[libvirt][PATCH v4 0/4] Support query and use SGX
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM. Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated. Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection. The typical flow looks below at very high level: 1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information. <feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature> 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain <launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity> Haibin Huang (1): Support to query SGX capability Lin Yang (3): conf: Introduce SGX related element into domain xml qemu: Add command-line to generate SGX EPC memory backend qemu: Add command-line to enable SGX src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/conf/domain_conf.c | 106 +++++++++---- src/conf/domain_conf.h | 10 ++ src/conf/virconftypes.h | 3 + src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_command.c | 30 ++++ src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 91 +++++++++++ src/qemu/qemu_monitor_json.h | 3 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + .../qemu_2.10.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + .../qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + 109 files changed, 519 insertions(+), 29 deletions(-) -- 2.17.1
From: Lin Yang <lin.a.yang@intel.com> <launchSecurity type='sgx'> <epc_size unit='KiB'>1024</epc_size> </launchSecurity> --- src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++----------- src/conf/domain_conf.h | 10 ++++ src/conf/virconftypes.h | 3 ++ 3 files changed, 91 insertions(+), 28 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ef67efa1da..4336dafd82 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, VIR_DOMAIN_LAUNCH_SECURITY_LAST, "", "sev", + "sgx", ); static virClassPtr virDomainObjClass; @@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def) } +static void +virDomainSGXDefFree(virDomainSGXDefPtr def) +{ + if (!def) + return; + + VIR_FREE(def); +} + + void virDomainDefFree(virDomainDefPtr def) { size_t i; @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def) (def->ns.free)(def->namespaceData); virDomainSEVDefFree(def->sev); + virDomainSGXDefFree(def->sgx); xmlFreeNode(def->metadata); @@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, return 0; } - static virDomainSEVDefPtr -virDomainSEVDefParseXML(xmlNodePtr sevNode, - xmlXPathContextPtr ctxt) +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt) { VIR_XPATH_NODE_AUTORESTORE(ctxt); virDomainSEVDefPtr def; unsigned long policy; - g_autofree char *type = NULL; if (VIR_ALLOC(def) < 0) return NULL; - ctxt->node = sevNode; - - if (!(type = virXMLPropString(sevNode, "type"))) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing launch security type")); - goto error; - } - - def->sectype = virDomainLaunchSecurityTypeFromString(type); - switch ((virDomainLaunchSecurity) def->sectype) { - case VIR_DOMAIN_LAUNCH_SECURITY_SEV: - break; - case VIR_DOMAIN_LAUNCH_SECURITY_NONE: - case VIR_DOMAIN_LAUNCH_SECURITY_LAST: - default: - virReportError(VIR_ERR_XML_ERROR, - _("unsupported launch security type '%s'"), - type); - goto error; - } + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV; if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", @@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, return NULL; } +static virDomainSGXDefPtr +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + virDomainSGXDefPtr def; + + if (VIR_ALLOC(def) < 0) + return NULL; + + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX; + + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt, + &def->epc_size, false, false) < 0) + goto error; + + return def; + + error: + virDomainSGXDefFree(def); + return NULL; +} + +static int +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode, + xmlXPathContextPtr ctxt, + virDomainDefPtr def) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autofree char *type = NULL; + + ctxt->node = launchSecurityNode; + + if (!(type = virXMLPropString(launchSecurityNode, "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing launch security type")); + return -1; + } + + switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) { + case VIR_DOMAIN_LAUNCH_SECURITY_SEV: + def->sev = virDomainSEVDefParseXML(ctxt); + break; + case VIR_DOMAIN_LAUNCH_SECURITY_SGX: + def->sgx = virDomainSGXDefParseXML(ctxt); + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + default: + virReportError(VIR_ERR_XML_ERROR, + _("unsupported launch security type '%s'"), + type); + return -1; + } + + return 0; +} + static virDomainMemoryDefPtr virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt, xmlNodePtr memdevNode, @@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml, ctxt->node = node; VIR_FREE(nodes); - /* Check for SEV feature */ - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) { - def->sev = virDomainSEVDefParseXML(node, ctxt); - if (!def->sev) + /* analysis of launch security */ + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0) + goto error; + + for (i = 0; i < n; i++) { + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0) goto error; } + VIR_FREE(nodes); /* analysis of memory devices */ if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 011bf66cb4..88adf461df 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef { typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, + VIR_DOMAIN_LAUNCH_SECURITY_SGX, VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef { }; +struct _virDomainSGXDef { + int sectype; /* enum virDomainLaunchSecurity */ + unsigned long long epc_size; /* kibibytes */ +}; + + typedef enum { VIR_DOMAIN_IOMMU_MODEL_INTEL, VIR_DOMAIN_IOMMU_MODEL_SMMUV3, @@ -2670,6 +2677,9 @@ struct _virDomainDef { /* SEV-specific domain */ virDomainSEVDefPtr sev; + /* SGX-specific domain */ + virDomainSGXDefPtr sgx; + /* Application-specific custom metadata */ xmlNodePtr metadata; diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 1c62cde251..084bcc7687 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr; typedef struct _virDomainSEVDef virDomainSEVDef; typedef virDomainSEVDef *virDomainSEVDefPtr; +typedef struct _virDomainSGXDef virDomainSGXDef; +typedef virDomainSGXDef *virDomainSGXDefPtr; + typedef struct _virDomainShmemDef virDomainShmemDef; typedef virDomainShmemDef *virDomainShmemDefPtr; -- 2.17.1
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
<launchSecurity type='sgx'> <epc_size unit='KiB'>1024</epc_size> </launchSecurity>
Please also update "docs/schemas/domaincommon.rng".
--- src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++--------- -- src/conf/domain_conf.h | 10 ++++ src/conf/virconftypes.h | 3 ++ 3 files changed, 91 insertions(+), 28 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ef67efa1da..4336dafd82 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, VIR_DOMAIN_LAUNCH_SECURITY_LAST, "", "sev", + "sgx", ); static virClassPtr virDomainObjClass; @@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def) } +static void +virDomainSGXDefFree(virDomainSGXDefPtr def) +{ + if (!def) + return; + + VIR_FREE(def); +} + + void virDomainDefFree(virDomainDefPtr def) { size_t i; @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def) (def->ns.free)(def->namespaceData); virDomainSEVDefFree(def->sev); + virDomainSGXDefFree(def->sgx); xmlFreeNode(def->metadata); @@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, return 0; } - static virDomainSEVDefPtr -virDomainSEVDefParseXML(xmlNodePtr sevNode, - xmlXPathContextPtr ctxt) +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt) { VIR_XPATH_NODE_AUTORESTORE(ctxt); virDomainSEVDefPtr def; unsigned long policy; - g_autofree char *type = NULL; if (VIR_ALLOC(def) < 0) return NULL; - ctxt->node = sevNode; - - if (!(type = virXMLPropString(sevNode, "type"))) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing launch security type")); - goto error; - } - - def->sectype = virDomainLaunchSecurityTypeFromString(type); - switch ((virDomainLaunchSecurity) def->sectype) { - case VIR_DOMAIN_LAUNCH_SECURITY_SEV: - break; - case VIR_DOMAIN_LAUNCH_SECURITY_NONE: - case VIR_DOMAIN_LAUNCH_SECURITY_LAST: - default: - virReportError(VIR_ERR_XML_ERROR, - _("unsupported launch security type '%s'"), - type); - goto error; - } + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV; if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", @@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, return NULL; } +static virDomainSGXDefPtr +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt);
I do not believe that this is necessary.
+ virDomainSGXDefPtr def; + + if (VIR_ALLOC(def) < 0) + return NULL; + + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX; + + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt, + &def->epc_size, false, false) < 0) + goto error; + + return def; + + error: + virDomainSGXDefFree(def); + return NULL; +} + +static int +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode, + xmlXPathContextPtr ctxt, + virDomainDefPtr def) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autofree char *type = NULL; + + ctxt->node = launchSecurityNode; + + if (!(type = virXMLPropString(launchSecurityNode, "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing launch security type")); + return -1; + } + + switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) { + case VIR_DOMAIN_LAUNCH_SECURITY_SEV: + def->sev = virDomainSEVDefParseXML(ctxt);
I believe this should return "-1" when "def->sev == NULL".
+ break; + case VIR_DOMAIN_LAUNCH_SECURITY_SGX: + def->sgx = virDomainSGXDefParseXML(ctxt);
Similar. Regards, Tim
+ break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + default: + virReportError(VIR_ERR_XML_ERROR, + _("unsupported launch security type '%s'"), + type); + return -1; + } + + return 0; +} + static virDomainMemoryDefPtr virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt, xmlNodePtr memdevNode, @@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml, ctxt->node = node; VIR_FREE(nodes); - /* Check for SEV feature */ - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) { - def->sev = virDomainSEVDefParseXML(node, ctxt); - if (!def->sev) + /* analysis of launch security */ + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0) + goto error; + + for (i = 0; i < n; i++) { + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0) goto error; } + VIR_FREE(nodes); /* analysis of memory devices */ if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 011bf66cb4..88adf461df 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef { typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, + VIR_DOMAIN_LAUNCH_SECURITY_SGX, VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef { }; +struct _virDomainSGXDef { + int sectype; /* enum virDomainLaunchSecurity */ + unsigned long long epc_size; /* kibibytes */ +}; + + typedef enum { VIR_DOMAIN_IOMMU_MODEL_INTEL, VIR_DOMAIN_IOMMU_MODEL_SMMUV3, @@ -2670,6 +2677,9 @@ struct _virDomainDef { /* SEV-specific domain */ virDomainSEVDefPtr sev; + /* SGX-specific domain */ + virDomainSGXDefPtr sgx; + /* Application-specific custom metadata */ xmlNodePtr metadata; diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 1c62cde251..084bcc7687 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr; typedef struct _virDomainSEVDef virDomainSEVDef; typedef virDomainSEVDef *virDomainSEVDefPtr; +typedef struct _virDomainSGXDef virDomainSGXDef; +typedef virDomainSGXDef *virDomainSGXDefPtr; + typedef struct _virDomainShmemDef virDomainShmemDef; typedef virDomainShmemDef *virDomainShmemDefPtr;
-----Original Message----- From: Tim Wiederhake <twiederh@redhat.com> Sent: Monday, July 5, 2021 7:32 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 1/4] conf: Introduce SGX related element into domain xml
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
<launchSecurity type='sgx'> <epc_size unit='KiB'>1024</epc_size> </launchSecurity>
Please also update "docs/schemas/domaincommon.rng". [Haibin] ok, I will do it.
