[libvirt][PATCH RESEND v12 0/6] Support query and use SGX

lease note that SGX NUMA support will be implemented in future patches. Haibin Huang (4): Define SGX capabilities structs Get SGX capabilities form QMP Convert QMP capabilities to domain capabilities conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC el

[libvirt][PATCH RESEND v12 5/6] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... Signed-off-by: Lin Yang Signed-off-by: Haibin Huang --- docs/formatdomain.rst | 9 +++- src/conf/domain_conf.c| 6 +++ src/conf/domain_conf.h| 1 + src/conf

[libvirt][PATCH RESEND v12 6/6] qemu: Add command-line to generate SGX EPC memory backend

\ -machine sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1 Signed-off-by: Lin Yang Signed-off-by: Haibin Huang --- src/qemu/qemu_alias.c | 3 +- src/qemu/qemu_command.c | 53 +-- .../sgx-epc.x86_64-6.2.0.args

[libvirt][PATCH RESEND v12 4/6] conf: expose SGX feature in domain capabilities

Extend hypervisor capabilities to include sgx feature. When available, the hypervisor supports launching an VM with SGX on Intel platfrom. The SGX feature tag privides additional details like section size and sgx1 or sgx2. Signed-off-by: Haibin Huang --- docs/formatdomaincaps.rst

[libvirt][PATCH RESEND v12 3/6] Convert QMP capabilities to domain capabilities

the QMP capabilities: {"return": { "sgx": true, "section-size": 1024, "flc": true } } the domain capabilities: yes 1 Signed-off-by: Haibin Huang --- src/conf/schemas/domaincaps.rng

[libvirt][PATCH RESEND v12 2/6] Get SGX capabilities form QMP

t;: true } } the error reply: {"error": {"class": "GenericError", "desc": "SGX is not enabled in KVM"} } Signed-off-by: Haibin Huang --- src/qemu/qemu_monitor.c | 10 src/qemu/qemu_monitor.h | 3 + src/qemu/

[libvirt][PATCH RESEND v12 1/6] Define SGX capabilities structs

Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c | 10 ++ src/conf/domain_capabilities.h | 13 + src/libvirt_private.syms | 1 + 3 files changed, 24 insertions(+) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index

[libvirt][PATCH RESEND v10 5/5] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: #qemu-system-x86_64 \ .. \ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \ -object memory-backend-epc,id=mem2,size=28M \ -

[libvirt][PATCH RESEND v10 3/5] Add unit test for domaincapsdata sgx

Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c| 2 -- tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml| 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml| 1 + tests/domaincapsdata/empty.xml

[libvirt][PATCH RESEND v10 2/5] conf: expose SGX feature in domain capabilities

Extend hypervisor capabilities to include sgx feature. When available, the hypervisor supports launching an VM with SGX on Intel platfrom. The SGX feature tag privides additional details like section size and sgx1 or sgx2. Signed-off-by: Haibin Huang --- docs/formatdomaincaps.html.in | 26

[libvirt][PATCH RESEND v10 4/5] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... Signed-off-by: Lin Yang --- docs/formatdomain.rst | 9 +++- docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c| 6 +++ src/conf/domain_conf.h

[libvirt][PATCH RESEND v10 1/5] qemu: provide support to query the SGX capability

QEMU version >= 6.2.0 provides support for creating enclave on SGX x86 platform using Software Guard Extensions (SGX) feature. This patch adds support to query the SGX capability from the qemu. Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c| 10 ++ src/c

[libvirt][PATCH RESEND v10 0/5] Support query and use SGX

ntain ... N ... [1] https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg03534.html Haibin Huang (3): qemu: provide support to query the SGX capability conf: expose SGX feature in domain capabilities Add unit test for domaincapsdata sgx Lin Yang (2): conf: Intr

[libvirt][PATCH v10 4/5] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... Signed-off-by: Lin Yang --- docs/formatdomain.rst | 9 +++- docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c| 6 +++ src/conf/domain_conf.h

[libvirt][PATCH v10 3/5] Add unit test for domaincapsdata sgx

Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c| 2 -- tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml| 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml| 1 + tests/domaincapsdata/empty.xml

