4:36 p.m.
Hello Team,
Greetings!
We want to identify if the platform is Intel Software Guard
Extensions<https://software.intel.com/en-us/sgx> (SGX) capable. The management
platform (ex. Openstack) can use this information to launch VM that can run secure
application code and data.
Intel(r) SGX offers hardware-based memory encryption that isolates specific application
code and data in memory.
Regards,
Larkins Carvalho
Intel Corp.
2:11 a.m.
On Fri, Jun 28, 2019 at 09:36:35PM +0000, Carvalho, Larkins L wrote:
Hello Team,
Greetings!
We want to identify if the platform is Intel Software Guard
Extensions<https://software.intel.com/en-us/sgx> (SGX) capable. The management
platform (ex. Openstack) can use this information to launch VM that can run secure
application code and data.
Intel(r) SGX offers hardware-based memory encryption that isolates specific application
code and data in memory.
Hi,
so what exactly is the question here? Is it which code should be touched to
provide this kind of hint to OpenStack? If so, then this would live either in
the host or domain capabilities? Does libvirt need to do anything for SGX to be
enabled for a guest (just like SEV, I guess MKTM is the one which is more like
SEV) or is the feature always enabled transparently? If it's always on, then
this would live in the host capabilities, if it's a feature which requires a
hypervisor support and the guest can be configured with explicitly to use it,
then domain capabilities would be a better place to put this in.
If the question was different from what I've assumed above, then please correct
me.
Regards,
Erik
10:24 a.m.
Hello Eric,
This was the initial announcement introducing new feature development.
There are no questions from our end at this point.
We will send more details regarding the feature in upcoming days.
Thanks,
Larkins
-----Original Message-----
From: Erik Skultety [mailto:eskultet@redhat.com]
Sent: Monday, July 1, 2019 12:11 AM
To: Carvalho, Larkins L <larkins.l.carvalho(a)intel.com>
Cc: libvir-list(a)redhat.com; Mohammed, Karimullah <karimullah.mohammed(a)intel.com>
Subject: Re: [libvirt] New Feature: Identify Intel SGX support
On Fri, Jun 28, 2019 at 09:36:35PM +0000, Carvalho, Larkins L wrote:
Hello Team,
Greetings!
We want to identify if the platform is Intel Software Guard
Extensions<https://software.intel.com/en-us/sgx> (SGX) capable. The management
platform (ex. Openstack) can use this information to launch VM that can run secure
application code and data.
Intel(r) SGX offers hardware-based memory encryption that isolates specific application
code and data in memory.
Hi,
so what exactly is the question here? Is it which code should be touched to provide this
kind of hint to OpenStack? If so, then this would live either in the host or domain
capabilities? Does libvirt need to do anything for SGX to be enabled for a guest (just
like SEV, I guess MKTM is the one which is more like
SEV) or is the feature always enabled transparently? If it's always on, then this
would live in the host capabilities, if it's a feature which requires a hypervisor
support and the guest can be configured with explicitly to use it, then domain
capabilities would be a better place to put this in.
If the question was different from what I've assumed above, then please correct me.
Regards,
Erik
1963
days inactive
1973
days old
2 comments
2 participants
participants (2)
-
Carvalho, Larkins L -
Erik Skultety