--- src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++------- -- -- src/conf/domain_conf.h | 10 ++++ src/conf/virconftypes.h | 3 ++ 3 files changed, 91 insertions(+), 28 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ef67efa1da..4336dafd82 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, VIR_DOMAIN_LAUNCH_SECURITY_LAST, "", "sev", + "sgx", );
static virClassPtr virDomainObjClass; @@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def) }
+static void +virDomainSGXDefFree(virDomainSGXDefPtr def) { + if (!def) + return; + + VIR_FREE(def); +} + + void virDomainDefFree(virDomainDefPtr def) { size_t i; @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def) (def->ns.free)(def->namespaceData);
virDomainSEVDefFree(def->sev); + virDomainSGXDefFree(def->sgx);
xmlFreeNode(def->metadata);
@@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, return 0; }
- static virDomainSEVDefPtr -virDomainSEVDefParseXML(xmlNodePtr sevNode, - xmlXPathContextPtr ctxt) +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt) { VIR_XPATH_NODE_AUTORESTORE(ctxt); virDomainSEVDefPtr def; unsigned long policy; - g_autofree char *type = NULL;
if (VIR_ALLOC(def) < 0) return NULL;
- ctxt->node = sevNode; - - if (!(type = virXMLPropString(sevNode, "type"))) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing launch security type")); - goto error; - } - - def->sectype = virDomainLaunchSecurityTypeFromString(type); - switch ((virDomainLaunchSecurity) def->sectype) { - case VIR_DOMAIN_LAUNCH_SECURITY_SEV: - break; - case VIR_DOMAIN_LAUNCH_SECURITY_NONE: - case VIR_DOMAIN_LAUNCH_SECURITY_LAST: - default: - virReportError(VIR_ERR_XML_ERROR, - _("unsupported launch security type '%s'"), - type); - goto error; - } + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", @@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, return NULL; }
+static virDomainSGXDefPtr +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt) { + VIR_XPATH_NODE_AUTORESTORE(ctxt);
I do not believe that this is necessary. [Haibin] ok, I will remove " VIR_XPATH_NODE_AUTORESTORE(ctxt);"
+ virDomainSGXDefPtr def; + + if (VIR_ALLOC(def) < 0) + return NULL; + + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX; + + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt, + &def->epc_size, false, false) < 0) + goto error; + + return def; + + error: + virDomainSGXDefFree(def); + return NULL; +} + +static int +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode, + xmlXPathContextPtr ctxt, + virDomainDefPtr def) { + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autofree char *type = NULL; + + ctxt->node = launchSecurityNode; + + if (!(type = virXMLPropString(launchSecurityNode, "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing launch security type")); + return -1; + } + + switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) { + case VIR_DOMAIN_LAUNCH_SECURITY_SEV: + def->sev = virDomainSEVDefParseXML(ctxt);
I believe this should return "-1" when "def->sev == NULL". [Haibin] ok, I will add check code for def->sev.
+ break; + case VIR_DOMAIN_LAUNCH_SECURITY_SGX: + def->sgx = virDomainSGXDefParseXML(ctxt);
Similar. [Haibin] ok, I will add check code for def->sgx.
Regards, Tim
+ break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + default: + virReportError(VIR_ERR_XML_ERROR, + _("unsupported launch security type '%s'"), + type); + return -1; + } + + return 0; +} + static virDomainMemoryDefPtr virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt, xmlNodePtr memdevNode, @@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml, ctxt->node = node; VIR_FREE(nodes);
- /* Check for SEV feature */ - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) { - def->sev = virDomainSEVDefParseXML(node, ctxt); - if (!def->sev) + /* analysis of launch security */ + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0) + goto error; + + for (i = 0; i < n; i++) { + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0) goto error; } + VIR_FREE(nodes);
/* analysis of memory devices */ if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 011bf66cb4..88adf461df 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef { typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, + VIR_DOMAIN_LAUNCH_SECURITY_SGX,
VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef { };
+struct _virDomainSGXDef { + int sectype; /* enum virDomainLaunchSecurity */ + unsigned long long epc_size; /* kibibytes */ }; + + typedef enum { VIR_DOMAIN_IOMMU_MODEL_INTEL, VIR_DOMAIN_IOMMU_MODEL_SMMUV3, @@ -2670,6 +2677,9 @@ struct _virDomainDef { /* SEV-specific domain */ virDomainSEVDefPtr sev;
+ /* SGX-specific domain */ + virDomainSGXDefPtr sgx; + /* Application-specific custom metadata */ xmlNodePtr metadata;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 1c62cde251..084bcc7687 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr; typedef struct _virDomainSEVDef virDomainSEVDef; typedef virDomainSEVDef *virDomainSEVDefPtr;
+typedef struct _virDomainSGXDef virDomainSGXDef; typedef +virDomainSGXDef *virDomainSGXDefPtr; + typedef struct _virDomainShmemDef virDomainShmemDef; typedef virDomainShmemDef *virDomainShmemDefPtr;
On Thu, Jul 01, 2021 at 08:10:26PM +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
<launchSecurity type='sgx'> <epc_size unit='KiB'>1024</epc_size> </launchSecurity> --- src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++----------- src/conf/domain_conf.h | 10 ++++ src/conf/virconftypes.h | 3 ++ 3 files changed, 91 insertions(+), 28 deletions(-)
Not commenting the code for now as there is already ongoing work adding s390-pv-guest support that refactors exactly the same functions as this patch so we should coordinate the work to not introduce merge conflicts and unnecessary work for both contributors. https://listman.redhat.com/archives/libvir-list/2021-June/msg00653.html Pavel
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ef67efa1da..4336dafd82 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, VIR_DOMAIN_LAUNCH_SECURITY_LAST, "", "sev", + "sgx", );
static virClassPtr virDomainObjClass; @@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def) }
+static void +virDomainSGXDefFree(virDomainSGXDefPtr def) +{ + if (!def) + return; + + VIR_FREE(def); +} + + void virDomainDefFree(virDomainDefPtr def) { size_t i; @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def) (def->ns.free)(def->namespaceData);
virDomainSEVDefFree(def->sev); + virDomainSGXDefFree(def->sgx);
xmlFreeNode(def->metadata);
@@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, return 0; }
- static virDomainSEVDefPtr -virDomainSEVDefParseXML(xmlNodePtr sevNode, - xmlXPathContextPtr ctxt) +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt) { VIR_XPATH_NODE_AUTORESTORE(ctxt); virDomainSEVDefPtr def; unsigned long policy; - g_autofree char *type = NULL;
if (VIR_ALLOC(def) < 0) return NULL;
- ctxt->node = sevNode; - - if (!(type = virXMLPropString(sevNode, "type"))) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing launch security type")); - goto error; - } - - def->sectype = virDomainLaunchSecurityTypeFromString(type); - switch ((virDomainLaunchSecurity) def->sectype) { - case VIR_DOMAIN_LAUNCH_SECURITY_SEV: - break; - case VIR_DOMAIN_LAUNCH_SECURITY_NONE: - case VIR_DOMAIN_LAUNCH_SECURITY_LAST: - default: - virReportError(VIR_ERR_XML_ERROR, - _("unsupported launch security type '%s'"), - type); - goto error; - } + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", @@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, return NULL; }
+static virDomainSGXDefPtr +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + virDomainSGXDefPtr def; + + if (VIR_ALLOC(def) < 0) + return NULL; + + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX; + + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt, + &def->epc_size, false, false) < 0) + goto error; + + return def; + + error: + virDomainSGXDefFree(def); + return NULL; +} + +static int +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode, + xmlXPathContextPtr ctxt, + virDomainDefPtr def) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autofree char *type = NULL; + + ctxt->node = launchSecurityNode; + + if (!(type = virXMLPropString(launchSecurityNode, "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing launch security type")); + return -1; + } + + switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) { + case VIR_DOMAIN_LAUNCH_SECURITY_SEV: + def->sev = virDomainSEVDefParseXML(ctxt); + break; + case VIR_DOMAIN_LAUNCH_SECURITY_SGX: + def->sgx = virDomainSGXDefParseXML(ctxt); + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + default: + virReportError(VIR_ERR_XML_ERROR, + _("unsupported launch security type '%s'"), + type); + return -1; + } + + return 0; +} + static virDomainMemoryDefPtr virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt, xmlNodePtr memdevNode, @@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml, ctxt->node = node; VIR_FREE(nodes);
- /* Check for SEV feature */ - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) { - def->sev = virDomainSEVDefParseXML(node, ctxt); - if (!def->sev) + /* analysis of launch security */ + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0) + goto error; + + for (i = 0; i < n; i++) { + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0) goto error; } + VIR_FREE(nodes);
/* analysis of memory devices */ if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 011bf66cb4..88adf461df 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef { typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, + VIR_DOMAIN_LAUNCH_SECURITY_SGX,
VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef { };
+struct _virDomainSGXDef { + int sectype; /* enum virDomainLaunchSecurity */ + unsigned long long epc_size; /* kibibytes */ +}; + + typedef enum { VIR_DOMAIN_IOMMU_MODEL_INTEL, VIR_DOMAIN_IOMMU_MODEL_SMMUV3, @@ -2670,6 +2677,9 @@ struct _virDomainDef { /* SEV-specific domain */ virDomainSEVDefPtr sev;
+ /* SGX-specific domain */ + virDomainSGXDefPtr sgx; + /* Application-specific custom metadata */ xmlNodePtr metadata;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 1c62cde251..084bcc7687 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr; typedef struct _virDomainSEVDef virDomainSEVDef; typedef virDomainSEVDef *virDomainSEVDefPtr;
+typedef struct _virDomainSGXDef virDomainSGXDef; +typedef virDomainSGXDef *virDomainSGXDefPtr; + typedef struct _virDomainShmemDef virDomainShmemDef; typedef virDomainShmemDef *virDomainShmemDefPtr;
-- 2.17.1
Ok, got it. Thanks.
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Wednesday, July 7, 2021 4:36 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 1/4] conf: Introduce SGX related element into domain xml
On Thu, Jul 01, 2021 at 08:10:26PM +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
<launchSecurity type='sgx'> <epc_size unit='KiB'>1024</epc_size> </launchSecurity> --- src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++----------- src/conf/domain_conf.h | 10 ++++ src/conf/virconftypes.h | 3 ++ 3 files changed, 91 insertions(+), 28 deletions(-)
Not commenting the code for now as there is already ongoing work adding s390-pv-guest support that refactors exactly the same functions as this patch so we should coordinate the work to not introduce merge conflicts and unnecessary work for both contributors.
