[libvirt][PATCH v17 4/9] conf: expose SGX feature in domain capabilities

Friday, 11 November 2022

From: Haibin Huang <haibin.huang(a)intel.com&gt;

Extend hypervisor capabilities to include sgx feature. When available,
the hypervisor supports launching an VM with SGX on Intel platfrom.
The SGX feature tag privides additional details like section size and
sgx1 or sgx2.

Signed-off-by: Haibin Huang <haibin.huang(a)intel.com&gt;
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt;
---
 docs/formatdomaincaps.rst                     | 40 +++++++++++++++++
 src/conf/domain_capabilities.c                | 36 ++++++++++++++++
 src/conf/schemas/domaincaps.rng               | 43 +++++++++++++++++++
 src/qemu/qemu_capabilities.c                  | 16 +++++++
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |  1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |  1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml    |  1 +
 tests/domaincapsdata/empty.xml                |  1 +
 tests/domaincapsdata/libxl-xenfv.xml          |  1 +
 tests/domaincapsdata/libxl-xenpv.xml          |  1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |  1 +
 .../qemu_4.2.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |  1 +
 .../qemu_5.0.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_5.1.0.sparc.xml     |  1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |  1 +
 .../qemu_5.2.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  1 +
 .../qemu_6.0.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |  1 +
 .../qemu_6.2.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_6.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_6.2.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml  | 10 +++++
 .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml  | 10 +++++
 .../qemu_7.0.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_7.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_7.0.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_7.0.0.x86_64.xml    | 10 +++++
 .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_7.1.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_7.1.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_7.2.0.x86_64.xml    |  1 +
 62 files changed, 220 insertions(+)

diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index f95d3a7083..532fea0f60 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -614,6 +614,16 @@ capabilities. All features occur as children of the main ``features``
element.
          <cbitpos>47</cbitpos>
          <reduced-phys-bits>1</reduced-phys-bits>
        </sev>
+       <sgx supported='yes'>
+         <flc>no</flc>
+         <sgx1>yes</sgx1>
+         <sgx2>no</sgx2>
+         <section_size unit='KiB'>524288</section_size>
+         <sections>
+           <section node='0' size='262144' unit='KiB'/>
+           <section node='1' size='262144' unit='KiB'/>
+         </sections>
+       </sgx>
      </features>
    </domainCapabilities>
 
@@ -693,3 +703,33 @@ in domain XML <formatdomain.html#launch-security>`__
 ``maxESGuests``
    The maximum number of SEV-ES guests that can be launched on the host. This
    value may be configurable in the firmware for some hosts.
+
+SGX capabilities
+^^^^^^^^^^^^^^^^
+
+Intel Software Guard Extensions (Intel SGX) capabilities are exposed under the
+``sgx`` element.
+
+Intel SGX helps protect data in use via unique application isolation technology.
+Protect selected code and data from modification using hardened enclaves with
+Intel SGX.
+
+For more details on the SGX feature, please follow resources in the SGX developer's
+document store. In order to use SGX with libvirt have a look at `SGX in domain XML
+<formatdomain.html#memory-devices>`__
+
+``flc``
+   FLC (Flexible Launch Control), not strictly part of SGX2, but was not part of
+   original SGX hardware either.
+
+``sgx1``
+   the sgx version 1.
+
+``sgx2``
+   The sgx version 2.
+
+``section_size``
+   The size of the SGX enclave page cache (called EPC).
+
+``sections``
+   The sections of the SGX enclave page cache (called EPC).
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index daeaee3c5c..247cfa49de 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -99,6 +99,7 @@ virDomainCapsDispose(void *obj)
     virObjectUnref(caps->cpu.custom);
     virCPUDefFree(caps->cpu.hostModel);
     virSEVCapabilitiesFree(caps->sev);
+    virSGXCapabilitiesFree(caps->sgx);
 
     values = &caps->os.loader.values;
     for (i = 0; i < values->nvalues; i++)
@@ -648,6 +649,40 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
     virBufferAddLit(buf, "</sev>\n");
 }
 
