf/domain_capabilities.h                |  13 ++
 src/conf/domain_conf.c                        |   6 +
 src/conf/domain_conf.h                        |   1 +
 src/conf/domain_validate.c                    |   1 +
 src/libvirt_private.syms                      |   1 +
 src/qemu/qemu_alias.c                         |   6 +-
 src/qemu/qemu_capabilities.c                  | 143 +++++++++++++++++-
 src/qemu/qemu_capabilities.h                  |   4 +
 src/qemu/qemu_command.c                       |  41 ++++-
 src/qemu/qemu_domain.c                        |  12 +-
 src/qemu/qemu_domain_address.c                |   6 +
 src/qemu/qemu_driver.c                        |   1 +
 src/qemu/qemu_monitor.c                       |  10 ++
 src/qemu/qemu_monitor.h                       |   3 +
 src/qemu/qemu_monitor_json.c                  |  83 ++++++++++
 src/qemu/qemu_monitor_json.h                  |   3 +
 src/qemu/qemu_process.c                       |   2 +
 src/qemu/qemu_validate.c                      |   8 +
 src/security/security_apparmor.c              |   1 +
 src/security/security_dac.c                   |   2 +
 src/security/security_selinux.c               |   2 +
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
 tests/domaincapsdata/empty.xml                |   1 +
 tests/domaincapsdata/libxl-xenfv.xml          |   1 +
 tests/domaincapsdata/libxl-xenpv.xml          |   1 +
 .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |   1 +
 tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |   1 +
 .../qemu_2.12.0-virt.aarch64.xml              |   1 +
 tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |   1 +
 tests/domaincapsdata/qemu_2.12.0.ppc64.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.4.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.5.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml  |   1 +
 .../qemu_2.6.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_2.6.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_2.6.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_2.6.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.7.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.7.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.8.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.8.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.9.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_2.9.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_2.9.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_3.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.1.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_3.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_4.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_5.1.0.sparc.xml     |   1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_6.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   4 +
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   4 +
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |   4 +
 .../caps_6.2.0.x86_64.replies                 |  22 ++-
 .../caps_6.2.0.x86_64.xml                     |   5 +
 .../sgx-epc.x86_64-6.2.0.args                 |  37 +++++
 tests/qemuxml2argvdata/sgx-epc.xml            |  36 +++++
 tests/qemuxml2argvtest.c                      |   2 +
 126 files changed, 597 insertions(+), 12 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml

-- 
2.17.1

On 12/15/21 04:40, Haibin Huang wrote:
> This patch series provides support for enabling Intel's Software Guard
> Extensions (SGX) feature in guest VM.
> Giving the SGX support in QEMU be accepted and will be merged in two
> days Intel SGX is a set of instructions that increases the security
> of application code and data, giving them more protection from disclosure
> or modification.
> Developers can partition sensitive information into enclaves, which are
> areas of execution in memory with more security protection.
> 
> The typical flow looks below at very high level:
> 
> 1. Calls virConnectGetDomainCapabilities API to domain capabilities that
> includes the following SGX information.
> 
> <feature>
> ...
>   <sgx supported='yes'>
>     <epc_size unit='KiB'>N</epc_size>
>   </sgx>
> </feature>
> 
> 2. User requests to start a guest calling virCreateXML() with SGX requirement.
> It should contain
> 
>  <devices>
>       ...
>       <memory model='sgx-epc'>
>         <target>
>           <size unit='KiB'>N</size>
>         </target>
>       </memory>
>       ...
>   </devices>
> 
> Haibin Huang (2):
>   Get SGX Capabilities from QEMU
>   Transfer Qemu SGX Capabilities to XML
> 
> Lin Yang (3):
>   conf: Introduce SGX EPC element into device memory xml
>   qemu: Add command-line to generate SGX EPC memory backend
>   Add unit tests for guest VM creation command with SGX EPC

Next time please make sure that any patch you send is rebased onto the
master branch that's at least somewhat current. I had to go all the way
down to 7.8.0 to apply these (somewhere mid October). I believe libvirt
is not the only project that mandates this.

I've uploaded these patches to my gitlab:

https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx

You'll find 'fixup' commits there which cover some of the points I am
raising. Might be worth looking at it. I'll keep the branch there for a
while.

Michal

Hi Michal,

Thank you very much for your effort, the modification is very detail. I am rebasing it according to your comments.
I have clone https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx to local, you can delete it.

