On Tue, 2021-09-07 at 17:51 +0800, Yang Zhong wrote: > On Mon, Sep 06, 2021 at 03:13:08PM +0200, Paolo Bonzini wrote: > > Hi, > > > > the monitor patches did not pass the test-hmp qtest, and also they > > should be in target/i386/monitor.c (see other commands that were > > implemented there for SEV). However, I've sent a pull request with > > the rest. > > > > Paolo, I have moved hmp and qmp codes to target/i386/monitor.c and also > fixed the issue with test tool(tests/qtest/test-hmp). This issue is caused > by 'machine none' test in the hmp, the previous patches only covered qmp > test in 'machine none' with Libvirt. > > So, the next issue: > 1) re-send all sgx basic patches(including monitors patches) to you? > 2) only send monitor patches in the next phase when the basic sgx patches > are merged? > > Regards, > > Yang > > > > Thanks, > > > > Paolo > > > > On Mon, Jul 19, 2021 at 1:27 PM Yang Zhong <yang.zh...@intel.com> wrote: > > > Since Sean Christopherson has left Intel and i am responsible for Qemu SGX > > > upstream work. His @intel.com address will be bouncing and his new email( > > > sea...@google.com) is also in CC lists. > > > > > > This series is Qemu SGX virtualization implementation rebased on latest > > > Qemu release. The numa support for SGX will be sent in another patchset > > > once this basic SGX patchset are merged. > > > > > > You can find Qemu repo here: > > > > > > https://github.com/intel/qemu-sgx.git upstream > > > > > > If you want to try SGX, you can directly install the linux release(at > > > least 5.13.0-rc1+) > > > since kvm SGX has been merged into linux release. > > > > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git > > > > > > To simplify, you'd better install linux on host and guest, which can > > > support > > > SGX on host and guest kernel. And to me, use below reference command to > > > boot > > > SGX guest: > > > > > > #qemu-system-x86_64 \ > > > ...... \ > > > -cpu host,+sgx-provisionkey \ > > > -object memory-backend-epc,id=mem1,size=64M,prealloc=on \ > > > -object memory-backend-epc,id=mem2,size=28M \
I would call these just "memory-backend-sgx". > > > -M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2 > > > > > > Overview > > > ======== > > > > > > Intel Software Guard eXtensions (SGX) is a set of instructions and > > > mechanisms > > > for memory accesses in order to provide security accesses for sensitive > > > applications and data. SGX allows an application to use it's pariticular > > > address space as an *enclave*, which is a protected area provides > > > confidentiality > > > and integrity even in the presence of privileged malware. Accesses to the > > > enclave memory area from any software not resident in the enclave are > > > prevented, > > > including those from privileged software. > > > > > > SGX virtaulization ~~~~~~~~~~~~~~ virtualization I'm using these patches now instead of "real" hardwave. It seems that 9th gen cores are now Linux compatible SGX. Maybe some ucode update has changed this because I don't recall this working before. /Jarkko