[libvirt] New Feature: Identify Intel SGX support
Carvalho, Larkins L
larkins.l.carvalho at intel.com
Mon Jul 8 15:24:29 UTC 2019
Hello Eric,
This was the initial announcement introducing new feature development.
There are no questions from our end at this point.
We will send more details regarding the feature in upcoming days.
Thanks,
Larkins
-----Original Message-----
From: Erik Skultety [mailto:eskultet at redhat.com]
Sent: Monday, July 1, 2019 12:11 AM
To: Carvalho, Larkins L <larkins.l.carvalho at intel.com>
Cc: libvir-list at redhat.com; Mohammed, Karimullah <karimullah.mohammed at intel.com>
Subject: Re: [libvirt] New Feature: Identify Intel SGX support
On Fri, Jun 28, 2019 at 09:36:35PM +0000, Carvalho, Larkins L wrote:
> Hello Team,
>
> Greetings!
>
> We want to identify if the platform is Intel Software Guard Extensions<https://software.intel.com/en-us/sgx> (SGX) capable. The management platform (ex. Openstack) can use this information to launch VM that can run secure application code and data.
> Intel(r) SGX offers hardware-based memory encryption that isolates specific application code and data in memory.
Hi,
so what exactly is the question here? Is it which code should be touched to provide this kind of hint to OpenStack? If so, then this would live either in the host or domain capabilities? Does libvirt need to do anything for SGX to be enabled for a guest (just like SEV, I guess MKTM is the one which is more like
SEV) or is the feature always enabled transparently? If it's always on, then this would live in the host capabilities, if it's a feature which requires a hypervisor support and the guest can be configured with explicitly to use it, then domain capabilities would be a better place to put this in.
If the question was different from what I've assumed above, then please correct me.
Regards,
Erik
More information about the libvir-list
mailing list