https://listman.redhat.com/archives/libvir-list/2021-June/msg00653.html
Pavel
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ef67efa1da..4336dafd82 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, VIR_DOMAIN_LAUNCH_SECURITY_LAST, "", "sev", + "sgx", );
static virClassPtr virDomainObjClass; @@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def) }
+static void +virDomainSGXDefFree(virDomainSGXDefPtr def) { + if (!def) + return; + + VIR_FREE(def); +} + + void virDomainDefFree(virDomainDefPtr def) { size_t i; @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def) (def->ns.free)(def->namespaceData);
virDomainSEVDefFree(def->sev); + virDomainSGXDefFree(def->sgx);
xmlFreeNode(def->metadata);
@@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, return 0; }
- static virDomainSEVDefPtr -virDomainSEVDefParseXML(xmlNodePtr sevNode, - xmlXPathContextPtr ctxt) +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt) { VIR_XPATH_NODE_AUTORESTORE(ctxt); virDomainSEVDefPtr def; unsigned long policy; - g_autofree char *type = NULL;
if (VIR_ALLOC(def) < 0) return NULL;
- ctxt->node = sevNode; - - if (!(type = virXMLPropString(sevNode, "type"))) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing launch security type")); - goto error; - } - - def->sectype = virDomainLaunchSecurityTypeFromString(type); - switch ((virDomainLaunchSecurity) def->sectype) { - case VIR_DOMAIN_LAUNCH_SECURITY_SEV: - break; - case VIR_DOMAIN_LAUNCH_SECURITY_NONE: - case VIR_DOMAIN_LAUNCH_SECURITY_LAST: - default: - virReportError(VIR_ERR_XML_ERROR, - _("unsupported launch security type '%s'"), - type); - goto error; - } + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", @@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, return NULL; }
+static virDomainSGXDefPtr +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt) { + VIR_XPATH_NODE_AUTORESTORE(ctxt); + virDomainSGXDefPtr def; + + if (VIR_ALLOC(def) < 0) + return NULL; + + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX; + + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt, + &def->epc_size, false, false) < 0) + goto error; + + return def; + + error: + virDomainSGXDefFree(def); + return NULL; +} + +static int +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode, + xmlXPathContextPtr ctxt, + virDomainDefPtr def) { + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autofree char *type = NULL; + + ctxt->node = launchSecurityNode; + + if (!(type = virXMLPropString(launchSecurityNode, "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing launch security type")); + return -1; + } + + switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) { + case VIR_DOMAIN_LAUNCH_SECURITY_SEV: + def->sev = virDomainSEVDefParseXML(ctxt); + break; + case VIR_DOMAIN_LAUNCH_SECURITY_SGX: + def->sgx = virDomainSGXDefParseXML(ctxt); + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + default: + virReportError(VIR_ERR_XML_ERROR, + _("unsupported launch security type '%s'"), + type); + return -1; + } + + return 0; +} + static virDomainMemoryDefPtr virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt, xmlNodePtr memdevNode, @@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml, ctxt->node = node; VIR_FREE(nodes);
- /* Check for SEV feature */ - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) { - def->sev = virDomainSEVDefParseXML(node, ctxt); - if (!def->sev) + /* analysis of launch security */ + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0) + goto error; + + for (i = 0; i < n; i++) { + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) + != 0) goto error; } + VIR_FREE(nodes);
/* analysis of memory devices */ if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 011bf66cb4..88adf461df 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef { typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, + VIR_DOMAIN_LAUNCH_SECURITY_SGX,
VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef { };
+struct _virDomainSGXDef { + int sectype; /* enum virDomainLaunchSecurity */ + unsigned long long epc_size; /* kibibytes */ }; + + typedef enum { VIR_DOMAIN_IOMMU_MODEL_INTEL, VIR_DOMAIN_IOMMU_MODEL_SMMUV3, @@ -2670,6 +2677,9 @@ struct _virDomainDef { /* SEV-specific domain */ virDomainSEVDefPtr sev;
+ /* SGX-specific domain */ + virDomainSGXDefPtr sgx; + /* Application-specific custom metadata */ xmlNodePtr metadata;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 1c62cde251..084bcc7687 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr; typedef struct _virDomainSEVDef virDomainSEVDef; typedef virDomainSEVDef *virDomainSEVDefPtr;
+typedef struct _virDomainSGXDef virDomainSGXDef; typedef +virDomainSGXDef *virDomainSGXDefPtr; + typedef struct _virDomainShmemDef virDomainShmemDef; typedef virDomainShmemDef *virDomainShmemDefPtr;
-- 2.17.1
From: Lin Yang <lin.a.yang@intel.com> According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line: -object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ -sgx-epc id=epc1,memdev=mem1 --- src/qemu/qemu_command.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 01812cd39b..2c3785886c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9869,6 +9869,27 @@ qemuBuildVsockCommandLine(virCommandPtr cmd, } +static int +qemuBuildSGXCommandLine(virCommandPtr cmd, virDomainSGXDefPtr sgx) +{ + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + + if (!sgx) + return 0; + + VIR_DEBUG("sgx->epc_size=%lluKiB", sgx->epc_size); + + virBufferAsprintf(&buf, "memory-backend-epc,id=mem1,size=%lluK,prealloc", sgx->epc_size); + virCommandAddArg(cmd, "-object"); + virCommandAddArgBuffer(cmd, &buf); + + virCommandAddArg(cmd, "-sgx-epc"); + virCommandAddArg(cmd, "id=epc1,memdev=mem1"); + + return 0; +} + + /* * Constructs a argv suitable for launching qemu with config defined * for a given virtual machine. @@ -10154,6 +10175,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, cfg->logTimestamp) virCommandAddArgList(cmd, "-msg", "timestamp=on", NULL); + if (qemuBuildSGXCommandLine(cmd, def->sgx) < 0) + return NULL; + return g_steal_pointer(&cmd); } -- 2.17.1
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line:
-object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ -sgx-epc id=epc1,memdev=mem1 --- src/qemu/qemu_command.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 01812cd39b..2c3785886c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9869,6 +9869,27 @@ qemuBuildVsockCommandLine(virCommandPtr cmd, } +static int +qemuBuildSGXCommandLine(virCommandPtr cmd, virDomainSGXDefPtr sgx) +{ + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + + if (!sgx) + return 0; + + VIR_DEBUG("sgx->epc_size=%lluKiB", sgx->epc_size); + + virBufferAsprintf(&buf, "memory-backend- epc,id=mem1,size=%lluK,prealloc", sgx->epc_size); + virCommandAddArg(cmd, "-object"); + virCommandAddArgBuffer(cmd, &buf);
virCommandAddArgFormat?
+ + virCommandAddArg(cmd, "-sgx-epc"); + virCommandAddArg(cmd, "id=epc1,memdev=mem1"); + + return 0; +} + + /* * Constructs a argv suitable for launching qemu with config defined * for a given virtual machine. @@ -10154,6 +10175,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, cfg->logTimestamp) virCommandAddArgList(cmd, "-msg", "timestamp=on", NULL); + if (qemuBuildSGXCommandLine(cmd, def->sgx) < 0) + return NULL; +
Personal opinion: I would not add this to the end of the function, but place it next to the call to "qemuBuildSEVCommandLine(...)". Or replace the call to qemuBuildSEVCommandLine() with a "qemuBuildSecurityCommandLine()", which in turn calls qemuBuild{SEV,SGX}CommandLine(). Regards, Tim
return g_steal_pointer(&cmd); }
-----Original Message----- From: Tim Wiederhake <twiederh@redhat.com> Sent: Monday, July 5, 2021 7:32 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 2/4] qemu: Add command-line to generate SGX EPC memory backend
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line:
-object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ -sgx-epc id=epc1,memdev=mem1 --- src/qemu/qemu_command.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 01812cd39b..2c3785886c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9869,6 +9869,27 @@ qemuBuildVsockCommandLine(virCommandPtr cmd, }
+static int +qemuBuildSGXCommandLine(virCommandPtr cmd, virDomainSGXDefPtr sgx) { + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + + if (!sgx) + return 0; + + VIR_DEBUG("sgx->epc_size=%lluKiB", sgx->epc_size); + + virBufferAsprintf(&buf, "memory-backend- epc,id=mem1,size=%lluK,prealloc", sgx->epc_size); + virCommandAddArg(cmd, "-object"); + virCommandAddArgBuffer(cmd, &buf);
virCommandAddArgFormat? [Haibin] ok, I will change to virCommandAddArgFormat
+ + virCommandAddArg(cmd, "-sgx-epc"); + virCommandAddArg(cmd, "id=epc1,memdev=mem1"); + + return 0; +} + + /* * Constructs a argv suitable for launching qemu with config defined * for a given virtual machine. @@ -10154,6 +10175,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, cfg->logTimestamp) virCommandAddArgList(cmd, "-msg", "timestamp=on", NULL);
+ if (qemuBuildSGXCommandLine(cmd, def->sgx) < 0) + return NULL; +
Personal opinion: I would not add this to the end of the function, but place it next to the call to "qemuBuildSEVCommandLine(...)". Or replace the call to qemuBuildSEVCommandLine() with a "qemuBuildSecurityCommandLine()", which in turn calls qemuBuild{SEV,SGX}CommandLine(). [Haibin] ok, good point.
Regards, Tim
return g_steal_pointer(&cmd); }
From: Lin Yang <lin.a.yang@intel.com> If SGX is defined in domain, add the argument to enable SGX in -cpu <model>: -cpu <model>,+sgx,+sgx-debug,+sgx1,+sgx-encls-c, +sgx-enclv,+sgx-exinfo,+sgx-kss,+sgx-mode64, +sgx-provisionkey,+sgx-tokenkey,+sgx2,+sgxlc --- src/qemu/qemu_command.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2c3785886c..fb05acbc94 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,6 +6405,12 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); + if(def->sgx) + virBufferAdd(buf, + ",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx-enclv,+sgx-exinfo," + "+sgx-kss,+sgx-mode64,+sgx-provisionkey,+sgx-tokenkey,+sgx2," + "+sgxlc", + -1); break; case VIR_CPU_MODE_LAST: -- 2.17.1
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
If SGX is defined in domain, add the argument to enable SGX in -cpu <model>:
-cpu <model>,+sgx,+sgx-debug,+sgx1,+sgx-encls-c, +sgx-enclv,+sgx-exinfo,+sgx-kss,+sgx-mode64, +sgx-provisionkey,+sgx-tokenkey,+sgx2,+sgxlc --- src/qemu/qemu_command.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2c3785886c..fb05acbc94 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,6 +6405,12 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); + if(def->sgx)
Space between "if" and "(". Regards, Tim
+ virBufferAdd(buf, + ",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx- enclv,+sgx-exinfo," + "+sgx-kss,+sgx-mode64,+sgx- provisionkey,+sgx-tokenkey,+sgx2," + "+sgxlc", + -1); break; case VIR_CPU_MODE_LAST:
-----Original Message----- From: Tim Wiederhake <twiederh@redhat.com> Sent: Monday, July 5, 2021 7:32 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 3/4] qemu: Add command-line to enable SGX
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
If SGX is defined in domain, add the argument to enable SGX in -cpu <model>: [Haibin] we will delete those fixed cpu feature, let user to use <feature> in domain definition to control it.
-cpu <model>,+sgx,+sgx-debug,+sgx1,+sgx-encls-c, +sgx-enclv,+sgx-exinfo,+sgx-kss,+sgx-mode64, +sgx-provisionkey,+sgx-tokenkey,+sgx2,+sgxlc --- src/qemu/qemu_command.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2c3785886c..fb05acbc94 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,6 +6405,12 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); + if(def->sgx)
Space between "if" and "(". [Haibin] ok
Regards, Tim
+ virBufferAdd(buf, + ",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx- enclv,+sgx-exinfo," + "+sgx-kss,+sgx-mode64,+sgx- provisionkey,+sgx-tokenkey,+sgx2," + "+sgxlc", + -1); break;
case VIR_CPU_MODE_LAST:
On Thu, Jul 01, 2021 at 08:10:28PM +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
If SGX is defined in domain, add the argument to enable SGX in -cpu <model>:
-cpu <model>,+sgx,+sgx-debug,+sgx1,+sgx-encls-c, +sgx-enclv,+sgx-exinfo,+sgx-kss,+sgx-mode64, +sgx-provisionkey,+sgx-tokenkey,+sgx2,+sgxlc --- src/qemu/qemu_command.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2c3785886c..fb05acbc94 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,6 +6405,12 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); + if(def->sgx) + virBufferAdd(buf, + ",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx-enclv,+sgx-exinfo," + "+sgx-kss,+sgx-mode64,+sgx-provisionkey,+sgx-tokenkey,+sgx2," + "+sgxlc", + -1);
+feature syntax in QEMU is deprecated. It should be feature=on Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-----Original Message----- From: Daniel P. Berrangé <berrange@redhat.com> Sent: Tuesday, July 20, 2021 5:08 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 3/4] qemu: Add command-line to enable SGX
On Thu, Jul 01, 2021 at 08:10:28PM +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
If SGX is defined in domain, add the argument to enable SGX in -cpu <model>:
-cpu <model>,+sgx,+sgx-debug,+sgx1,+sgx-encls-c, +sgx-enclv,+sgx-exinfo,+sgx-kss,+sgx-mode64, +sgx-provisionkey,+sgx-tokenkey,+sgx2,+sgxlc --- src/qemu/qemu_command.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2c3785886c..fb05acbc94 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,6 +6405,12 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); + if(def->sgx) + virBufferAdd(buf, + ",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx-enclv,+sgx-exinfo," + "+sgx-kss,+sgx-mode64,+sgx-provisionkey,+sgx- tokenkey,+sgx2," + "+sgxlc", + -1);
+feature syntax in QEMU is deprecated. It should be feature=on
[Haibin] ok, got it, I will modify it.