[libvirt][PATCH v10 1/5] qemu: provide support to query the SGX capability

QEMU version >= 6.2.0 provides support for creating enclave on SGX x86 platform using Software Guard Extensions (SGX) feature. This patch adds support to query the SGX capability from the qemu. Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c| 10 ++ src/c

[libvirt][PATCH v10 5/5] Update default CPU location in qemu QOM tree

From: Lin Yang --- src/qemu/qemu_monitor_json.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 811db233c4..8c7f088775 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @

[libvirt][PATCH v10 2/5] conf: expose SGX feature in domain capabilities

Extend hypervisor capabilities to include sgx feature. When available, the hypervisor supports launching an VM with SGX on Intel platfrom. The SGX feature tag privides additional details like section size and sgx1 or sgx2. Signed-off-by: Haibin Huang --- docs/formatdomaincaps.html.in | 26

[libvirt][PATCH v10 0/5] Support query and use SGX

/2022-01/msg03534.html Haibin Huang (3): qemu: provide support to query the SGX capability conf: expose SGX feature in domain capabilities Add unit test for domaincapsdata sgx Lin Yang (2): conf: Introduce SGX EPC element into device memory xml Update default CPU location in qemu QOM

[libvirt][PATCH v9 5/5] Add unit tests for guest VM creation command with SGX EPC

From: Lin Yang Two unit test files were added to verify qemu command generated with SGX EPC enabled with 6.2.0 qemu capability. Signed-off-by: Lin Yang --- .../sgx-epc.x86_64-6.2.0.args | 37 +++ tests/qemuxml2argvdata/sgx-epc.xml| 36 +++

[libvirt][PATCH v9 4/5] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: #qemu-system-x86_64 \ .. \ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \ -object memory-backend-epc,id=mem2,size=28M \ -

[libvirt][PATCH v9 3/5] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... Signed-off-by: Lin Yang --- docs/schemas/domaincommon.rng| 1 + src/conf/domain_conf.c | 6 ++ src/conf/domain_conf.h | 1 + src/conf/domain_validate.c | 1 + src/qemu/qemu_alias.c| 3 +++ src/

[libvirt][PATCH v9 2/5] Transfer Qemu SGX Capabilities to XML

Convert qemu sgx capabilities: {"sgx": true, "section-size": 0, "flc": false} to XML format: no 1 Signed-off-by: Haibin Huang --- docs/schemas/domaincaps.rng | 22 ++- src/conf/domain_capabilities.c

[libvirt][PATCH v9 1/5] Get SGX Capabilities from QEMU

The Qemu QMP provide the command "query-sgx-capabilities" libvirt call the command to get sgx capabilities {"execute":"query-sgx-capabilities"} {"return": {"sgx": true, "sgx1": true, "sgx2": false, "sectio

[libvirt][PATCH v9 0/5] Support query and use SGX

that includes the following SGX information. ... N 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain ... N ... Haibin Huang (2): Get SGX Capabilities from QEMU Transfer Qem

[libvirt][PATCH v8 2/5] Transfer Qemu SGX Capabilities to XML

Convert qemu sgx capabilities: {"sgx": true, "section-size": 0, "flc": false} to XML format: no 1 Signed-off-by: Haibin Huang --- docs/schemas/domaincaps.rng | 22 ++- src/conf/domain_capabilities.c

[libvirt][PATCH v8 4/5] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: #qemu-system-x86_64 \ .. \ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \ -object memory-backend-epc,id=mem2,size=28M \ -

[libvirt][PATCH v8 3/5] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... --- docs/schemas/domaincommon.rng| 1 + src/conf/domain_conf.c | 6 ++ src/conf/domain_conf.h | 1 + src/conf/domain_validate.c | 1 + src/qemu/qemu_alias.c| 3 +++ src/qemu/qemu_command.c

[libvirt][PATCH v8 0/5] Support query and use SGX

Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information. ... N 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain ... N ... Haibin Huang (2): Ge

[libvirt][PATCH v8 5/5] Add unit tests for guest VM creation command with SGX EPC

