Re: [libvirt] New Feature: Identify Intel SGX support
On Fri, Jun 28, 2019 at 09:36:35PM +0000, Carvalho, Larkins L wrote:
Hello Team,
Greetings!
We want to identify if the platform is Intel Software Guard
Extensions<https://software.intel.com/en-us/sgx> (SGX) capable. The management
platform (ex. Openstack) can use this information to launch VM that can run secure
application code and data.
Intel(r) SGX offers hardware-based memory encryption that isolates specific application
code and data in memory.
Hi,
so what exactly is the question here? Is it which code should be touched to
provide this kind of hint to OpenStack? If so, then this would live either in
the host or domain capabilities? Does libvirt need to do anything for SGX to be
enabled for a guest (just like SEV, I guess MKTM is the one which is more like
SEV) or is the feature always enabled transparently? If it's always on, then
this would live in the host capabilities, if it's a feature which requires a
hypervisor support and the guest can be configured with explicitly to use it,
then domain capabilities would be a better place to put this in.
If the question was different from what I've assumed above, then please correct
me.
Regards,
Erik