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-----Original Message----- From: Daniel P. Berrangé <berrange@redhat.com> Sent: Tuesday, July 20, 2021 5:08 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 3/4] qemu: Add command-line to enable SGX
On Thu, Jul 01, 2021 at 08:10:28PM +0800, Haibin Huang wrote:
From: Lin Yang <lin.a.yang@intel.com>
If SGX is defined in domain, add the argument to enable SGX in -cpu <model>:
-cpu <model>,+sgx,+sgx-debug,+sgx1,+sgx-encls-c, +sgx-enclv,+sgx-exinfo,+sgx-kss,+sgx-mode64, +sgx-provisionkey,+sgx-tokenkey,+sgx2,+sgxlc --- src/qemu/qemu_command.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2c3785886c..fb05acbc94 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,6 +6405,12 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); + if(def->sgx) + virBufferAdd(buf, + ",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx-enclv,+sgx- exinfo," + "+sgx-kss,+sgx-mode64,+sgx-provisionkey,+sgx- tokenkey,+sgx2," + "+sgxlc", + -1);
+feature syntax in QEMU is deprecated. It should be feature=on [Haibin] we have deleted it in v5 patch [https://listman.redhat.com/archives/libvir-list/2021-July/msg00381.html]
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size 4.Delete sgx1 and sgx2 5.add unit test for get capabilities Signed-off-by: Haibin Huang <haibin.huang@intel.com> --- src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_command.c | 2 +- src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 91 +++++++++++ src/qemu/qemu_monitor_json.h | 3 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + .../qemu_2.10.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + .../qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + 106 files changed, 399 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index d61108e125..f83a462ca3 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -91,6 +91,16 @@ virSEVCapabilitiesFree(virSEVCapability *cap) } +void +virSGXCapabilitiesFree(virSGXCapability *cap) +{ + if (!cap) + return; + + VIR_FREE(cap); +} + + static void virDomainCapsDispose(void *obj) { @@ -101,6 +111,7 @@ virDomainCapsDispose(void *obj) virObjectUnref(caps->cpu.custom); virCPUDefFree(caps->cpu.hostModel); virSEVCapabilitiesFree(caps->sev); + virSGXCapabilitiesFree(caps->sgx); virDomainCapsStringValuesFree(&caps->os.loader.values); } @@ -564,6 +575,23 @@ virDomainCapsFeatureSEVFormat(virBufferPtr buf, return; } +static void +virDomainCapsFeatureSGXFormat(virBufferPtr buf, + virSGXCapabilityPtr const sgx) +{ + if (!sgx) { + virBufferAddLit(buf, "<sgx supported='no'/>\n"); + } else { + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<epc_size unit='KiB'>%d</epc_size>\n", sgx->epc_size); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); + } + + return; +} static void virDomainCapsFormatFeatures(const virDomainCaps *caps, @@ -584,6 +612,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, } virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); virXMLFormatElement(buf, "features", NULL, &childBuf); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 685d5e2a44..d63f2d4219 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -150,6 +150,13 @@ struct _virDomainCapsCPU { virDomainCapsCPUModelsPtr custom; }; +typedef struct _virSGXCapability virSGXCapability; +typedef virSGXCapability *virSGXCapabilityPtr; +struct _virSGXCapability { + bool flc; + unsigned int epc_size; +}; + typedef struct _virSEVCapability virSEVCapability; typedef virSEVCapability *virSEVCapabilityPtr; struct _virSEVCapability { @@ -191,6 +198,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapabilityPtr sev; + virSGXCapabilityPtr sgx; /* add new domain features here */ virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; @@ -239,4 +247,9 @@ int virDomainCapsDeviceDefValidate(const virDomainCaps *caps, void virSEVCapabilitiesFree(virSEVCapability *capabilities); +void +virSGXCapabilitiesFree(virSGXCapability *capabilities); + G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 01c2e710cd..ea7aa897cc 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -215,6 +215,7 @@ virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; virSEVCapabilitiesFree; +virSGXCapabilitiesFree; # conf/domain_conf.h @@ -1694,7 +1695,6 @@ virBitmapToDataBuf; virBitmapToString; virBitmapUnion; - # util/virbpf.h virBPFAttachProg; virBPFCreateMap; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index ff6ba8c9e9..63f55480dd 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -597,6 +597,9 @@ VIR_ENUM_IMPL(virQEMUCaps, "spapr-tpm-proxy", "numa.hmat", "blockdev-hostdev-scsi", + + /* 380 */ + "sgx-epc", ); @@ -698,11 +701,14 @@ struct _virQEMUCaps { virSEVCapability *sevCapabilities; + virSGXCapability *sgxCapabilities; + /* Capabilities which may differ depending on the accelerator. */ virQEMUCapsAccel kvm; virQEMUCapsAccel tcg; }; + struct virQEMUCapsSearchData { virArch arch; const char *binaryFilter; @@ -1323,6 +1329,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "tcg-accel", QEMU_CAPS_TCG }, { "pvscsi", QEMU_CAPS_SCSI_PVSCSI }, { "spapr-tpm-proxy", QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY }, + { "sgx-epc", QEMU_CAPS_SGX_EPC }, }; @@ -1870,6 +1877,23 @@ virQEMUCapsSEVInfoCopy(virSEVCapabilityPtr *dst, } +static int +virQEMUCapsSGXInfoCopy(virSGXCapabilityPtr *dst, + virSGXCapabilityPtr src) +{ + g_autoptr(virSGXCapability) tmp = NULL; + + if (VIR_ALLOC(tmp) < 0) + return -1; + + tmp->flc = src->flc; + tmp->epc_size = src->epc_size; + + *dst = g_steal_pointer(&tmp); + return 0; +} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccelPtr dst, virQEMUCapsAccelPtr src) @@ -1947,6 +1971,11 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps) qemuCaps->sevCapabilities) < 0) goto error; + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) && + virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities, + qemuCaps->sgxCapabilities) < 0) + goto error; + return ret; error: @@ -1987,6 +2016,7 @@ void virQEMUCapsDispose(void *obj) VIR_FREE(qemuCaps->gicCapabilities); virSEVCapabilitiesFree(qemuCaps->sevCapabilities); + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); virQEMUCapsAccelClear(&qemuCaps->kvm); virQEMUCapsAccelClear(&qemuCaps->tcg); @@ -2581,6 +2611,13 @@ virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps) } +virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCapsPtr qemuCaps) +{ + return qemuCaps->sgxCapabilities; +} + + static int virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps, qemuMonitorPtr mon) @@ -2640,6 +2677,7 @@ virQEMUCapsProbeQMPObjectTypes(virQEMUCapsPtr qemuCaps, if ((nvalues = qemuMonitorGetObjectTypes(mon, &values)) < 0) return -1; + virQEMUCapsProcessStringFlags(qemuCaps, G_N_ELEMENTS(virQEMUCapsObjectTypes), virQEMUCapsObjectTypes, @@ -3405,6 +3443,31 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps, } +static int +virQEMUCapsProbeQMPSGXCapabilities(virQEMUCapsPtr qemuCaps, + qemuMonitorPtr mon) +{ + int rc = -1; + virSGXCapability *caps = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if ((rc = qemuMonitorGetSGXCapabilities(mon, &caps)) < 0) + return -1; + + /* SGX isn't actually supported */ + if (rc == 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_SGX_EPC); + return 0; + } + + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); + qemuCaps->sgxCapabilities = caps; + return 0; +} + + /* * Filter for features which should never be passed to QEMU. Either because * QEMU never supported them or they were dropped as they never did anything @@ -4187,6 +4250,42 @@ virQEMUCapsParseSEVInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt) return 0; } +static int +virQEMUCapsParseSGXInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt) +{ + g_autoptr(virSGXCapability) sgx = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if (virXPathBoolean("boolean(./sgx)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform data in QEMU " + "capabilities cache")); + return -1; + } + + if (VIR_ALLOC(sgx) < 0) + return -1; + + if (virXPathBoolean("boolean(./sgx/flc)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform flc data in QEMU " + "capabilities cache")); + return -1; + } + + if (virXPathUInt("string(./sgx/epc_size)", ctxt, &sgx->epc_size) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SGX platform epc_size information " + "in QEMU capabilities cache")); + return -1; + } + + qemuCaps->sgxCapabilities = g_steal_pointer(&sgx); + return 0; +} + /* * Parsing a doc that looks like @@ -4425,6 +4524,9 @@ virQEMUCapsLoadCache(virArch hostArch, if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0) goto cleanup; + if (virQEMUCapsParseSGXInfo(qemuCaps, ctxt) < 0) + goto cleanup; + virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM); virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU); @@ -4601,6 +4703,19 @@ virQEMUCapsFormatSEVInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf) virBufferAddLit(buf, "</sev>\n"); } +static void +virQEMUCapsFormatSGXInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf) +{ + virSGXCapabilityPtr sgx = virQEMUCapsGetSGXCapabilities(qemuCaps); + + virBufferAddLit(buf, "<sgx>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<epc_size>%u</epc_size>\n", sgx->epc_size); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); +} + char * virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) @@ -4671,6 +4786,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf); + if (qemuCaps->sgxCapabilities) + virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->kvmSupportsNesting) virBufferAddLit(&buf, "<kvmSupportsNesting/>\n"); @@ -5323,6 +5441,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps, return -1; if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) + return -1; virQEMUCapsInitProcessCaps(qemuCaps); @@ -6245,6 +6365,31 @@ virQEMUCapsFillDomainFeatureGICCaps(virQEMUCapsPtr qemuCaps, } +/** + * virQEMUCapsFillDomainFeatureiSGXCaps: + * @qemuCaps: QEMU capabilities + * @domCaps: domain capabilities + * + * Take the information about SGX capabilities that has been obtained + * using the 'query-sgx-capabilities' QMP command and stored in @qemuCaps + * and convert it to a form suitable for @domCaps. + */ +static void +virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsPtr domCaps) +{ + virSGXCapability *cap = qemuCaps->sgxCapabilities; + + if (!cap) + return; + + domCaps->sgx = g_new0(virSGXCapability, 1); + + domCaps->sgx->flc = cap->flc; + domCaps->sgx->epc_size = cap->epc_size; +} + + /** * virQEMUCapsFillDomainFeatureSEVCaps: * @qemuCaps: QEMU capabilities @@ -6316,6 +6461,7 @@ virQEMUCapsFillDomainCaps(virQEMUCapsPtr qemuCaps, virQEMUCapsFillDomainDeviceRNGCaps(qemuCaps, rng); virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps); return 0; } diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 5d08941538..0e3af622a7 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -578,6 +578,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_NUMA_HMAT, /* -numa hmat */ QEMU_CAPS_BLOCKDEV_HOSTDEV_SCSI, /* -blockdev used for (i)SCSI hostdevs */ + /* 380 */ + QEMU_CAPS_SGX_EPC, /* -object sgx-epc,... */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; @@ -759,5 +762,8 @@ virQEMUCapsCPUFeatureFromQEMU(virQEMUCapsPtr qemuCaps, virSEVCapabilityPtr virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps); +virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCapsPtr qemuCaps); + virArch virQEMUCapsArchFromString(const char *arch); const char *virQEMUCapsArchToString(virArch arch); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fb05acbc94..9462b5a6c8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,7 +6405,7 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); - if(def->sgx) + if (def->sgx) virBufferAdd(buf, ",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx-enclv,+sgx-exinfo," "+sgx-kss,+sgx-mode64,+sgx-provisionkey,+sgx-tokenkey,+sgx2," diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 637361d24d..1e377ee8dc 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3870,6 +3870,16 @@ qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, } +int +qemuMonitorGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetSGXCapabilities(mon, capabilities); +} + + int qemuMonitorNBDServerStart(qemuMonitorPtr mon, const virStorageNetHostDef *server, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index d20a15c202..76b3cd54c7 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -836,6 +836,9 @@ int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, virSEVCapability **capabilities); +int qemuMonitorGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND = 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK = 1 << 1, /* migration with non-shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 9cdf6c0f7f..06f0738ad8 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -44,6 +44,7 @@ # include "libvirt_qemu_probes.h" #endif +#define KB 1024 #define VIR_FROM_THIS VIR_FROM_QEMU VIR_LOG_INIT("qemu.qemu_monitor_json"); @@ -7056,6 +7057,96 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, } +/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx-capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns -1 on error, 0 if SGX is not supported, and 1 if SGX is supported on + * the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities) +{ + int ret = -1; + virJSONValuePtr cmd; + virJSONValuePtr reply = NULL; + virJSONValuePtr caps; + bool sgx = false; + bool flc = false; + unsigned int section_size = 0; + g_autoptr(virSGXCapability) capability = NULL; + + *capabilities = NULL; + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) { + ret = 0; + goto cleanup; + } + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "sgx", &sgx) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx reply was missing" + " 'sgx' field")); + goto cleanup; + } + if (!sgx) { + VIR_WARN("sgx is not support %d\n", sgx); + ret = 0; + goto cleanup; + } + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing" + " 'flc' field")); + goto cleanup; + } + + if (virJSONValueObjectGetNumberUint(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing" + " 'section-size' field")); + goto cleanup; + } + + + if (VIR_ALLOC(capability) < 0) + goto cleanup; + + capability->flc = flc; + + capability->epc_size = section_size/(KB); + *capabilities = g_steal_pointer(&capability); + ret = 1; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + + return ret; +} + + /** * qemuMonitorJSONGetSEVCapabilities: * @mon: qemu monitor object diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 098ab857be..b0c23e57ac 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -159,6 +159,9 @@ int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, virSEVCapability **capabilities); +int qemuMonitorJSONGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitorPtr mon, unsigned int flags, const char *uri); diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml b/tests/domaincapsdata/bhyve_basic.x86_64.xml index bdf2c4eee8..8998fb2cee 100644 --- a/tests/domaincapsdata/bhyve_basic.x86_64.xml +++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml @@ -32,5 +32,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml index f998c457c1..e013463456 100644 --- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml +++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml @@ -49,5 +49,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml b/tests/domaincapsdata/bhyve_uefi.x86_64.xml index 18f90023d5..d6243db384 100644 --- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml +++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml @@ -41,5 +41,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml index 6c3f5f54fd..df55215ed5 100644 --- a/tests/domaincapsdata/empty.xml +++ b/tests/domaincapsdata/empty.xml @@ -12,5 +12,6 @@ </devices> <features> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/libxl-xenfv.xml index 4efc137c97..160c220728 100644 --- a/tests/domaincapsdata/libxl-xenfv.xml +++ b/tests/domaincapsdata/libxl-xenfv.xml @@ -75,5 +75,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/libxl-xenpv.xml index 70e598fe9e..cbd64fabfc 100644 --- a/tests/domaincapsdata/libxl-xenpv.xml +++ b/tests/domaincapsdata/libxl-xenpv.xml @@ -65,5 +65,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml index 3ed96a3ee7..183f55a09d 100644 --- a/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml index 3b3d89a643..680751ab5e 100644 --- a/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3.x86_64.xml index 20cd3a105a..f2737be495 100644 --- a/tests/domaincapsdata/qemu_1.5.3.