From: Lin Yang --- .../sgx-epc.x86_64-6.2.0.args | 37 +++ tests/qemuxml2argvdata/sgx-epc.xml| 36 ++ tests/qemuxml2argvtest.c | 2 + 3 files changed, 75 insertions(+) create mode 100644 tests/qemuxml2argvdata/sgx

[libvirt][PATCH v8 1/5] Get SGX Capabilities from QEMU

The Qemu QMP provide the command "query-sgx-capabilities" libvirt call the command to get sgx capabilities {"execute":"query-sgx-capabilities"} {"return": {"sgx": true, "sgx1": true, "sgx2": false, "sectio

[libvirt][PATCH v7 5/5] Add get domaincaps unit test

Signed-off-by: Haibin Huang --- tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml| 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml| 1 + tests/domaincapsdata/empty.xml| 1 + tests/domaincapsdata/libxl-xenfv.xml

[libvirt][PATCH v7 4/5] Support to query SGX capability

1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size Signed-off-by: Haibin Huang --- docs/schemas/domaincaps.rng| 19 - src/conf/domain_capabilities.c | 29 +++ src/conf/domain_capabilities.h | 13

[libvirt][PATCH v7 3/5] Add unit tests for guest VM creation command with SGX EPC

From: Lin Yang --- .../sgx-epc.x86_64-5.1.0.args | 37 + tests/qemuxml2argvdata/sgx-epc.xml| 40 +++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 78 insertions(+) create mode 100644 tests/qemuxml2argvdata/sgx-

[libvirt][PATCH v7 2/5] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: #qemu-system-x86_64 \ .. \ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \ -object memory-backend-epc,id=mem2,size=28M \ -

[libvirt][PATCH v7 1/5] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... --- docs/schemas/domaincommon.rng| 1 + src/conf/domain_conf.c | 5 + src/conf/domain_conf.h | 1 + src/conf/domain_validate.c | 1 + src/qemu/qemu_alias.c| 3 +++ src/qemu/qemu_command.c

[libvirt][PATCH v7 0/5] Support query and use SGX

Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information. ... N 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain ... N ... Haibin Huang (2): Su

[PATCH 5/5] Add get domaincaps unit test

Signed-off-by: Haibin Huang --- tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml| 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml| 1 + tests/domaincapsdata/empty.xml| 1 + tests/domaincapsdata/libxl-xenfv.xml

[PATCH 2/5] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: #qemu-system-x86_64 \ .. \ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \ -object memory-backend-epc,id=mem2,size=28M \ -

[PATCH 4/5] Support to query SGX capability

1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size Signed-off-by: Haibin Huang --- docs/schemas/domaincaps.rng| 19 - src/conf/domain_capabilities.c | 29 +++ src/conf/domain_capabilities.h | 13

[PATCH 3/5] Add unit tests for guest VM creation command with SGX EPC

From: Lin Yang --- .../sgx-epc.x86_64-5.1.0.args | 37 + tests/qemuxml2argvdata/sgx-epc.xml| 40 +++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 78 insertions(+) create mode 100644 tests/qemuxml2argvdata/sgx-

[PATCH 1/5] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... --- docs/schemas/domaincommon.rng| 1 + src/conf/domain_conf.c | 5 + src/conf/domain_conf.h | 1 + src/conf/domain_validate.c | 1 + src/qemu/qemu_alias.c| 3 +++ src/qemu/qemu_command.c

[libvirt][PATCH v6 4/6] Add unit tests for guest VM creation command with SGX EPC

From: Lin Yang --- .../sgx-epc.x86_64-5.1.0.args | 41 +++ tests/qemuxml2argvdata/sgx-epc.xml| 40 ++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 82 insertions(+) create mode 100644 tests/qemuxml2argvdata/sgx

[libvirt][PATCH v6 3/6] Support to query SGX capability

1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size 4.Delete sgx1 and sgx2 5.add unit test for get capabilities Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c| 29 src/conf

[libvirt][PATCH v6 1/6] conf: Introduce SGX EPC element into device memory xml

From: Lin Yang ... 512 ... --- docs/schemas/domaincommon.rng| 1 + src/conf/domain_conf.c | 4 src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 1 + src/qemu/qemu_domain.c | 2 ++ src/security/security_apparmor.c

