[libvirt][PATCH v13 0/6] Support query and use SGX

Daniel P. Berrangé berrange at redhat.com
Thu Jul 21 08:06:57 UTC 2022 

On Wed, Jul 20, 2022 at 11:12:56PM +0000, Yang, Lin A wrote:
> > This version is a bit better than the previous one. But we're at version
> > 13 and I am still unable to even start a guest. Please, make sure that this
> > basic functionality works in v14, because this is plain waste of precious
> > review bandwidth.
> > 
> > Anyway, as usual, I've uploaded my suggested fixes here:
> > 
> > https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx/
> 
> Sorry to hear it didn't work in your environment. We definitely tested it
> several times and it works well for both QEMU 6.2.0 and 7.0.0.
> 
> Let me try to reproduce it with the domain xml you shared before.
> 
> By my best guess, if you see "qemu-system-x86_64:***: 
> invalid object type: memory-backend-epc" error, it means QEMU didn't
> get enough permission to launch SGX VM.
> 
> Pls add /dev/sgx_vepc, /dev/sgx_enclave and /dev/sgx_provision to the 
> "cgroup_device_acl" list in /etc/libvirt/qemu.conf. QEMU requires those access
> to assign EPC, but it was denied  by libvirt’s cgroup controllers by default.
> 
> cgroup_device_acl = [  
>     "/dev/null", "/dev/full", "/dev/zero",  
>     ...
>     "/dev/sgx_vepc", 
>     "/dev/sgx_enclave”, 
>     "/dev/sgx_provision” 
> ] 
> 
> Also in /etc/libvirt/qemu.conf, set the runtime user to uid 0,  since QEMU needs to
> read and write to those sgx devices, like /dev/sgx_vepc. Unfortunately, it is owned
> by root with file mode 600, so QEMU has to launch as root. 
> 
> user = "+0"
> 
> It would be really helpful if you can use these steps to see whether it resolve 
> the issue. I will add a doc somewhere to include all steps are required for use to
> use sgx in libvirt.

The need to customize qemu.conf to change cgroups ACLs and set uid==0 makes
this patch series unusal in the real world deployments. It cannot be merged
with such problems existing.

Are the /dev/sgx* fundamentally required to be restricted to root access
only, or is it safe to make them accessible to non-root ? ie If a malicious
user has access to those files, what is the impact they have ? Bear in mind
that QEMU itself can be malicious if the guest compromises it.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list