Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Repost - Please update the Intel SGX VM document

Anandakumar
New Contributor II
582 Views

Hello,

 

I am posting this again because no updates for past 20 days.

https://community.intel.com/t5/Intel-Software-Guard-Extensions/Please-update-the-Intel-SGX-VM-docume...

 

https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-gua...

 

The above document has steps to install QEMU from https://github.com/intel/qemu-sgx. 

Now the official QEMU repo has included the intel SGX changes from version 6.1.50 it seems. 

There are few differences in VM flags and configuration in new versions.

ex: -sgx-epc flag is not supported in the new version.

 

So please do update the documentation with proper vm xml configurations for new QEMU version.
0 Kudos
1 Solution
3 Replies
Anandakumar
New Contributor II
565 Views

Hello All,

Linux version 5.14.9-custom
QEMU emulator version 6.2.0 (v6.2.0)

I am able to start a testvm using following commandline,

`sudo qemu-system-x86_64 -nographic -enable-kvm -cpu host,+sgx -object memory-backend-epc,id=mem1,size=8M,prealloc=on -object mem0.memdev
`

But when I try the same with libvirt, I am getting this,
`error: internal error: unable to execute QEMU command 'qom-get': Property 'sgx-epc.unavailable-features' not found
`

testvm.xml content:
`<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
<name>test</name>
<uuid>3d5bba5b-0b5b-4b2b-a425-171fe9b31140</uuid>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-6.2'>hvm</type>
<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/testvm_VARS.fd</nvram>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<cpu mode='custom' match='exact' check='none'>
<model fallback='forbid'>qemu64</model>
</cpu>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/local/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none' io='threads'/>
<source file='/home/sas/testvm.qcow2'/>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</disk>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<controller type='usb' index='0' model='piix3-uhci'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</memballoon>
</devices>
<qemu:commandline>
<qemu:arg value='-cpu'/>
<qemu:arg value='host,+sgx,+sgxlc'/>
<qemu:arg value='-object'/>
<qemu:arg value='memory-backend-epc,id=mem1,size=8M,prealloc=on'/>
<qemu:arg value='-machine'/>
<qemu:arg value='sgx-epc.0.memdev=mem1'/>
</qemu:commandline>
</domain>
`


SGX virtualization document not updated for the latest qemu version. https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-gua...

 

ChrisB_Intel
Moderator
545 Views

Thanks for your inquiry. I will pass it along to engineering, however, due to the holidays we will probably not get back to you until early January.


Anandakumar
New Contributor II
528 Views
Reply