[libvirt][PATCH v6 5/6] Add dommaincaps unit test

Signed-off-by: Haibin Huang --- docs/schemas/domaincaps.rng | 17 + 1 file changed, 17 insertions(+) diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng index 325581476d..a9fd21fcb6 100644 --- a/docs/schemas/domaincaps.rng +++ b/docs/schemas/domaincaps.rng

[libvirt][PATCH v6 2/6] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: #qemu-system-x86_64 \ .. \ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \ -object memory-backend-epc,id=mem2,size=28M \ -

[libvirt][PATCH v6 0/6] Support query and use SGX

s the following SGX information. ... N 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain ... N ... Haibin Huang (3): Support to query SGX capability Add dommaincaps unit

[libvirt][PATCH v5 1/6] conf: Introduce SGX related element into domain xml

From: Lin Yang    1024 --- docs/schemas/domaincommon.rng | 62 +--- src/conf/domain_conf.c| 128 ++ src/conf/domain_conf.h| 10 +++ src/conf/virconftypes.h | 3 + 4 files changed, 149 insertions(+), 54 deletions(-) dif

[libvirt][PATCH v5 3/6] Support to query SGX capability

1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size 4.Delete sgx1 and sgx2 Signed-off-by: Haibin Huang --- docs/schemas/domaincaps.rng| 20 + src/conf/domain_capabilities.c | 29 +++ src/conf

[libvirt][PATCH v5 5/6] Add create guest unit test

Signed-off-by: Haibin Huang --- .../launch-security-sgx.xml | 20 ++ tests/genericxml2xmltest.c| 1 + .../launch-security-sgx.x86_64-5.1.0.args | 40 +++ .../qemuxml2argvdata/launch-security-sgx.xml | 34 tests

[libvirt][PATCH v5 4/6] Add guest use sgx document

Signed-off-by: Haibin Huang --- docs/formatdomain.rst | 28 +++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 218f0c1718..d7319133ac 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst

[libvirt][PATCH v5 0/6] Support query and use SGX

s the following SGX information. ... N 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain N Haibin Huang (4): Support to query SGX capability Add guest use sgx document Add create guest unit test Add get qem

[libvirt][PATCH v5 2/6] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: -object memory-backend-epc,id=mem1,size=K,prealloc \ -sgx-epc id=epc1,memdev=mem1 --- src/qemu/qemu_command.c | 23 +++ 1 file changed, 23 inse

[libvirt][PATCH v4 3/4] qemu: Add command-line to enable SGX

From: Lin Yang If SGX is defined in domain, add the argument to enable SGX in -cpu : -cpu ,+sgx,+sgx-debug,+sgx1,+sgx-encls-c, +sgx-enclv,+sgx-exinfo,+sgx-kss,+sgx-mode64, +sgx-provisionkey,+sgx-tokenkey,+sgx2,+sgxlc --- src/qemu/qemu_command.c | 6 ++ 1 file changed, 6 insertio

[libvirt][PATCH v4 4/4] Support to query SGX capability

1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size 4.Delete sgx1 and sgx2 5.add unit test for get capabilities Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c| 29 src/conf

[libvirt][PATCH v4 0/4] Support query and use SGX

s the following SGX information. ... N 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain N Haibin Huang (1): Support to query SGX capability Lin Yang (3): conf: Introduce SGX related element into domain xml qemu: Add co

[libvirt][PATCH v4 2/4] qemu: Add command-line to generate SGX EPC memory backend

From: Lin Yang According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: -object memory-backend-epc,id=mem1,size=K,prealloc \ -sgx-epc id=epc1,memdev=mem1 --- src/qemu/qemu_command.c | 24 1 file changed, 24 ins

[libvirt][PATCH v4 1/4] conf: Introduce SGX related element into domain xml

From: Lin Yang    1024 --- src/conf/domain_conf.c | 106 +--- src/conf/domain_conf.h | 10 src/conf/virconftypes.h | 3 ++ 3 files changed, 91 insertions(+), 28 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index e