[libvirt][PATCH v5 4/6] Add guest use sgx document
Haibin Huang
haibin.huang at intel.com
Thu Jul 15 07:02:59 UTC 2021
Signed-off-by: Haibin Huang <haibin.huang at intel.com>
---
docs/formatdomain.rst | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 218f0c1718..d7319133ac 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -7377,7 +7377,7 @@ Note: DEA/TDEA is synonymous with DES/TDES.
Launch Security
---------------
-
+The Security includes sev and sgx.
The contents of the ``<launchSecurity type='sev'>`` element is used to provide
the guest owners input used for creating an encrypted VM using the AMD SEV
feature (Secure Encrypted Virtualization). SEV is an extension to the AMD-V
@@ -7448,6 +7448,32 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf>`__
session blob defined in the SEV API spec. See SEV spec LAUNCH_START section
for the session blob format.
+The contents of the ``<launchSecurity type='sgx'>`` element is used to provide
+the guest owners input used for creating an encrypted VM using the INTEL SGX
+feature (Software Guard Extensions). Intel SGX is a technology that was developed
+to meet the needs of the Trusted Computing industry. It allows user-land code
+to create private memory regions, called enclaves, that are isolated from other
+process running at the same or higher privilege levels. The code running inside
+an enclave is effectively isolated from other applications, the operating system,
+the hyper-visor, et cetera. For more information see the `SGX
+developer Guide <https://software.intel.com/content/www/us/en/develop/documentation/sgx-developer-guide/top.html>`__
+
+::
+
+ <domain>
+ ...
+ <launchSecurity type='sgx'>
+ <epc_size unit='KiB'>1024</epc_size>
+ </launchSecurity>
+ ...
+ </domain>
+
+``epc_size``
+ The required ``epc_size`` element are limited developers should endeavor to
+ keep their applications small.enclave size. The value of ``epc_size`` is
+ hypervisor dependent and can be obtained through the ``sgx`` element from
+ the domain capabilities.
+
:anchor:`<a id="examples"/>`
Example configs
--
2.17.1
More information about the libvir-list
mailing list