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml index a4b26b46cb..38f510c0b4 100644 --- a/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml index 6bff19bad5..970d2b7b83 100644 --- a/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0.x86_64.xml index 16417a13d2..eaa3e872e4 100644 --- a/tests/domaincapsdata/qemu_1.6.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml index 559b49491e..55460bb3eb 100644 --- a/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml index 97e71bffff..cf816e1315 100644 --- a/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0.x86_64.xml index 472c073de9..e86e538268 100644 --- a/tests/domaincapsdata/qemu_1.7.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml index a87f5b2a63..7a94784943 100644 --- a/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml index 192a505d77..413f46d5a6 100644 --- a/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml @@ -134,5 +134,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1.x86_64.xml index 15adfe0ee8..d087157b06 100644 --- a/tests/domaincapsdata/qemu_2.1.1.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1.x86_64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml index be2840d9b8..a70eb157d9 100644 --- a/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml @@ -161,5 +161,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml index 1193f49bd6..1730dd81ab 100644 --- a/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml @@ -176,5 +176,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml index 4505d64e3a..0fded78a64 100644 --- a/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml @@ -145,5 +145,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.aarch64.xml b/tests/domaincapsdata/qemu_2.10.0.aarch64.xml index 629833b745..d74e018aea 100644 --- a/tests/domaincapsdata/qemu_2.10.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.aarch64.xml @@ -139,5 +139,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.ppc64.xml b/tests/domaincapsdata/qemu_2.10.0.ppc64.xml index 863afbc0df..ba102fd26f 100644 --- a/tests/domaincapsdata/qemu_2.10.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.s390x.xml b/tests/domaincapsdata/qemu_2.10.0.s390x.xml index ce5c92edce..3c16cc8b05 100644 --- a/tests/domaincapsdata/qemu_2.10.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.10.0.s390x.xml @@ -200,5 +200,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0.x86_64.xml index 6596016d33..a47914a796 100644 --- a/tests/domaincapsdata/qemu_2.10.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.x86_64.xml @@ -161,5 +161,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml index c2e148e0fc..f0348486fd 100644 --- a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml @@ -159,5 +159,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml index 7f66cf7b7e..e8282b30fc 100644 --- a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml @@ -171,5 +171,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml index c5b48fdad5..2fdbe3ce5d 100644 --- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml @@ -199,5 +199,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml index 38b6b20f77..de5404b2a4 100644 --- a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml @@ -159,5 +159,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml index 8d38d33369..e977a8937a 100644 --- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml @@ -176,5 +176,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml index 9a89587115..3a4c85eb65 100644 --- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml @@ -185,5 +185,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml index 8ea58bfa25..f78722ea3c 100644 --- a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml index 667516e75e..c7de5ad674 100644 --- a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml @@ -141,5 +141,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml index eac3e6a868..8d3377e937 100644 --- a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.s390x.xml b/tests/domaincapsdata/qemu_2.12.0.s390x.xml index 01cc3d81ec..12ff7cfd95 100644 --- a/tests/domaincapsdata/qemu_2.12.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.12.0.s390x.xml @@ -198,5 +198,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml index 6e006a3ba3..2039b77790 100644 --- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml @@ -176,5 +176,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml index 23e103927e..608118652a 100644 --- a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml index 2a6296739c..411780d41e 100644 --- a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml index 7c6d78e510..6bd8627277 100644 --- a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml index bb8bd9c5c5..fe465bcfaa 100644 --- a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml index 8b022e9bd7..b4803039df 100644 --- a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml index a89990a42e..07eea7c96c 100644 --- a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml index 251696a161..c490c36170 100644 --- a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml index 7937fad971..3b53321be5 100644 --- a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml index 95053e9cbe..c1697eabf8 100644 --- a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml @@ -144,5 +144,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml index 223e944c8a..121acd636f 100644 --- a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml index c97f232028..41217aa7b1 100644 --- a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml index f95f8fb46a..586855e7e3 100644 --- a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml index 1e6c47f2d6..d8e523e904 100644 --- a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml index 8b7c2ce8e6..ed92bee692 100644 --- a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.s390x.xml b/tests/domaincapsdata/qemu_2.7.0.s390x.xml index ff3dd4939b..b8bc1245ec 100644 --- a/tests/domaincapsdata/qemu_2.7.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.7.0.s390x.xml @@ -103,5 +103,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml index da1b10c41b..c2df40d00e 100644 --- a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml index 0a7493d86d..78acecdfd7 100644 --- a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml index 100e8e059c..638bfea6f7 100644 --- a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.s390x.xml b/tests/domaincapsdata/qemu_2.8.0.s390x.xml index 47b1aa46f7..233092be64 100644 --- a/tests/domaincapsdata/qemu_2.8.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.8.0.s390x.xml @@ -184,5 +184,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml index 6fa754c18a..deb094df40 100644 --- a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml index 3df3c3738e..0669e56b1d 100644 --- a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml index 08bb5fbad7..045c308f8e 100644 --- a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml @@ -175,5 +175,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml index 3776b6ed9c..deca3b2373 100644 --- a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.s390x.xml b/tests/domaincapsdata/qemu_2.9.0.s390x.xml index cf7e7781cc..263a2a9a71 100644 --- a/tests/domaincapsdata/qemu_2.9.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.9.0.s390x.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml index a80ef28488..a553b5c7f2 100644 --- a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml index cd37906bc7..b8e27b774d 100644 --- a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml @@ -174,5 +174,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml index d3211e7a13..797b3496b8 100644 --- a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml index 1b8ddd4ed0..e791c0619c 100644 --- a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml @@ -113,5 +113,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.s390x.xml b/tests/domaincapsdata/qemu_3.0.0.s390x.xml index 7a4e536fb5..c12e40ca10 100644 --- a/tests/domaincapsdata/qemu_3.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_3.0.0.s390x.xml @@ -205,5 +205,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml index 9fa4224760..7667232cb1 100644 --- a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml @@ -174,5 +174,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml index 82b1b6a095..f24b621b4a 100644 --- a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml index 756b28034e..8ddcf7495d 100644 --- a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml @@ -188,5 +188,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml index 6a2bc87947..b34c8e8e02 100644 --- a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml @@ -113,5 +113,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml index ffc82f17c3..5440773513 100644 --- a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml index c837de966f..2ccb7e850f 100644 --- a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml index 0aa8aa18be..87a56371e1 100644 --- a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml index f5347aba9f..6a8a15cb82 100644 --- a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml @@ -154,5 +154,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml index b879d7553c..2a6d6cb4ec 100644 --- a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml @@ -148,5 +148,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml index 0642753f11..4831fe949d 100644 --- a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml @@ -114,5 +114,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.s390x.xml b/tests/domaincapsdata/qemu_4.0.0.s390x.xml index 632c26d689..7277154d38 100644 --- a/tests/domaincapsdata/qemu_4.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.0.0.s390x.xml @@ -210,5 +210,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml index 3f64bd4b66..e230e39773 100644 --- a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml index 8bf41d6b49..4ea0c221e3 100644 --- a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml @@ -182,5 +182,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml index d6265ce243..fd8a2d29de 100644 --- a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml index 5010f879a6..db4fbb81d5 100644 --- a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml @@ -182,5 +182,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml index 6f72b67f68..dc1e0b1bcc 100644 --- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml index 7339a3f81c..298cd92d3d 100644 --- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml index ef57216562..8ede831af4 100644 --- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml @@ -155,5 +155,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml index 3cf2a6faf1..802631b704 100644 --- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml @@ -149,5 +149,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml index 0f2cf6da64..14923e14b5 100644 --- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml @@ -115,5 +115,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml index ecd037438a..21cefb9ff4 100644 --- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml @@ -224,5 +224,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml index f4a8321637..55b3e0d545 100644 --- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml index fc21b2ad62..0252950bb6 100644 --- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml index 110a79dd34..bcbbf8a8d8 100644 --- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml index b2b37c0f7b..fc110c1028 100644 --- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml index 7377a2c4cf..d21e85f289 100644 --- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml @@ -150,5 +150,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml index 9693aeb72e..f3ffaaeca9 100644 --- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml @@ -115,5 +115,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml index aceca34c43..269976d0c4 100644 --- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml index e1762611c5..9044d839ad 100644 --- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml @@ -202,5 +202,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml index 86f091d238..cec56619d6 100644 --- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml index 117f316b6a..b0b0d8b4a9 100644 --- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml @@ -202,5 +202,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> -- 2.17.1
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size 4.Delete sgx1 and sgx2 5.add unit test for get capabilities
Signed-off-by: Haibin Huang <haibin.huang@intel.com> --- src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_command.c | 2 +- src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 91 +++++++++++ src/qemu/qemu_monitor_json.h | 3 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + .../qemu_2.10.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + .../qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + 106 files changed, 399 insertions(+), 2 deletions(-)
Can this be split up, so that the "mechanical" changes (tests/domaincapsdata/qemu_*.xml) are separate from the functional changes? E.g. start with a commit that introduces a dummy "virDomainCapsFeatureSGXFormat" that always prints "<sgx supported='no'/>" + the relevant changes in tests/; then, in a second commit, the actual implementation?