+static void
+virDomainCapsFeatureSGXFormat(virBuffer *buf,
+                              const virSGXCapability *sgx)
+{
+    if (!sgx) {
+        virBufferAddLit(buf, "<sgx supported='no'/>\n");
+        return;
+    }
+
+    virBufferAddLit(buf, "<sgx supported='yes'>\n");
+    virBufferAdjustIndent(buf, 2);
+    virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ?
"yes" : "no");
+    virBufferAsprintf(buf, "<sgx1>%s</sgx1>\n", sgx->sgx1 ?
"yes" : "no");
+    virBufferAsprintf(buf, "<sgx2>%s</sgx2>\n", sgx->sgx2 ?
"yes" : "no");
+    virBufferAsprintf(buf, "<section_size
unit='KiB'>%llu</section_size>\n", sgx->section_size);
+
+    if (sgx->nSgxSections > 0) {
+        size_t i;
+
+        virBufferAddLit(buf, "<sections>\n");
+
+        for (i = 0; i < sgx->nSgxSections; i++) {
+            virBufferAdjustIndent(buf, 2);
+            virBufferAsprintf(buf, "<section node='%d' ",
sgx->sgxSections[i].node);
+            virBufferAsprintf(buf, "size='%llu' ",
sgx->sgxSections[i].size);
+            virBufferAddLit(buf, "unit='KiB'/>\n");
+            virBufferAdjustIndent(buf, -2);
+        }
+        virBufferAddLit(buf, "</sections>\n");
+    }
+
+    virBufferAdjustIndent(buf, -2);
+    virBufferAddLit(buf, "</sgx>\n");
+}
 
 static void
 virDomainCapsFormatFeatures(const virDomainCaps *caps,
@@ -668,6 +703,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps,
     }
 
     virDomainCapsFeatureSEVFormat(&childBuf, caps->sev);
+    virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx);
 
     virXMLFormatElement(buf, "features", NULL, &childBuf);
 }
diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng
index a6747b20ef..b6408bca88 100644
--- a/src/conf/schemas/domaincaps.rng
+++ b/src/conf/schemas/domaincaps.rng
@@ -293,6 +293,9 @@
       <optional>
         <ref name="sev"/>
       </optional>
+      <optional>
+        <ref name="sgx"/>
+      </optional>
     </element>
   </define>
 
@@ -353,6 +356,46 @@
     </element>
   </define>
 
+  <define name="sgx">
+    <element name="sgx">
+      <ref name="supported"/>
+      <optional>
+        <element name="flc">
+          <ref name="virYesNo"/>
+        </element>
+        <element name="sgx1">
+          <ref name="virYesNo"/>
+        </element>
+        <element name="sgx2">
+          <ref name="virYesNo"/>
+        </element>
+        <element name="section_size">
+          <attribute name="unit">
+            <value>KiB</value>
+          </attribute>
+          <data type="unsignedLong"/>
+        </element>
+        <optional>
+          <element name="sections">
+            <zeroOrMore>
+              <element name="section">
+                <attribute name="node">
+                  <data type="unsignedInt"/>
+                </attribute>
+                <attribute name="size">
+                  <data type="unsignedLong"/>
+                </attribute>
+                <attribute name="unit">
+                  <value>KiB</value>
+                </attribute>
+              </element>
+            </zeroOrMore>
+          </element>
+        </optional>
+      </optional>
+    </element>
+  </define>
+
   <define name="value">
     <zeroOrMore>
       <element name="value">
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 7c9d7ed885..d3ba8c85c9 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6633,6 +6633,21 @@ virQEMUCapsFillDomainFeatureS390PVCaps(virQEMUCaps *qemuCaps,
     }
 }
 
+/**
+ * virQEMUCapsFillDomainFeatureSGXCaps:
+ * @qemuCaps: QEMU capabilities
+ * @domCaps: domain capabilities
+ *
+ * Take the information about SGX capabilities that has been obtained
+ * using the 'query-sgx-capabilities' QMP command and stored in @qemuCaps
+ * and convert it to a form suitable for @domCaps.
+ */
+static void
+virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCaps *qemuCaps,
+                                    virDomainCaps *domCaps)
+{
+    virQEMUCapsSGXInfoCopy(&domCaps->sgx, qemuCaps->sgxCapabilities);
+}
 
