[libvirt][PATCH v9 0/5] Support query and use SGX
haibin.huang at intel.com
Tue Jan 11 01:25:02 UTC 2022
Thank you very much! I will see it.
> -----Original Message-----
> From: Michal Prívozník <mprivozn at redhat.com>
> Sent: Friday, January 7, 2022 11:06 PM
> To: Huang, Haibin <haibin.huang at intel.com>; libvir-list at redhat.com; Ding,
> Jian-feng <jian-feng.ding at intel.com>; Yang, Lin A <lin.a.yang at intel.com>; Lu,
> Lianhao <lianhao.lu at intel.com>; Zhong, Yang <yang.zhong at intel.com>
> Subject: Re: [libvirt][PATCH v9 0/5] Support query and use SGX
> On 12/15/21 04:40, Haibin Huang wrote:
> > This patch series provides support for enabling Intel's Software Guard
> > Extensions (SGX) feature in guest VM.
> > Giving the SGX support in QEMU be accepted and will be merged in two
> > days Intel SGX is a set of instructions that increases the security of
> > application code and data, giving them more protection from disclosure
> > or modification.
> > Developers can partition sensitive information into enclaves, which
> > are areas of execution in memory with more security protection.
> > The typical flow looks below at very high level:
> > 1. Calls virConnectGetDomainCapabilities API to domain capabilities
> > that includes the following SGX information.
> > <feature>
> > ...
> > <sgx supported='yes'>
> > <epc_size unit='KiB'>N</epc_size>
> > </sgx>
> > </feature>
> > 2. User requests to start a guest calling virCreateXML() with SGX
> > It should contain
> > <devices>
> > ...
> > <memory model='sgx-epc'>
> > <target>
> > <size unit='KiB'>N</size>
> > </target>
> > </memory>
> > ...
> > </devices>
> > Haibin Huang (2):
> > Get SGX Capabilities from QEMU
> > Transfer Qemu SGX Capabilities to XML
> > Lin Yang (3):
> > conf: Introduce SGX EPC element into device memory xml
> > qemu: Add command-line to generate SGX EPC memory backend
> > Add unit tests for guest VM creation command with SGX EPC
> Next time please make sure that any patch you send is rebased onto the
> master branch that's at least somewhat current. I had to go all the way down
> to 7.8.0 to apply these (somewhere mid October). I believe libvirt is not the
> only project that mandates this.
> I've uploaded these patches to my gitlab:
> You'll find 'fixup' commits there which cover some of the points I am raising.
> Might be worth looking at it. I'll keep the branch there for a while.
More information about the libvir-list