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index d61108e125..f83a462ca3 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -91,6 +91,16 @@ virSEVCapabilitiesFree(virSEVCapability *cap) } +void +virSGXCapabilitiesFree(virSGXCapability *cap) +{ + if (!cap) + return; + + VIR_FREE(cap); +} + + static void virDomainCapsDispose(void *obj) { @@ -101,6 +111,7 @@ virDomainCapsDispose(void *obj) virObjectUnref(caps->cpu.custom); virCPUDefFree(caps->cpu.hostModel); virSEVCapabilitiesFree(caps->sev); + virSGXCapabilitiesFree(caps->sgx); virDomainCapsStringValuesFree(&caps->os.loader.values); } @@ -564,6 +575,23 @@ virDomainCapsFeatureSEVFormat(virBufferPtr buf, return; } +static void +virDomainCapsFeatureSGXFormat(virBufferPtr buf, + virSGXCapabilityPtr const sgx) +{ + if (!sgx) { + virBufferAddLit(buf, "<sgx supported='no'/>\n"); + } else { + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<epc_size unit='KiB'>%d</epc_size>\n", sgx->epc_size); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); + } + + return; +} static void virDomainCapsFormatFeatures(const virDomainCaps *caps, @@ -584,6 +612,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, } virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); virXMLFormatElement(buf, "features", NULL, &childBuf); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 685d5e2a44..d63f2d4219 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -150,6 +150,13 @@ struct _virDomainCapsCPU { virDomainCapsCPUModelsPtr custom; }; +typedef struct _virSGXCapability virSGXCapability; +typedef virSGXCapability *virSGXCapabilityPtr; +struct _virSGXCapability { + bool flc; + unsigned int epc_size; +}; + typedef struct _virSEVCapability virSEVCapability; typedef virSEVCapability *virSEVCapabilityPtr; struct _virSEVCapability { @@ -191,6 +198,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapabilityPtr sev; + virSGXCapabilityPtr sgx;
Requires change to docs/schema/.
/* add new domain features here */ virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; @@ -239,4 +247,9 @@ int virDomainCapsDeviceDefValidate(const virDomainCaps *caps, void virSEVCapabilitiesFree(virSEVCapability *capabilities); +void +virSGXCapabilitiesFree(virSGXCapability *capabilities); + G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 01c2e710cd..ea7aa897cc 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -215,6 +215,7 @@ virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; virSEVCapabilitiesFree; +virSGXCapabilitiesFree; # conf/domain_conf.h @@ -1694,7 +1695,6 @@ virBitmapToDataBuf; virBitmapToString; virBitmapUnion; -
Please leave the second empty line.
# util/virbpf.h virBPFAttachProg; virBPFCreateMap; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index ff6ba8c9e9..63f55480dd 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -597,6 +597,9 @@ VIR_ENUM_IMPL(virQEMUCaps, "spapr-tpm-proxy", "numa.hmat", "blockdev-hostdev-scsi", + + /* 380 */ + "sgx-epc", ); @@ -698,11 +701,14 @@ struct _virQEMUCaps { virSEVCapability *sevCapabilities; + virSGXCapability *sgxCapabilities; + /* Capabilities which may differ depending on the accelerator. */ virQEMUCapsAccel kvm; virQEMUCapsAccel tcg; }; + struct virQEMUCapsSearchData { virArch arch; const char *binaryFilter; @@ -1323,6 +1329,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "tcg-accel", QEMU_CAPS_TCG }, { "pvscsi", QEMU_CAPS_SCSI_PVSCSI }, { "spapr-tpm-proxy", QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY }, + { "sgx-epc", QEMU_CAPS_SGX_EPC }, }; @@ -1870,6 +1877,23 @@ virQEMUCapsSEVInfoCopy(virSEVCapabilityPtr *dst, } +static int +virQEMUCapsSGXInfoCopy(virSGXCapabilityPtr *dst, + virSGXCapabilityPtr src) +{ + g_autoptr(virSGXCapability) tmp = NULL; + + if (VIR_ALLOC(tmp) < 0) + return -1;
If this were a simple "virSGXCapability *tmp = g_new0(...)"...
+ + tmp->flc = src->flc; + tmp->epc_size = src->epc_size; + + *dst = g_steal_pointer(&tmp); + return 0;
... the g_steal_pointer would not be necessary, and "G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree);" would not be, either.
+} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccelPtr dst, virQEMUCapsAccelPtr src) @@ -1947,6 +1971,11 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps) qemuCaps->sevCapabilities) < 0) goto error; + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) && + virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities, + qemuCaps->sgxCapabilities) < 0) + goto error; + return ret; error: @@ -1987,6 +2016,7 @@ void virQEMUCapsDispose(void *obj) VIR_FREE(qemuCaps->gicCapabilities); virSEVCapabilitiesFree(qemuCaps->sevCapabilities); + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); virQEMUCapsAccelClear(&qemuCaps->kvm); virQEMUCapsAccelClear(&qemuCaps->tcg); @@ -2581,6 +2611,13 @@ virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps) } +virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCapsPtr qemuCaps) +{ + return qemuCaps->sgxCapabilities; +} + + static int virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps, qemuMonitorPtr mon) @@ -2640,6 +2677,7 @@ virQEMUCapsProbeQMPObjectTypes(virQEMUCapsPtr qemuCaps, if ((nvalues = qemuMonitorGetObjectTypes(mon, &values)) < 0) return -1; +
Unrelated change.
virQEMUCapsProcessStringFlags(qemuCaps, G_N_ELEMENTS(virQEMUCapsObjectTypes), virQEMUCapsObjectTypes, @@ -3405,6 +3443,31 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps, } +static int +virQEMUCapsProbeQMPSGXCapabilities(virQEMUCapsPtr qemuCaps, + qemuMonitorPtr mon) +{ + int rc = -1; + virSGXCapability *caps = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if ((rc = qemuMonitorGetSGXCapabilities(mon, &caps)) < 0) + return -1; + + /* SGX isn't actually supported */ + if (rc == 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_SGX_EPC); + return 0; + } + + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); + qemuCaps->sgxCapabilities = caps; + return 0; +} + + /* * Filter for features which should never be passed to QEMU. Either because * QEMU never supported them or they were dropped as they never did anything @@ -4187,6 +4250,42 @@ virQEMUCapsParseSEVInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt) return 0; } +static int +virQEMUCapsParseSGXInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt) +{ + g_autoptr(virSGXCapability) sgx = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; +
Using "virXPathNode()" + "virXMLProp*()" might save you some boiler plate code and writing custom error messages.
+ if (virXPathBoolean("boolean(./sgx)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform data in QEMU " + "capabilities cache")); + return -1; + } + + if (VIR_ALLOC(sgx) < 0) + return -1; +
Prefer "g_new0".
epc_size); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); +}
+ if (virXPathBoolean("boolean(./sgx/flc)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform flc data in QEMU " + "capabilities cache")); + return -1; + } + + if (virXPathUInt("string(./sgx/epc_size)", ctxt, &sgx->epc_size) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SGX platform epc_size information " + "in QEMU capabilities cache")); + return -1; + } + + qemuCaps->sgxCapabilities = g_steal_pointer(&sgx); + return 0; +} + /* * Parsing a doc that looks like @@ -4425,6 +4524,9 @@ virQEMUCapsLoadCache(virArch hostArch, if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0) goto cleanup; + if (virQEMUCapsParseSGXInfo(qemuCaps, ctxt) < 0) + goto cleanup; + virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM); virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU); @@ -4601,6 +4703,19 @@ virQEMUCapsFormatSEVInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf) virBufferAddLit(buf, "</sev>\n"); } +static void +virQEMUCapsFormatSGXInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf) +{ + virSGXCapabilityPtr sgx = virQEMUCapsGetSGXCapabilities(qemuCaps); + + virBufferAddLit(buf, "<sgx>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<epc_size>%u</epc_size>\n", sgx- + char * virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) @@ -4671,6 +4786,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf); + if (qemuCaps->sgxCapabilities) + virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->kvmSupportsNesting) virBufferAddLit(&buf, "<kvmSupportsNesting/>\n"); @@ -5323,6 +5441,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps, return -1; if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) + return -1; virQEMUCapsInitProcessCaps(qemuCaps); @@ -6245,6 +6365,31 @@ virQEMUCapsFillDomainFeatureGICCaps(virQEMUCapsPtr qemuCaps, } +/** + * virQEMUCapsFillDomainFeatureiSGXCaps: + * @qemuCaps: QEMU capabilities + * @domCaps: domain capabilities + * + * Take the information about SGX capabilities that has been obtained + * using the 'query-sgx-capabilities' QMP command and stored in @qemuCaps + * and convert it to a form suitable for @domCaps. + */ +static void +virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsPtr domCaps) +{ + virSGXCapability *cap = qemuCaps->sgxCapabilities; + + if (!cap) + return; + + domCaps->sgx = g_new0(virSGXCapability, 1); + + domCaps->sgx->flc = cap->flc; + domCaps->sgx->epc_size = cap->epc_size; +} + + /** * virQEMUCapsFillDomainFeatureSEVCaps: * @qemuCaps: QEMU capabilities @@ -6316,6 +6461,7 @@ virQEMUCapsFillDomainCaps(virQEMUCapsPtr qemuCaps, virQEMUCapsFillDomainDeviceRNGCaps(qemuCaps, rng); virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps); return 0; } diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 5d08941538..0e3af622a7 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -578,6 +578,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_NUMA_HMAT, /* -numa hmat */ QEMU_CAPS_BLOCKDEV_HOSTDEV_SCSI, /* -blockdev used for (i)SCSI hostdevs */ + /* 380 */ + QEMU_CAPS_SGX_EPC, /* -object sgx-epc,... */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; @@ -759,5 +762,8 @@ virQEMUCapsCPUFeatureFromQEMU(virQEMUCapsPtr qemuCaps, virSEVCapabilityPtr virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps); +virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCapsPtr qemuCaps); + virArch virQEMUCapsArchFromString(const char *arch); const char *virQEMUCapsArchToString(virArch arch); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fb05acbc94..9462b5a6c8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,7 +6405,7 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); - if(def->sgx) + if (def->sgx) virBufferAdd(buf,
Fix in previous patch.
