<cbitpos>47</cbitpos>
<reduced-phys-bits>1</reduced-phys-bits>
</sev>
+ <sgx supported='yes'>
+ <flc>no</flc>
+ <sgx1>yes</sgx1>
+ <sgx2>no</sgx2>
+ <section_size unit='KiB'>524288</section_size>
+ <sections>
+ <section node='0' size='262144' unit='KiB'/>
+ <section node='1' size='262144' unit='KiB'/>
+ </sections>
+ </sgx>
</features>
</domainCapabilities>
``maxESGuests``
The maximum number of SEV-ES guests that can be launched on the host. This
value may be configurable in the firmware for some hosts.
+
+SGX capabilities
+^^^^^^^^^^^^^^^^
+
+Intel Software Guard Extensions (Intel SGX) capabilities are exposed under the
+``sgx`` element.
+
+Intel SGX helps protect data in use via unique application isolation technology.
+Protect selected code and data from modification using hardened enclaves with
+Intel SGX.
+
+For more details on the SGX feature, please follow resources in the SGX developer's
+document store. In order to use SGX with libvirt have a look at `SGX in domain XML
+<formatdomain.html#memory-devices>`__
+
+``flc``
+ FLC (Flexible Launch Control), not strictly part of SGX2, but was not part of
+ original SGX hardware either.
+
+``sgx1``
+ the sgx version 1.
+
+``sgx2``
+ The sgx version 2.
+
+``section_size``
+ The size of the SGX enclave page cache (called EPC).
+
+``sections``
+ The sections of the SGX enclave page cache (called EPC).
virObjectUnref(caps->cpu.custom);
virCPUDefFree(caps->cpu.hostModel);
virSEVCapabilitiesFree(caps->sev);
+ virSGXCapabilitiesFree(caps->sgx);
values = &caps->os.loader.values;
for (i = 0; i < values->nvalues; i++)
virBufferAddLit(buf, "</sev>\n");
}
+static void
+virDomainCapsFeatureSGXFormat(virBuffer *buf,
+ const virSGXCapability *sgx)
+{
+ if (!sgx) {
+ virBufferAddLit(buf, "<sgx supported='no'/>\n");
+ return;
+ }
+
+ virBufferAddLit(buf, "<sgx supported='yes'>\n");
+ virBufferAdjustIndent(buf, 2);
+ virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no");
+ virBufferAsprintf(buf, "<sgx1>%s</sgx1>\n", sgx->sgx1 ? "yes" : "no");
+ virBufferAsprintf(buf, "<sgx2>%s</sgx2>\n", sgx->sgx2 ? "yes" : "no");
+ virBufferAsprintf(buf, "<section_size unit='KiB'>%llu</section_size>\n", sgx->section_size);
+
+ if (sgx->nSgxSections > 0) {
+ size_t i;
+
+ virBufferAddLit(buf, "<sections>\n");
+
+ for (i = 0; i < sgx->nSgxSections; i++) {
+ virBufferAdjustIndent(buf, 2);
+ virBufferAsprintf(buf, "<section node='%d' ", sgx->sgxSections[i].node);
+ virBufferAsprintf(buf, "size='%llu' ", sgx->sgxSections[i].size);
+ virBufferAddLit(buf, "unit='KiB'/>\n");
+ virBufferAdjustIndent(buf, -2);
+ }
+ virBufferAddLit(buf, "</sections>\n");
+ }
+
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</sgx>\n");
+}
static void
virDomainCapsFormatFeatures(const virDomainCaps *caps,
}
virDomainCapsFeatureSEVFormat(&childBuf, caps->sev);
+ virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx);
virXMLFormatElement(buf, "features", NULL, &childBuf);
}
<optional>
<ref name="sev"/>
</optional>
+ <optional>
+ <ref name="sgx"/>
+ </optional>
</element>
</define>
</element>
</define>
+ <define name="sgx">
+ <element name="sgx">
+ <ref name="supported"/>
+ <optional>
+ <element name="flc">
+ <ref name="virYesNo"/>
+ </element>
+ <element name="sgx1">
+ <ref name="virYesNo"/>
+ </element>
+ <element name="sgx2">
+ <ref name="virYesNo"/>
+ </element>
+ <element name="section_size">
+ <attribute name="unit">
+ <value>KiB</value>
+ </attribute>
+ <data type="unsignedLong"/>
+ </element>
+ <optional>
+ <element name="sections">
+ <zeroOrMore>
+ <element name="section">
+ <attribute name="node">
+ <data type="unsignedInt"/>
+ </attribute>
+ <attribute name="size">
+ <data type="unsignedLong"/>
+ </attribute>
+ <attribute name="unit">
+ <value>KiB</value>
+ </attribute>
+ </element>
+ </zeroOrMore>
+ </element>
+ </optional>
+ </optional>
+ </element>
+ </define>
+
<define name="value">
<zeroOrMore>
<element name="value">
}
}
+/**
+ * virQEMUCapsFillDomainFeatureSGXCaps:
+ * @qemuCaps: QEMU capabilities
+ * @domCaps: domain capabilities
+ *
+ * Take the information about SGX capabilities that has been obtained
+ * using the 'query-sgx-capabilities' QMP command and stored in @qemuCaps
+ * and convert it to a form suitable for @domCaps.
+ */
+static void
+virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCaps *qemuCaps,
+ virDomainCaps *domCaps)
+{
+ virQEMUCapsSGXInfoCopy(&domCaps->sgx, qemuCaps->sgxCapabilities);
+}
int
virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps);
virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps);
virQEMUCapsFillDomainFeatureS390PVCaps(qemuCaps, domCaps);
+ virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps);
return 0;
}
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
</devices>
<features>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backup supported='no'/>
<s390-pv supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backup supported='no'/>
<s390-pv supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<maxGuests>59</maxGuests>
<maxESGuests>450</maxESGuests>
</sev>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<maxGuests>59</maxGuests>
<maxESGuests>450</maxESGuests>
</sev>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='no'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backup supported='no'/>
<s390-pv supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<maxGuests>59</maxGuests>
<maxESGuests>450</maxESGuests>
</sev>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='yes'>
+ <flc>no</flc>
+ <sgx1>yes</sgx1>
+ <sgx2>no</sgx2>
+ <section_size unit='KiB'>524288</section_size>
+ <sections>
+ <section node='0' size='262144' unit='KiB'/>
+ <section node='1' size='262144' unit='KiB'/>
+ </sections>
+ </sgx>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='yes'>
+ <flc>no</flc>
+ <sgx1>yes</sgx1>
+ <sgx2>no</sgx2>
+ <section_size unit='KiB'>524288</section_size>
+ <sections>
+ <section node='0' size='262144' unit='KiB'/>
+ <section node='1' size='262144' unit='KiB'/>
+ </sections>
+ </sgx>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='yes'>
+ <flc>no</flc>
+ <sgx1>yes</sgx1>
+ <sgx2>no</sgx2>
+ <section_size unit='KiB'>524288</section_size>
+ <sections>
+ <section node='0' size='262144' unit='KiB'/>
+ <section node='1' size='262144' unit='KiB'/>
+ </sections>
+ </sgx>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<sev supported='no'/>
+ <sgx supported='no'/>
</features>
</domainCapabilities>
projects / libvirt.git / commitdiff