 int
 virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
@@ -6689,6 +6704,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
     virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps);
     virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps);
     virQEMUCapsFillDomainFeatureS390PVCaps(qemuCaps, domCaps);
+    virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps);
 
     return 0;
 }
diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml
b/tests/domaincapsdata/bhyve_basic.x86_64.xml
index 745f325531..dd054577c0 100644
--- a/tests/domaincapsdata/bhyve_basic.x86_64.xml
+++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml
@@ -33,5 +33,6 @@
     <vmcoreinfo supported='no'/>
     <genid supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml
b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml
index bb11c02ae9..0b1d9c17d7 100644
--- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml
+++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml
@@ -50,5 +50,6 @@
     <vmcoreinfo supported='no'/>
     <genid supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml
b/tests/domaincapsdata/bhyve_uefi.x86_64.xml
index dfd2360d74..69fff197a7 100644
--- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml
+++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml
@@ -42,5 +42,6 @@
     <vmcoreinfo supported='no'/>
     <genid supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml
index d3e2d89b60..97752ca04a 100644
--- a/tests/domaincapsdata/empty.xml
+++ b/tests/domaincapsdata/empty.xml
@@ -13,5 +13,6 @@
   </devices>
   <features>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/libxl-xenfv.xml
index cc5b3847e2..c71d759517 100644
--- a/tests/domaincapsdata/libxl-xenfv.xml
+++ b/tests/domaincapsdata/libxl-xenfv.xml
@@ -76,5 +76,6 @@
     <vmcoreinfo supported='no'/>
     <genid supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/libxl-xenpv.xml
index 325f1e50b3..8ae2370b7e 100644
--- a/tests/domaincapsdata/libxl-xenpv.xml
+++ b/tests/domaincapsdata/libxl-xenpv.xml
@@ -66,5 +66,6 @@
     <vmcoreinfo supported='no'/>
     <genid supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
index def80fe8cd..9375fc9457 100644
--- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
@@ -236,5 +236,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
index 9e920d1ccb..860ffd1047 100644
--- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
@@ -251,5 +251,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
index 776173e60e..02aca3e448 100644
--- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
@@ -184,5 +184,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
index b6711fc3a4..676e1b0739 100644
--- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
@@ -178,5 +178,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
index 88790451b0..bcc415d7de 100644
--- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
@@ -151,5 +151,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml
b/tests/domaincapsdata/qemu_4.2.0.s390x.xml
index fa416af038..4f176e2d37 100644
--- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml
@@ -258,5 +258,6 @@
     <backup supported='no'/>
     <s390-pv supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
index ed9de89dfa..0187584e6b 100644
--- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
@@ -236,5 +236,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
index af0335eb3a..3f534b77a2 100644
--- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
@@ -238,5 +238,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
index fc09e9ff28..2826ce58e1 100644
--- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
@@ -253,5 +253,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
index 88bc77f50b..1ae7dfdc01 100644
--- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
@@ -196,5 +196,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
index 5e030047d1..74db0a2561 100644
--- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
@@ -190,5 +190,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
index 0c5aaade40..804172d013 100644
--- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
@@ -157,5 +157,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
index 5b2a0bc83d..a83e942ca5 100644
--- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
@@ -238,5 +238,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
index fb9f69bb9a..f10a106d9a 100644
--- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
@@ -239,5 +239,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
index ea31348ab1..a2a3b501cc 100644
--- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
@@ -253,5 +253,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml
b/tests/domaincapsdata/qemu_5.1.0.sparc.xml
index 5bbf4720dc..cde31462bc 100644
--- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml
@@ -125,5 +125,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
index 584dad5a89..926ac6c231 100644
--- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
@@ -239,5 +239,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
index f1d20991e9..31ff03f9f0 100644
--- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
@@ -239,5 +239,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
index cec260f56d..fdaa0ae5bc 100644
--- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
@@ -253,5 +253,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
index be7262211c..762fbe2f50 100644
--- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
@@ -196,5 +196,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
index 5e030047d1..74db0a2561 100644
--- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
@@ -190,5 +190,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
index 9367738157..02e038d445 100644
--- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
@@ -157,5 +157,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml
b/tests/domaincapsdata/qemu_5.2.0.s390x.xml
index adc197648f..760f514d7b 100644
--- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml
@@ -260,5 +260,6 @@
     <backup supported='no'/>