",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx- enclv,+sgx-exinfo," "+sgx-kss,+sgx-mode64,+sgx- provisionkey,+sgx-tokenkey,+sgx2," diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 637361d24d..1e377ee8dc 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3870,6 +3870,16 @@ qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, } +int +qemuMonitorGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetSGXCapabilities(mon, capabilities); +} + + int qemuMonitorNBDServerStart(qemuMonitorPtr mon, const virStorageNetHostDef *server, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index d20a15c202..76b3cd54c7 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -836,6 +836,9 @@ int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, virSEVCapability **capabilities); +int qemuMonitorGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND = 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK = 1 << 1, /* migration with non-shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 9cdf6c0f7f..06f0738ad8 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -44,6 +44,7 @@ # include "libvirt_qemu_probes.h" #endif +#define KB 1024 #define VIR_FROM_THIS VIR_FROM_QEMU VIR_LOG_INIT("qemu.qemu_monitor_json"); @@ -7056,6 +7057,96 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, } +/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx- capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns -1 on error, 0 if SGX is not supported, and 1 if SGX is supported on + * the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities) +{ + int ret = -1; + virJSONValuePtr cmd; + virJSONValuePtr reply = NULL; + virJSONValuePtr caps; + bool sgx = false; + bool flc = false; + unsigned int section_size = 0; + g_autoptr(virSGXCapability) capability = NULL; + + *capabilities = NULL; + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) { + ret = 0; + goto cleanup; + } + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "sgx", &sgx) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx reply was missing" + " 'sgx' field")); + goto cleanup; + } + if (!sgx) { + VIR_WARN("sgx is not support %d\n", sgx); + ret = 0; + goto cleanup; + } + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing" + " 'flc' field")); + goto cleanup; + } + + if (virJSONValueObjectGetNumberUint(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing" + " 'section-size' field")); + goto cleanup; + } + + + if (VIR_ALLOC(capability) < 0) + goto cleanup; + + capability->flc = flc; + + capability->epc_size = section_size/(KB); + *capabilities = g_steal_pointer(&capability); + ret = 1; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply);
Using "g_autoptr(virJsonValue) cmd;" and "g_autoptr(virJsonValue) reply;" would remove the need for "goto" and the label. Regards, Tim
+ + return ret; +} + + /** * qemuMonitorJSONGetSEVCapabilities: * @mon: qemu monitor object diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 098ab857be..b0c23e57ac 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -159,6 +159,9 @@ int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, virSEVCapability **capabilities); +int qemuMonitorJSONGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitorPtr mon, unsigned int flags, const char *uri); diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml b/tests/domaincapsdata/bhyve_basic.x86_64.xml index bdf2c4eee8..8998fb2cee 100644 --- a/tests/domaincapsdata/bhyve_basic.x86_64.xml +++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml @@ -32,5 +32,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml index f998c457c1..e013463456 100644 --- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml +++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml @@ -49,5 +49,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml b/tests/domaincapsdata/bhyve_uefi.x86_64.xml index 18f90023d5..d6243db384 100644 --- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml +++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml @@ -41,5 +41,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml index 6c3f5f54fd..df55215ed5 100644 --- a/tests/domaincapsdata/empty.xml +++ b/tests/domaincapsdata/empty.xml @@ -12,5 +12,6 @@ </devices> <features> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/libxl-xenfv.xml index 4efc137c97..160c220728 100644 --- a/tests/domaincapsdata/libxl-xenfv.xml +++ b/tests/domaincapsdata/libxl-xenfv.xml @@ -75,5 +75,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/libxl-xenpv.xml index 70e598fe9e..cbd64fabfc 100644 --- a/tests/domaincapsdata/libxl-xenpv.xml +++ b/tests/domaincapsdata/libxl-xenpv.xml @@ -65,5 +65,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml index 3ed96a3ee7..183f55a09d 100644 --- a/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml index 3b3d89a643..680751ab5e 100644 --- a/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3.x86_64.xml index 20cd3a105a..f2737be495 100644 --- a/tests/domaincapsdata/qemu_1.5.3.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml index a4b26b46cb..38f510c0b4 100644 --- a/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml index 6bff19bad5..970d2b7b83 100644 --- a/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0.x86_64.xml index 16417a13d2..eaa3e872e4 100644 --- a/tests/domaincapsdata/qemu_1.6.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml index 559b49491e..55460bb3eb 100644 --- a/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml index 97e71bffff..cf816e1315 100644 --- a/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0.x86_64.xml index 472c073de9..e86e538268 100644 --- a/tests/domaincapsdata/qemu_1.7.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml index a87f5b2a63..7a94784943 100644 --- a/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml index 192a505d77..413f46d5a6 100644 --- a/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml @@ -134,5 +134,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1.x86_64.xml index 15adfe0ee8..d087157b06 100644 --- a/tests/domaincapsdata/qemu_2.1.1.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1.x86_64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml index be2840d9b8..a70eb157d9 100644 --- a/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml @@ -161,5 +161,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml index 1193f49bd6..1730dd81ab 100644 --- a/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml @@ -176,5 +176,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml index 4505d64e3a..0fded78a64 100644 --- a/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml @@ -145,5 +145,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.aarch64.xml b/tests/domaincapsdata/qemu_2.10.0.aarch64.xml index 629833b745..d74e018aea 100644 --- a/tests/domaincapsdata/qemu_2.10.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.aarch64.xml @@ -139,5 +139,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.ppc64.xml b/tests/domaincapsdata/qemu_2.10.0.ppc64.xml index 863afbc0df..ba102fd26f 100644 --- a/tests/domaincapsdata/qemu_2.10.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.s390x.xml b/tests/domaincapsdata/qemu_2.10.0.s390x.xml index ce5c92edce..3c16cc8b05 100644 --- a/tests/domaincapsdata/qemu_2.10.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.10.0.s390x.xml @@ -200,5 +200,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0.x86_64.xml index 6596016d33..a47914a796 100644 --- a/tests/domaincapsdata/qemu_2.10.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.x86_64.xml @@ -161,5 +161,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml index c2e148e0fc..f0348486fd 100644 --- a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml @@ -159,5 +159,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml index 7f66cf7b7e..e8282b30fc 100644 --- a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml @@ -171,5 +171,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml index c5b48fdad5..2fdbe3ce5d 100644 --- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml @@ -199,5 +199,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml index 38b6b20f77..de5404b2a4 100644 --- a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml @@ -159,5 +159,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml index 8d38d33369..e977a8937a 100644 --- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml @@ -176,5 +176,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml index 9a89587115..3a4c85eb65 100644 --- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml @@ -185,5 +185,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml index 8ea58bfa25..f78722ea3c 100644 --- a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml index 667516e75e..c7de5ad674 100644 --- a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml @@ -141,5 +141,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml index eac3e6a868..8d3377e937 100644 --- a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.s390x.xml b/tests/domaincapsdata/qemu_2.12.0.s390x.xml index 01cc3d81ec..12ff7cfd95 100644 --- a/tests/domaincapsdata/qemu_2.12.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.12.0.s390x.xml @@ -198,5 +198,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml index 6e006a3ba3..2039b77790 100644 --- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml @@ -176,5 +176,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml index 23e103927e..608118652a 100644 --- a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml index 2a6296739c..411780d41e 100644 --- a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml index 7c6d78e510..6bd8627277 100644 --- a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml index bb8bd9c5c5..fe465bcfaa 100644 --- a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml index 8b022e9bd7..b4803039df 100644 --- a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml index a89990a42e..07eea7c96c 100644 --- a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml index 251696a161..c490c36170 100644 --- a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml index 7937fad971..3b53321be5 100644 --- a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml index 95053e9cbe..c1697eabf8 100644 --- a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml @@ -144,5 +144,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml index 223e944c8a..121acd636f 100644 --- a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml index c97f232028..41217aa7b1 100644 --- a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml index f95f8fb46a..586855e7e3 100644 --- a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml index 1e6c47f2d6..d8e523e904 100644 --- a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml index 8b7c2ce8e6..ed92bee692 100644 --- a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.s390x.xml b/tests/domaincapsdata/qemu_2.7.0.s390x.xml index ff3dd4939b..b8bc1245ec 100644 --- a/tests/domaincapsdata/qemu_2.7.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.7.0.s390x.xml @@ -103,5 +103,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml index da1b10c41b..c2df40d00e 100644 --- a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml index 0a7493d86d..78acecdfd7 100644 --- a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml index 100e8e059c..638bfea6f7 100644 --- a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.s390x.xml b/tests/domaincapsdata/qemu_2.8.0.s390x.xml index 47b1aa46f7..233092be64 100644 --- a/tests/domaincapsdata/qemu_2.8.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.8.0.s390x.xml @@ -184,5 +184,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml index 6fa754c18a..deb094df40 100644 --- a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml index 3df3c3738e..0669e56b1d 100644 --- a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml index 08bb5fbad7..045c308f8e 100644 --- a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml @@ -175,5 +175,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml index 3776b6ed9c..deca3b2373 100644 --- a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.s390x.xml b/tests/domaincapsdata/qemu_2.9.0.s390x.xml index cf7e7781cc..263a2a9a71 100644 --- a/tests/domaincapsdata/qemu_2.9.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.9.0.s390x.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml index a80ef28488..a553b5c7f2 100644 --- a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml index cd37906bc7..b8e27b774d 100644 --- a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml @@ -174,5 +174,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml index d3211e7a13..797b3496b8 100644 --- a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml index 1b8ddd4ed0..e791c0619c 100644 --- a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml @@ -113,5 +113,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.s390x.xml b/tests/domaincapsdata/qemu_3.0.0.s390x.xml index 7a4e536fb5..c12e40ca10 100644 --- a/tests/domaincapsdata/qemu_3.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_3.0.0.s390x.xml @@ -205,5 +205,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml index 9fa4224760..7667232cb1 100644 --- a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml @@ -174,5 +174,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml index 82b1b6a095..f24b621b4a 100644 --- a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml index 756b28034e..8ddcf7495d 100644 --- a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml @@ -188,5 +188,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml index 6a2bc87947..b34c8e8e02 100644 --- a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml @@ -113,5 +113,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml index ffc82f17c3..5440773513 100644 --- a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml index c837de966f..2ccb7e850f 100644 --- a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml index 0aa8aa18be..87a56371e1 100644 --- a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml index f5347aba9f..6a8a15cb82 100644 --- a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml @@ -154,5 +154,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml index b879d7553c..2a6d6cb4ec 100644 --- a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml @@ -148,5 +148,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml index 0642753f11..4831fe949d 100644 --- a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml @@ -114,5 +114,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.s390x.xml b/tests/domaincapsdata/qemu_4.0.0.s390x.xml index 632c26d689..7277154d38 100644 --- a/tests/domaincapsdata/qemu_4.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.0.0.s390x.xml @@ -210,5 +210,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml index 3f64bd4b66..e230e39773 100644 --- a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml index 8bf41d6b49..4ea0c221e3 100644 --- a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml @@ -182,5 +182,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml index d6265ce243..fd8a2d29de 100644 --- a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml index 5010f879a6..db4fbb81d5 100644 --- a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml @@ -182,5 +182,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml index 6f72b67f68..dc1e0b1bcc 100644 --- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml index 7339a3f81c..298cd92d3d 100644 --- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml index ef57216562..8ede831af4 100644 --- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml @@ -155,5 +155,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml index 3cf2a6faf1..802631b704 100644 --- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml @@ -149,5 +149,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml index 0f2cf6da64..14923e14b5 100644 --- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml @@ -115,5 +115,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml index ecd037438a..21cefb9ff4 100644 --- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml @@ -224,5 +224,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml index f4a8321637..55b3e0d545 100644 --- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml index fc21b2ad62..0252950bb6 100644 --- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml index 110a79dd34..bcbbf8a8d8 100644 --- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml index b2b37c0f7b..fc110c1028 100644 --- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml index 7377a2c4cf..d21e85f289 100644 --- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml @@ -150,5 +150,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml index 9693aeb72e..f3ffaaeca9 100644 --- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml @@ -115,5 +115,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml index aceca34c43..269976d0c4 100644 --- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml index e1762611c5..9044d839ad 100644 --- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml @@ -202,5 +202,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml index 86f091d238..cec56619d6 100644 --- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml index 117f316b6a..b0b0d8b4a9 100644 --- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml @@ -202,5 +202,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities>
-----Original Message----- From: Tim Wiederhake <twiederh@redhat.com> Sent: Monday, July 5, 2021 7:32 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 4/4] Support to query SGX capability
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
1.Add SGX feature in domain capabilities 2.Get sgx capabilities by query-sgx-capabilities 3.Transfer the B to KB for epc_size 4.Delete sgx1 and sgx2 5.add unit test for get capabilities
Signed-off-by: Haibin Huang <haibin.huang@intel.com> --- src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_command.c | 2 +- src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 91 +++++++++++ src/qemu/qemu_monitor_json.h | 3 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + .../qemu_2.10.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + .../qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + 106 files changed, 399 insertions(+), 2 deletions(-)
Can this be split up, so that the "mechanical" changes (tests/domaincapsdata/qemu_*.xml) are separate from the functional changes? E.g. start with a commit that introduces a dummy "virDomainCapsFeatureSGXFormat" that always prints "<sgx supported='no'/>" + the relevant changes in tests/; then, in a second commit, the actual implementation? [Haibin] ok, it is good point. I will adjust it.
