[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 00/33] Qemu SGX virtualization
From: |
Jarkko Sakkinen |
Subject: |
Re: [PATCH v4 00/33] Qemu SGX virtualization |
Date: |
Tue, 07 Sep 2021 16:35:26 +0300 |
User-agent: |
Evolution 3.36.5-0ubuntu1 |
On Tue, 2021-09-07 at 17:51 +0800, Yang Zhong wrote:
> On Mon, Sep 06, 2021 at 03:13:08PM +0200, Paolo Bonzini wrote:
> > Hi,
> >
> > the monitor patches did not pass the test-hmp qtest, and also they
> > should be in target/i386/monitor.c (see other commands that were
> > implemented there for SEV). However, I've sent a pull request with
> > the rest.
> >
>
> Paolo, I have moved hmp and qmp codes to target/i386/monitor.c and also
> fixed the issue with test tool(tests/qtest/test-hmp). This issue is caused
> by 'machine none' test in the hmp, the previous patches only covered qmp
> test in 'machine none' with Libvirt.
>
> So, the next issue:
> 1) re-send all sgx basic patches(including monitors patches) to you?
> 2) only send monitor patches in the next phase when the basic sgx patches
> are merged?
>
> Regards,
>
> Yang
>
>
> > Thanks,
> >
> > Paolo
> >
> > On Mon, Jul 19, 2021 at 1:27 PM Yang Zhong <yang.zhong@intel.com> wrote:
> > > Since Sean Christopherson has left Intel and i am responsible for Qemu SGX
> > > upstream work. His @intel.com address will be bouncing and his new email(
> > > seanjc@google.com) is also in CC lists.
> > >
> > > This series is Qemu SGX virtualization implementation rebased on latest
> > > Qemu release. The numa support for SGX will be sent in another patchset
> > > once this basic SGX patchset are merged.
> > >
> > > You can find Qemu repo here:
> > >
> > > https://github.com/intel/qemu-sgx.git upstream
> > >
> > > If you want to try SGX, you can directly install the linux release(at
> > > least 5.13.0-rc1+)
> > > since kvm SGX has been merged into linux release.
> > >
> > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> > >
> > > To simplify, you'd better install linux on host and guest, which can
> > > support
> > > SGX on host and guest kernel. And to me, use below reference command to
> > > boot
> > > SGX guest:
> > >
> > > #qemu-system-x86_64 \
> > > ...... \
> > > -cpu host,+sgx-provisionkey \
> > > -object memory-backend-epc,id=mem1,size=64M,prealloc=on \
> > > -object memory-backend-epc,id=mem2,size=28M \
I would call these just "memory-backend-sgx".
> > > -M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2
> > >
> > > Overview
> > > ========
> > >
> > > Intel Software Guard eXtensions (SGX) is a set of instructions and
> > > mechanisms
> > > for memory accesses in order to provide security accesses for sensitive
> > > applications and data. SGX allows an application to use it's pariticular
> > > address space as an *enclave*, which is a protected area provides
> > > confidentiality
> > > and integrity even in the presence of privileged malware. Accesses to the
> > > enclave memory area from any software not resident in the enclave are
> > > prevented,
> > > including those from privileged software.
> > >
> > > SGX virtaulization
~~~~~~~~~~~~~~
virtualization
I'm using these patches now instead of "real" hardwave. It seems that
9th gen cores are now Linux compatible SGX. Maybe some ucode update
has changed this because I don't recall this working before.
/Jarkko