     <s390-pv supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
index a3707e6804..cfd6ff1d84 100644
--- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
@@ -239,5 +239,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
index 7edb84e9bc..048c47e9f6 100644
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@@ -246,5 +246,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
index a7b5d3047a..75bf330a79 100644
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@@ -261,5 +261,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
index db9b45d74e..30446b75f7 100644
--- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
@@ -198,5 +198,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
index 1a65156544..6c30318d34 100644
--- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
@@ -192,5 +192,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='no'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml
b/tests/domaincapsdata/qemu_6.0.0.s390x.xml
index 56d87f7a2f..b1968668db 100644
--- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml
@@ -261,5 +261,6 @@
     <backup supported='no'/>
     <s390-pv supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
index 3afab2f4c2..8b9e910fdc 100644
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@@ -246,5 +246,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
index d0dbadd6d3..bc4912bc62 100644
--- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
@@ -242,5 +242,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
index 6354573c61..6cbdb1d6ae 100644
--- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
@@ -256,5 +256,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
index 17c30b394d..5efb7b595c 100644
--- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
@@ -242,5 +242,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
index c185ae4510..1281dc5ff8 100644
--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
@@ -242,5 +242,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
index 8a009ee070..2fcff7a96f 100644
--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
@@ -258,5 +258,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
index 3d79cd7486..5aa8820612 100644
--- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
@@ -205,5 +205,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
index 4ccffb3695..96c426cd4f 100644
--- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
@@ -199,5 +199,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
index ba7bc17a98..350c55e2c0 100644
--- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
@@ -156,5 +156,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
index ba40728489..ae789c3a9b 100644
--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
@@ -242,5 +242,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
index 94c6f3d712..59b2988de0 100644
--- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
@@ -243,5 +243,15 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='yes'>
+      <flc>no</flc>
+      <sgx1>yes</sgx1>
+      <sgx2>no</sgx2>
+      <section_size unit='KiB'>524288</section_size>
+      <sections>
+        <section node='0' size='262144' unit='KiB'/>
+        <section node='1' size='262144' unit='KiB'/>
+      </sections>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
index 945ad91c66..58d8bdee3f 100644
--- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
@@ -259,5 +259,15 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='yes'>
+      <flc>no</flc>
+      <sgx1>yes</sgx1>
+      <sgx2>no</sgx2>
+      <section_size unit='KiB'>524288</section_size>
+      <sections>
+        <section node='0' size='262144' unit='KiB'/>
+        <section node='1' size='262144' unit='KiB'/>
+      </sections>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
index 3addb1fc57..4ec23a8b85 100644
--- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
@@ -204,5 +204,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
index 9f07a10a90..d3f90db5a8 100644
--- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
@@ -198,5 +198,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
index ed6c74aac1..e9322a02e2 100644
--- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
@@ -161,5 +161,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
index 5913f44937..368c359dcf 100644
--- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
@@ -243,5 +243,15 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='yes'>
+      <flc>no</flc>
+      <sgx1>yes</sgx1>
+      <sgx2>no</sgx2>
+      <section_size unit='KiB'>524288</section_size>
+      <sections>
+        <section node='0' size='262144' unit='KiB'/>
+        <section node='1' size='262144' unit='KiB'/>
+      </sections>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
index 2d76581915..831ef667e9 100644
--- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
@@ -242,5 +242,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
index f4933e435f..e5d5768b40 100644
--- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
@@ -257,5 +257,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
index a5c2d8e598..73c2cb84e4 100644
--- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
@@ -154,5 +154,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
index a419005ee3..0e2aa77a7d 100644
--- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
@@ -242,5 +242,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
index 2d0d0ad8e3..8c6399a7b6 100644
--- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
@@ -247,5 +247,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
index 5f22698400..b04beaa9d6 100644
--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
@@ -246,5 +246,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
index 234d2f3672..86385dacbd 100644
--- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
@@ -247,5 +247,6 @@
     <backingStoreInput supported='yes'/>
     <backup supported='yes'/>
     <sev supported='no'/>
+    <sgx supported='no'/>
   </features>
 </domainCapabilities>
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt][PATCH v17 4/9] conf: expose SGX feature in domain capabilities