https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1346235#M5079 <P>Hello All,</P> <P>Linux version 5.14.9-custom<BR />QEMU emulator version 6.2.0 (v6.2.0)</P> <P>I am able to start a testvm using following commandline,</P> <P>`sudo qemu-system-x86_64 -nographic -enable-kvm -cpu host,+sgx -object memory-backend-epc,id=mem1,size=8M,prealloc=on -object mem0.memdev<BR />`</P> <P>But when I try the same with libvirt, I am getting this,<BR />`error: internal error: unable to execute QEMU command 'qom-get': Property 'sgx-epc.unavailable-features' not found<BR />`</P> <P>testvm.xml content:<BR />`&lt;domain type='kvm' xmlns:qemu='<A href="http://libvirt.org/schemas/domain/qemu/1.0" target="_blank">http://libvirt.org/schemas/domain/qemu/1.0</A>'&gt;<BR />&lt;name&gt;test&lt;/name&gt;<BR />&lt;uuid&gt;3d5bba5b-0b5b-4b2b-a425-171fe9b31140&lt;/uuid&gt;<BR />&lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;<BR />&lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;<BR />&lt;vcpu placement='static'&gt;1&lt;/vcpu&gt;<BR />&lt;os&gt;<BR />&lt;type arch='x86_64' machine='pc-i440fx-6.2'&gt;hvm&lt;/type&gt;<BR />&lt;loader readonly='yes' type='pflash'&gt;/usr/share/OVMF/OVMF_CODE.fd&lt;/loader&gt;<BR />&lt;nvram&gt;/var/lib/libvirt/qemu/nvram/testvm_VARS.fd&lt;/nvram&gt;<BR />&lt;boot dev='hd'/&gt;<BR />&lt;/os&gt;<BR />&lt;features&gt;<BR />&lt;acpi/&gt;<BR />&lt;apic/&gt;<BR />&lt;pae/&gt;<BR />&lt;/features&gt;<BR />&lt;cpu mode='custom' match='exact' check='none'&gt;<BR />&lt;model fallback='forbid'&gt;qemu64&lt;/model&gt;<BR />&lt;/cpu&gt;<BR />&lt;clock offset='utc'/&gt;<BR />&lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;<BR />&lt;on_reboot&gt;restart&lt;/on_reboot&gt;<BR />&lt;on_crash&gt;restart&lt;/on_crash&gt;<BR />&lt;devices&gt;<BR />&lt;emulator&gt;/usr/local/bin/qemu-system-x86_64&lt;/emulator&gt;<BR />&lt;disk type='file' device='disk'&gt;<BR />&lt;driver name='qemu' type='qcow2' cache='none' io='threads'/&gt;<BR />&lt;source file='/home/sas/testvm.qcow2'/&gt;<BR />&lt;target dev='vda' bus='virtio'/&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/&gt;<BR />&lt;/disk&gt;<BR />&lt;controller type='ide' index='0'&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/&gt;<BR />&lt;/controller&gt;<BR />&lt;controller type='usb' index='0' model='piix3-uhci'&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/&gt;<BR />&lt;/controller&gt;<BR />&lt;controller type='pci' index='0' model='pci-root'/&gt;<BR />&lt;input type='mouse' bus='ps2'/&gt;<BR />&lt;input type='keyboard' bus='ps2'/&gt;<BR />&lt;memballoon model='virtio'&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/&gt;<BR />&lt;/memballoon&gt;<BR />&lt;/devices&gt;<BR />&lt;qemu:commandline&gt;<BR />&lt;qemu:arg value='-cpu'/&gt;<BR />&lt;qemu:arg value='host,+sgx,+sgxlc'/&gt;<BR />&lt;qemu:arg value='-object'/&gt;<BR />&lt;qemu:arg value='memory-backend-epc,id=mem1,size=8M,prealloc=on'/&gt;<BR />&lt;qemu:arg value='-machine'/&gt;<BR />&lt;qemu:arg value='sgx-epc.0.memdev=mem1'/&gt;<BR />&lt;/qemu:commandline&gt;<BR />&lt;/domain&gt;<BR />`</P> <P><BR />SGX virtualization document not updated for the latest qemu version. <A href="https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-guard-extensions-with-kvm-and-qemu.html" target="_blank">https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-guard-extensions-with-kvm-and-qemu.html</A></P> <P>&nbsp;</P> Thu, 23 Dec 2021 11:13:38 GMT Anandakumar 2021-12-23T11:13:38Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1345955#M5076 <P>Hello,</P> <P>&nbsp;</P> <P>I am posting this again because no updates for past 20 days.</P> <P><A href="https://community.intel.com/t5/Intel-Software-Guard-Extensions/Please-update-the-Intel-SGX-VM-document/m-p/1340504#M5021" target="_blank">https://community.intel.com/t5/Intel-Software-Guard-Extensions/Please-update-the-Intel-SGX-VM-document/m-p/1340504#M5021</A></P> <P>&nbsp;</P> <LI-CODE lang="markup">https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-gua... The above document has steps to install QEMU from https://github.com/intel/qemu-sgx. Now the official QEMU repo has included the intel SGX changes from version 6.1.50 it seems. There are few differences in VM flags and configuration in new versions. ex: -sgx-epc flag is not supported in the new version. So please do update the documentation with proper vm xml configurations for new QEMU version.