From: Lin Yang <lin.a.yang(a)intel.com>
<launchSecurity type='sgx'>
<epc_size unit='KiB'>1024</epc_size>
</launchSecurity>
---
docs/schemas/domaincommon.rng | 62 +++++++++-------
src/conf/domain_conf.c | 128 ++++++++++++++++++++++++++--------
src/conf/domain_conf.h | 10 +++
src/conf/virconftypes.h | 3 +
4 files changed, 149 insertions(+), 54 deletions(-)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 0d0dcbc5ce..24fa8b030c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -460,35 +460,45 @@
<define name="launchSecurity">
<element name="launchSecurity">
- <attribute name="type">
- <value>sev</value>
- </attribute>
- <interleave>
- <element name="cbitpos">
- <data type='unsignedInt'/>
- </element>
- <element name="reducedPhysBits">
- <data type='unsignedInt'/>
- </element>
- <element name="policy">
- <ref name='hexuint'/>
- </element>
- <optional>
- <element name="handle">
- <ref name='unsignedInt'/>
+ <choice>
+ <group>
+ <attribute name="type">
+ <value>sev</value>
+ </attribute>
+ <element name="cbitpos">
+ <data type='unsignedInt'/>
</element>
- </optional>
- <optional>
- <element name="dhCert">
- <data type="string"/>
+ <element name="reducedPhysBits">
+ <data type='unsignedInt'/>
</element>
- </optional>
- <optional>
- <element name="session">
- <data type="string"/>
+ <element name="policy">
+ <ref name='hexuint'/>
</element>
- </optional>
- </interleave>
+ <optional>
+ <element name="handle">
+ <ref name='unsignedInt'/>
+ </element>
+ </optional>
+ <optional>
+ <element name="dhCert">
+ <data type="string"/>
+ </element>
+ </optional>
+ <optional>
+ <element name="session">
+ <data type="string"/>
+ </element>
+ </optional>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>sgx</value>
+ </attribute>
+ <element name="epc_size">
+ <ref name='scaledInteger'/>
+ </element>
+ </group>
+ </choice>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index ef67efa1da..22ee02a540 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
"",
"sev",
+ "sgx",
);
static virClassPtr virDomainObjClass;
@@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def)
}
+static void
+virDomainSGXDefFree(virDomainSGXDefPtr def)
+{
+ if (!def)
+ return;
+
+ VIR_FREE(def);
+}
+
+
void virDomainDefFree(virDomainDefPtr def)
{
size_t i;
@@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
(def->ns.free)(def->namespaceData);
virDomainSEVDefFree(def->sev);
+ virDomainSGXDefFree(def->sgx);
xmlFreeNode(def->metadata);
@@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
return 0;
}
-
static virDomainSEVDefPtr
-virDomainSEVDefParseXML(xmlNodePtr sevNode,
- xmlXPathContextPtr ctxt)
+virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
{
VIR_XPATH_NODE_AUTORESTORE(ctxt);
virDomainSEVDefPtr def;
unsigned long policy;
- g_autofree char *type = NULL;
if (VIR_ALLOC(def) < 0)
return NULL;
- ctxt->node = sevNode;
-
- if (!(type = virXMLPropString(sevNode, "type"))) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing launch security type"));
- goto error;
- }
-
- def->sectype = virDomainLaunchSecurityTypeFromString(type);
- switch ((virDomainLaunchSecurity) def->sectype) {
- case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
- break;
- case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
- case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
- default:
- virReportError(VIR_ERR_XML_ERROR,
- _("unsupported launch security type '%s'"),
- type);
- goto error;
- }
+ def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0)
{
virReportError(VIR_ERR_XML_ERROR, "%s",
@@ -16764,6 +16754,66 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
return NULL;
}
+static virDomainSGXDefPtr
+virDomainSGXDefParseXML(xmlXPathContextPtr ctxt)
+{
+ virDomainSGXDefPtr def;
+
+ if (VIR_ALLOC(def) < 0)
+ return NULL;
+
+ def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX;
+
+ if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