> -----Original Message-----
> From: Michal Prívozník <mprivozn@redhat.com>
> Sent: Friday, January 7, 2022 11:06 PM
> To: Huang, Haibin <haibin.huang@intel.com>; libvir-list@redhat.com; Ding,
> Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu,
> Lianhao <lianhao.lu@intel.com>; Zhong, Yang <yang.zhong@intel.com>
> Subject: Re: [libvirt][PATCH v9 0/5] Support query and use SGX
> 
> On 12/15/21 04:40, Haibin Huang wrote:
> > This patch series provides support for enabling Intel's Software Guard
> > Extensions (SGX) feature in guest VM.
> > Giving the SGX support in QEMU be accepted and will be merged in two
> > days Intel SGX is a set of instructions that increases the security of
> > application code and data, giving them more protection from disclosure
> > or modification.
> > Developers can partition sensitive information into enclaves, which
> > are areas of execution in memory with more security protection.
> >
> > The typical flow looks below at very high level:
> >
> > 1. Calls virConnectGetDomainCapabilities API to domain capabilities
> > that includes the following SGX information.
> >
> > <feature>
> > ...
> >   <sgx supported='yes'>
> >     <epc_size unit='KiB'>N</epc_size>
> >   </sgx>
> > </feature>
> >
> > 2. User requests to start a guest calling virCreateXML() with SGX
> requirement.
> > It should contain
> >
> >  <devices>
> >       ...
> >       <memory model='sgx-epc'>
> >         <target>
> >           <size unit='KiB'>N</size>
> >         </target>
> >       </memory>
> >       ...
> >   </devices>
> >
> > Haibin Huang (2):
> >   Get SGX Capabilities from QEMU
> >   Transfer Qemu SGX Capabilities to XML
> >
> > Lin Yang (3):
> >   conf: Introduce SGX EPC element into device memory xml
> >   qemu: Add command-line to generate SGX EPC memory backend
> >   Add unit tests for guest VM creation command with SGX EPC
> 
> Next time please make sure that any patch you send is rebased onto the
> master branch that's at least somewhat current. I had to go all the way down
> to 7.8.0 to apply these (somewhere mid October). I believe libvirt is not the
> only project that mandates this.
> 
> I've uploaded these patches to my gitlab:
> 
> https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx
> 
> You'll find 'fixup' commits there which cover some of the points I am raising.
> Might be worth looking at it. I'll keep the branch there for a while.
> 
> Michal

On 1/20/22 02:33, Huang, Haibin wrote:
> Hi Michal,
> 
> Thank you very much for your effort, the modification is very detail. I am rebasing it according to your comments.
> I have clone https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx to local, you can delete it.

Cool, thanks. I tried to rebase onto current master but there were some
conflicts which I didn't want to resolve. Removed.

Michal

Thank you very much! I will see it.

> -----Original Message-----
> From: Michal Prívozník <mprivozn@redhat.com>
> Sent: Friday, January 7, 2022 11:06 PM
> To: Huang, Haibin <haibin.huang@intel.com>; libvir-list@redhat.com; Ding,
> Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu,
> Lianhao <lianhao.lu@intel.com>; Zhong, Yang <yang.zhong@intel.com>
> Subject: Re: [libvirt][PATCH v9 0/5] Support query and use SGX
> 
> On 12/15/21 04:40, Haibin Huang wrote:
> > This patch series provides support for enabling Intel's Software Guard
> > Extensions (SGX) feature in guest VM.
> > Giving the SGX support in QEMU be accepted and will be merged in two
> > days Intel SGX is a set of instructions that increases the security of
> > application code and data, giving them more protection from disclosure
> > or modification.
> > Developers can partition sensitive information into enclaves, which
> > are areas of execution in memory with more security protection.
> >
> > The typical flow looks below at very high level:
> >
> > 1. Calls virConnectGetDomainCapabilities API to domain capabilities
> > that includes the following SGX information.
> >
> > <feature>
> > ...
> >   <sgx supported='yes'>
> >     <epc_size unit='KiB'>N</epc_size>
> >   </sgx>
> > </feature>
> >
> > 2. User requests to start a guest calling virCreateXML() with SGX
> requirement.
> > It should contain
> >
> >  <devices>
> >       ...
> >       <memory model='sgx-epc'>
> >         <target>
> >           <size unit='KiB'>N</size>
> >         </target>
> >       </memory>
> >       ...
> >   </devices>
> >
> > Haibin Huang (2):
> >   Get SGX Capabilities from QEMU
> >   Transfer Qemu SGX Capabilities to XML
> >
> > Lin Yang (3):
> >   conf: Introduce SGX EPC element into device memory xml
> >   qemu: Add command-line to generate SGX EPC memory backend
> >   Add unit tests for guest VM creation command with SGX EPC
> 
> Next time please make sure that any patch you send is rebased onto the
> master branch that's at least somewhat current. I had to go all the way down
> to 7.8.0 to apply these (somewhere mid October). I believe libvirt is not the
> only project that mandates this.
> 
> I've uploaded these patches to my gitlab:
> 
> https://gitlab.com/MichalPrivoznik/libvirt/-/tree/sgx
> 
> You'll find 'fixup' commits there which cover some of the points I am raising.
> Might be worth looking at it. I'll keep the branch there for a while.
> 
> Michal