</LI-CODE> Wed, 22 Dec 2021 10:59:16 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1345955#M5076 Anandakumar 2021-12-22T10:59:16Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1346235#M5079 <P>Hello All,</P> <P>Linux version 5.14.9-custom<BR />QEMU emulator version 6.2.0 (v6.2.0)</P> <P>I am able to start a testvm using following commandline,</P> <P>`sudo qemu-system-x86_64 -nographic -enable-kvm -cpu host,+sgx -object memory-backend-epc,id=mem1,size=8M,prealloc=on -object mem0.memdev<BR />`</P> <P>But when I try the same with libvirt, I am getting this,<BR />`error: internal error: unable to execute QEMU command 'qom-get': Property 'sgx-epc.unavailable-features' not found<BR />`</P> <P>testvm.xml content:<BR />`&lt;domain type='kvm' xmlns:qemu='<A href="http://libvirt.org/schemas/domain/qemu/1.0" target="_blank">http://libvirt.org/schemas/domain/qemu/1.0</A>'&gt;<BR />&lt;name&gt;test&lt;/name&gt;<BR />&lt;uuid&gt;3d5bba5b-0b5b-4b2b-a425-171fe9b31140&lt;/uuid&gt;<BR />&lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;<BR />&lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;<BR />&lt;vcpu placement='static'&gt;1&lt;/vcpu&gt;<BR />&lt;os&gt;<BR />&lt;type arch='x86_64' machine='pc-i440fx-6.2'&gt;hvm&lt;/type&gt;<BR />&lt;loader readonly='yes' type='pflash'&gt;/usr/share/OVMF/OVMF_CODE.fd&lt;/loader&gt;<BR />&lt;nvram&gt;/var/lib/libvirt/qemu/nvram/testvm_VARS.fd&lt;/nvram&gt;<BR />&lt;boot dev='hd'/&gt;<BR />&lt;/os&gt;<BR />&lt;features&gt;<BR />&lt;acpi/&gt;<BR />&lt;apic/&gt;<BR />&lt;pae/&gt;<BR />&lt;/features&gt;<BR />&lt;cpu mode='custom' match='exact' check='none'&gt;<BR />&lt;model fallback='forbid'&gt;qemu64&lt;/model&gt;<BR />&lt;/cpu&gt;<BR />&lt;clock offset='utc'/&gt;<BR />&lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;<BR />&lt;on_reboot&gt;restart&lt;/on_reboot&gt;<BR />&lt;on_crash&gt;restart&lt;/on_crash&gt;<BR />&lt;devices&gt;<BR />&lt;emulator&gt;/usr/local/bin/qemu-system-x86_64&lt;/emulator&gt;<BR />&lt;disk type='file' device='disk'&gt;<BR />&lt;driver name='qemu' type='qcow2' cache='none' io='threads'/&gt;<BR />&lt;source file='/home/sas/testvm.qcow2'/&gt;<BR />&lt;target dev='vda' bus='virtio'/&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/&gt;<BR />&lt;/disk&gt;<BR />&lt;controller type='ide' index='0'&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/&gt;<BR />&lt;/controller&gt;<BR />&lt;controller type='usb' index='0' model='piix3-uhci'&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/&gt;<BR />&lt;/controller&gt;<BR />&lt;controller type='pci' index='0' model='pci-root'/&gt;<BR />&lt;input type='mouse' bus='ps2'/&gt;<BR />&lt;input type='keyboard' bus='ps2'/&gt;<BR />&lt;memballoon model='virtio'&gt;<BR />&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/&gt;<BR />&lt;/memballoon&gt;<BR />&lt;/devices&gt;<BR />&lt;qemu:commandline&gt;<BR />&lt;qemu:arg value='-cpu'/&gt;<BR />&lt;qemu:arg value='host,+sgx,+sgxlc'/&gt;<BR />&lt;qemu:arg value='-object'/&gt;<BR />&lt;qemu:arg value='memory-backend-epc,id=mem1,size=8M,prealloc=on'/&gt;<BR />&lt;qemu:arg value='-machine'/&gt;<BR />&lt;qemu:arg value='sgx-epc.0.memdev=mem1'/&gt;<BR />&lt;/qemu:commandline&gt;<BR />&lt;/domain&gt;<BR />`</P> <P><BR />SGX virtualization document not updated for the latest qemu version. <A href="https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-guard-extensions-with-kvm-and-qemu.html" target="_blank">https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-guard-extensions-with-kvm-and-qemu.html</A></P> <P>&nbsp;</P> Thu, 23 Dec 2021 11:13:38 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1346235#M5079 Anandakumar 2021-12-23T11:13:38Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1346304#M5080 <P>Thanks for your inquiry. I will pass it along to engineering, however, due to the holidays we will probably not get back to you until early January. </P><BR /> Thu, 23 Dec 2021 18:13:36 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1346304#M5080 ChrisB_Intel 2021-12-23T18:13:36Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1346534#M5082 <P>Hello All,</P> <P>&nbsp;</P> <P>Below patch working fine.</P> <P><A href="https://lore.kernel.org/qemu-devel/20211130121536.GA32686@yangzhon-Virtual/" target="_blank">https://lore.kernel.org/qemu-devel/20211130121536.GA32686@yangzhon-Virtual/</A></P> Fri, 24 Dec 2021 16:28:50 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Repost-Please-update-the-Intel-SGX-VM-document/m-p/1346534#M5082 Anandakumar 2021-12-24T16:28:50Z