+ &def->epc_size, false, false) < 0)
+ goto error;
+
+ return def;
+
+ error:
+ virDomainSGXDefFree(def);
+ return NULL;
+}
+
+static int
+virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
+ xmlXPathContextPtr ctxt,
+ virDomainDefPtr def)
+{
+ VIR_XPATH_NODE_AUTORESTORE(ctxt);
+ g_autofree char *type = NULL;
+
+ ctxt->node = launchSecurityNode;
+
+ if (!(type = virXMLPropString(launchSecurityNode, "type"))) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing launch security type"));
+ return -1;
+ }
+
+ switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) {
+ case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+ def->sev = virDomainSEVDefParseXML(ctxt);
+ if (def->sev == NULL)
+ return -1;
+ break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
+ def->sgx = virDomainSGXDefParseXML(ctxt);
+ if (def->sgx == NULL)
+ return -1;
+ break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+ case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+ default:
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unsupported launch security type '%s'"),
+ type);
+ return -1;
+ }
+
+ return 0;
+}
+
static virDomainMemoryDefPtr
virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
xmlNodePtr memdevNode,
@@ -22227,12 +22277,15 @@ virDomainDefParseXML(xmlDocPtr xml,
ctxt->node = node;
VIR_FREE(nodes);
- /* Check for SEV feature */
- if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
- def->sev = virDomainSEVDefParseXML(node, ctxt);
- if (!def->sev)
+ /* analysis of launch security */
+ if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
+ goto error;
+
+ for (i = 0; i < n; i++) {
+ if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0)
goto error;
}
+ VIR_FREE(nodes);
/* analysis of memory devices */
if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
@@ -28697,6 +28750,24 @@ virDomainSEVDefFormat(virBufferPtr buf, virDomainSEVDefPtr sev)
}
+static void
+virDomainSGXDefFormat(virBufferPtr buf, virDomainSGXDefPtr sgx)
+{
+ if (!sgx)
+ return;
+
+ virBufferAsprintf(buf, "<launchSecurity type='%s'>\n",
+ virDomainLaunchSecurityTypeToString(sgx->sectype));
+ virBufferAdjustIndent(buf, 2);
+
+ virBufferAsprintf(buf, "<epc_size
unit='KiB'>%llu</epc_size>\n",
+ sgx->epc_size);
+
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</launchSecurity>\n");
+}
+
+
static void
virDomainPerfDefFormat(virBufferPtr buf, virDomainPerfDefPtr perf)
{
@@ -30122,6 +30193,7 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
virDomainKeyWrapDefFormat(buf, def->keywrap);
virDomainSEVDefFormat(buf, def->sev);
+ virDomainSGXDefFormat(buf, def->sgx);
if (def->namespaceData && def->ns.format) {
if ((def->ns.format)(buf, def->namespaceData) < 0)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 011bf66cb4..88adf461df 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef {
typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+ VIR_DOMAIN_LAUNCH_SECURITY_SGX,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
@@ -2462,6 +2463,12 @@ struct _virDomainSEVDef {
};
+struct _virDomainSGXDef {
+ int sectype; /* enum virDomainLaunchSecurity */
+ unsigned long long epc_size; /* kibibytes */
+};
+
+
typedef enum {
VIR_DOMAIN_IOMMU_MODEL_INTEL,
VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
@@ -2670,6 +2677,9 @@ struct _virDomainDef {
/* SEV-specific domain */
virDomainSEVDefPtr sev;
+ /* SGX-specific domain */
+ virDomainSGXDefPtr sgx;
+
/* Application-specific custom metadata */
xmlNodePtr metadata;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 1c62cde251..084bcc7687 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr;
typedef struct _virDomainSEVDef virDomainSEVDef;
typedef virDomainSEVDef *virDomainSEVDefPtr;
+typedef struct _virDomainSGXDef virDomainSGXDef;
+typedef virDomainSGXDef *virDomainSGXDefPtr;
+
typedef struct _virDomainShmemDef virDomainShmemDef;
typedef virDomainShmemDef *virDomainShmemDefPtr;
--
2.17.1