This QMP query command can be used by some userspaces to retrieve
the SGX information when SGX is enabled on Intel platform.
Signed-off-by: Yang Zhong
---
monitor/qmp-cmds.c | 6 ++
qapi/misc.json | 42 ++
tests/qtest/qmp-cmd-test.c |
From: Sean Christopherson
KVM_CAP_SGX_ATTRIBUTE is a proposed capability for Intel SGX that can be
used by userspace to enable privileged attributes, e.g. access to the
PROVISIONKEY.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
linux-headers/linux/kvm.h | 1 +
1 file chang
From: Sean Christopherson
SGX capabilities are enumerated through CPUID_0x12.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 63253bf606..41050960c5 100644
-
From: Sean Christopherson
CPUID leaf 12_1_EAX is an Intel-defined feature bits leaf enumerating
the platform's SGX capabilities that may be utilized by an enclave, e.g.
whether or not an enclave can gain access to the provision key.
Currently there are six capabilities:
- INIT: set when the en
From: Sean Christopherson
If the guest want to fully use SGX, the guest needs to be able to
access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to
support provisioning key to KVM guests.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c |
From: Sean Christopherson
Add helpers to detect if SGX EPC exists above 4g, and if so, where SGX
EPC above 4g ends. Use the helpers to adjust the device memory range
if SGX EPC exists above 4g.
For multiple virtual EPC sections, we just put them together physically
contiguous for the simplicity
From: Sean Christopherson
Expose SGX to the guest if and only if KVM is enabled and supports
virtualization of SGX. While the majority of ENCLS can be emulated to
some degree, because SGX uses a hardware-based root of trust, the
attestation aspects of SGX cannot be emulated in software, i.e.
ult
From: Sean Christopherson
The SGX sub-leafs are enumerated at CPUID 0x12. Indices 0 and 1 are
always present when SGX is supported, and enumerate SGX features and
capabilities. Indices >=2 are directly correlated with the platform's
EPC sections. Because the number of EPC sections is dynamic a
From: Sean Christopherson
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc_q35.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 53450190f5..e7af2
From: Sean Christopherson
The ACPI Device entry for SGX EPC is essentially a hack whose primary
purpose is to provide software with a way to autoprobe SGX support,
e.g. to allow software to implement SGX support as a driver. Details
on the individual EPC sections are not enumerated through ACPI
Add the sgx_memory_backend_reset() interface to handle EPC backend
reset when VM is reset. This reset function will destroy previous
backend memory region and re-mmap the EPC section for guest.
Signed-off-by: Yang Zhong
---
backends/hostmem-epc.c | 16
include/hw/i386/pc.h |
Daniel P. Berrangé writes:
> On Thu, Apr 29, 2021 at 11:59:41AM +0200, Markus Armbruster wrote:
>> Myself, but I only documented it; it's actually Kevin Wolf:
>>
>> ``blockdev-open-tray``, ``blockdev-close-tray`` argument ``device``
>> (since 2.8.0)
>>
>> ''
The command can be used to show the SGX information in the monitor
when SGX is enabled on intel platform.
Signed-off-by: Yang Zhong
---
hmp-commands-info.hx | 15 +++
include/monitor/hmp.h | 1 +
monitor/hmp-cmds.c| 6 ++
3 files changed, 22 insertions(+)
diff --git a/hmp
Add the sgx_get_info() interface for hmp and QMP usage, which
will get the SGX info from this API.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 22 ++
include/hw/i386/pc.h | 1 +
include/hw/i386/sgx-epc.h | 1 +
monitor/hmp-cmds.c| 20 +
If the VM is reset, we need make sure sgx virt epc in clean status.
Once the VM is reset, and sgx epc virt device will be reseted by
reset callback registered by qemu_register_reset(). Since this epc
virt device depend on backend, this reset will call backend reset
interface to re-mmap epc to guest
The libvirt can use qmp_query_sgx_capabilities() to get the host
sgx capabilitis.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 66 ++
include/hw/i386/pc.h | 1 +
monitor/qmp-cmds.c | 5 +++
qapi/misc.json | 19
The Qemu should enable bit mask macro like Linux did in the
kernel, the GENMASK(h, l) and GENMASK_ULL(h, l) will set the
bit to 1 from l to h bit in the 32 bit or 64 bit long type.
Signed-off-by: Yang Zhong
---
include/qemu/bitops.h | 7 +++
1 file changed, 7 insertions(+)
diff --git a/incl
Since there is no fill_device_info() callback support, and when we
execute "info memory-devices" command in the monitor, the segfault
will be found.
This patch will add this callback support and "info memory-devices"
will show sgx epc memory exposed to guest. The result as below:
qemu) info memor
On Fri, Apr 30, 2021 at 01:09:00PM +0800, wangyanan (Y) wrote:
> Hi Drew,
>
> On 2021/4/29 19:02, Andrew Jones wrote:
> > On Thu, Apr 29, 2021 at 04:56:06PM +0800, wangyanan (Y) wrote:
> > > On 2021/4/29 15:16, Andrew Jones wrote:
> > > > On Thu, Apr 29, 2021 at 10:14:37AM +0800, wangyanan (Y) wro
Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
default enable sgx in the i386 platform.
Signed-off-by: Yang Zhong
---
backends/meson.build | 2 +-
default-configs/devices/i386-softmmu.mak | 1 +
hw/i386/Kconfig | 5 +
hw/i386/m
From: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
docs/intel-sgx.txt | 173 +
1 file changed, 173 insertions(+)
create mode 100644 docs/intel-sgx.txt
diff --git a/docs/intel-sgx.txt b/docs/intel-sgx.txt
new
301 - 321 of 321 matches
Mail list logo