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index d61108e125..f83a462ca3 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -91,6 +91,16 @@ virSEVCapabilitiesFree(virSEVCapability *cap) }
+void +virSGXCapabilitiesFree(virSGXCapability *cap) +{ + if (!cap) + return; + + VIR_FREE(cap); +} + + static void virDomainCapsDispose(void *obj) { @@ -101,6 +111,7 @@ virDomainCapsDispose(void *obj) virObjectUnref(caps->cpu.custom); virCPUDefFree(caps->cpu.hostModel); virSEVCapabilitiesFree(caps->sev); + virSGXCapabilitiesFree(caps->sgx);
virDomainCapsStringValuesFree(&caps->os.loader.values); } @@ -564,6 +575,23 @@ virDomainCapsFeatureSEVFormat(virBufferPtr buf, return; }
+static void +virDomainCapsFeatureSGXFormat(virBufferPtr buf, + virSGXCapabilityPtr const sgx) +{ + if (!sgx) { + virBufferAddLit(buf, "<sgx supported='no'/>\n"); + } else { + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<epc_size unit='KiB'>%d</epc_size>\n", sgx->epc_size); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); + } + + return; +}
static void virDomainCapsFormatFeatures(const virDomainCaps *caps, @@ -584,6 +612,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, }
virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx);
virXMLFormatElement(buf, "features", NULL, &childBuf); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 685d5e2a44..d63f2d4219 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -150,6 +150,13 @@ struct _virDomainCapsCPU { virDomainCapsCPUModelsPtr custom; };
+typedef struct _virSGXCapability virSGXCapability; +typedef virSGXCapability *virSGXCapabilityPtr; +struct _virSGXCapability { + bool flc; + unsigned int epc_size; +}; + typedef struct _virSEVCapability virSEVCapability; typedef virSEVCapability *virSEVCapabilityPtr; struct _virSEVCapability { @@ -191,6 +198,7 @@ struct _virDomainCaps {
virDomainCapsFeatureGIC gic; virSEVCapabilityPtr sev; + virSGXCapabilityPtr sgx;
Requires change to docs/schema/. [Haibin] ok, I got it, I think you mean "docs/schemas/domaincaps.rng".
/* add new domain features here */
virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; @@ -239,4 +247,9 @@ int virDomainCapsDeviceDefValidate(const virDomainCaps *caps, void virSEVCapabilitiesFree(virSEVCapability *capabilities);
+void +virSGXCapabilitiesFree(virSGXCapability *capabilities); + G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 01c2e710cd..ea7aa897cc 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -215,6 +215,7 @@ virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; virSEVCapabilitiesFree; +virSGXCapabilitiesFree;
# conf/domain_conf.h @@ -1694,7 +1695,6 @@ virBitmapToDataBuf; virBitmapToString; virBitmapUnion;
-
Please leave the second empty line. [Haibin] ok
# util/virbpf.h virBPFAttachProg; virBPFCreateMap; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index ff6ba8c9e9..63f55480dd 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -597,6 +597,9 @@ VIR_ENUM_IMPL(virQEMUCaps, "spapr-tpm-proxy", "numa.hmat", "blockdev-hostdev-scsi", + + /* 380 */ + "sgx-epc", );
@@ -698,11 +701,14 @@ struct _virQEMUCaps {
virSEVCapability *sevCapabilities;
+ virSGXCapability *sgxCapabilities; + /* Capabilities which may differ depending on the accelerator. */ virQEMUCapsAccel kvm; virQEMUCapsAccel tcg; };
+ struct virQEMUCapsSearchData { virArch arch; const char *binaryFilter; @@ -1323,6 +1329,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "tcg-accel", QEMU_CAPS_TCG }, { "pvscsi", QEMU_CAPS_SCSI_PVSCSI }, { "spapr-tpm-proxy", QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY }, + { "sgx-epc", QEMU_CAPS_SGX_EPC }, };
@@ -1870,6 +1877,23 @@ virQEMUCapsSEVInfoCopy(virSEVCapabilityPtr *dst, }
+static int +virQEMUCapsSGXInfoCopy(virSGXCapabilityPtr *dst, + virSGXCapabilityPtr src) +{ + g_autoptr(virSGXCapability) tmp = NULL; + + if (VIR_ALLOC(tmp) < 0) + return -1;
If this were a simple "virSGXCapability *tmp = g_new0(...)"...
+ + tmp->flc = src->flc; + tmp->epc_size = src->epc_size; + + *dst = g_steal_pointer(&tmp); + return 0;
... the g_steal_pointer would not be necessary, and "G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree);" would not be, either. [Haibin] did you mean like below
static int virQEMUCapsSGXInfoCopy(virSGXCapabilityPtr *dst, virSGXCapabilityPtr src) { virSGXCapability *tmp = g_new0(virSGXCapability, 1); tmp->flc = src->flc; tmp->epc_size = src->epc_size; *dst = tmp; return 0; }
+} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccelPtr dst, virQEMUCapsAccelPtr src) @@ -1947,6 +1971,11 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps) qemuCaps->sevCapabilities) < 0) goto error;
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) && + virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities, + qemuCaps->sgxCapabilities) < 0) + goto error; + return ret;
error: @@ -1987,6 +2016,7 @@ void virQEMUCapsDispose(void *obj) VIR_FREE(qemuCaps->gicCapabilities);
virSEVCapabilitiesFree(qemuCaps->sevCapabilities); + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities);
virQEMUCapsAccelClear(&qemuCaps->kvm); virQEMUCapsAccelClear(&qemuCaps->tcg); @@ -2581,6 +2611,13 @@ virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps) }
+virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCapsPtr qemuCaps) +{ + return qemuCaps->sgxCapabilities; +} + + static int virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps, qemuMonitorPtr mon) @@ -2640,6 +2677,7 @@ virQEMUCapsProbeQMPObjectTypes(virQEMUCapsPtr qemuCaps,
if ((nvalues = qemuMonitorGetObjectTypes(mon, &values)) < 0) return -1; +
Unrelated change.
[Haibin] ok, delete it.
virQEMUCapsProcessStringFlags(qemuCaps,
G_N_ELEMENTS(virQEMUCapsObjectTypes), virQEMUCapsObjectTypes, @@ -3405,6 +3443,31 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps, }
+static int +virQEMUCapsProbeQMPSGXCapabilities(virQEMUCapsPtr qemuCaps, + qemuMonitorPtr mon) +{ + int rc = -1; + virSGXCapability *caps = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if ((rc = qemuMonitorGetSGXCapabilities(mon, &caps)) < 0) + return -1; + + /* SGX isn't actually supported */ + if (rc == 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_SGX_EPC); + return 0; + } + + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); + qemuCaps->sgxCapabilities = caps; + return 0; +} + + /* * Filter for features which should never be passed to QEMU. Either because * QEMU never supported them or they were dropped as they never did anything @@ -4187,6 +4250,42 @@ virQEMUCapsParseSEVInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt) return 0; }
+static int +virQEMUCapsParseSGXInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt) +{ + g_autoptr(virSGXCapability) sgx = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; +
Using "virXPathNode()" + "virXMLProp*()" might save you some boiler plate code and writing custom error messages.
Maybe that makes it a little bit clearer
+ if (virXPathBoolean("boolean(./sgx)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform data in QEMU " + "capabilities cache")); + return -1; + } + + if (VIR_ALLOC(sgx) < 0) + return -1; +
Prefer "g_new0".
[Haibin] ok
+ if (virXPathBoolean("boolean(./sgx/flc)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform flc data in QEMU " + "capabilities cache")); + return -1; + } + + if (virXPathUInt("string(./sgx/epc_size)", ctxt, &sgx->epc_size) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SGX platform epc_size information " + "in QEMU capabilities cache")); + return -1; + } + + qemuCaps->sgxCapabilities = g_steal_pointer(&sgx); + return 0; +} +
/* * Parsing a doc that looks like @@ -4425,6 +4524,9 @@ virQEMUCapsLoadCache(virArch hostArch, if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0) goto cleanup;
+ if (virQEMUCapsParseSGXInfo(qemuCaps, ctxt) < 0) + goto cleanup; + virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM); virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU);
@@ -4601,6 +4703,19 @@ virQEMUCapsFormatSEVInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf) virBufferAddLit(buf, "</sev>\n"); }
epc_size); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); +}
+static void +virQEMUCapsFormatSGXInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf) +{ + virSGXCapabilityPtr sgx = virQEMUCapsGetSGXCapabilities(qemuCaps); + + virBufferAddLit(buf, "<sgx>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<epc_size>%u</epc_size>\n", sgx- +
char * virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) @@ -4671,6 +4786,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf);
+ if (qemuCaps->sgxCapabilities) + virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->kvmSupportsNesting) virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
@@ -5323,6 +5441,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps, return -1; if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) + return -1;
virQEMUCapsInitProcessCaps(qemuCaps);
@@ -6245,6 +6365,31 @@ virQEMUCapsFillDomainFeatureGICCaps(virQEMUCapsPtr qemuCaps, }
+/** + * virQEMUCapsFillDomainFeatureiSGXCaps: + * @qemuCaps: QEMU capabilities + * @domCaps: domain capabilities + * + * Take the information about SGX capabilities that has been obtained + * using the 'query-sgx-capabilities' QMP command and stored in @qemuCaps + * and convert it to a form suitable for @domCaps. + */ +static void +virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsPtr domCaps) +{ + virSGXCapability *cap = qemuCaps->sgxCapabilities; + + if (!cap) + return; + + domCaps->sgx = g_new0(virSGXCapability, 1); + + domCaps->sgx->flc = cap->flc; + domCaps->sgx->epc_size = cap->epc_size; +} + + /** * virQEMUCapsFillDomainFeatureSEVCaps: * @qemuCaps: QEMU capabilities @@ -6316,6 +6461,7 @@ virQEMUCapsFillDomainCaps(virQEMUCapsPtr qemuCaps, virQEMUCapsFillDomainDeviceRNGCaps(qemuCaps, rng); virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps);
return 0; } diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 5d08941538..0e3af622a7 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -578,6 +578,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_NUMA_HMAT, /* -numa hmat */ QEMU_CAPS_BLOCKDEV_HOSTDEV_SCSI, /* -blockdev used for (i)SCSI hostdevs */
+ /* 380 */ + QEMU_CAPS_SGX_EPC, /* -object sgx-epc,... */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags;
@@ -759,5 +762,8 @@ virQEMUCapsCPUFeatureFromQEMU(virQEMUCapsPtr qemuCaps, virSEVCapabilityPtr virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps);
+virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCapsPtr qemuCaps); + virArch virQEMUCapsArchFromString(const char *arch); const char *virQEMUCapsArchToString(virArch arch); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fb05acbc94..9462b5a6c8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6405,7 +6405,7 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
case VIR_CPU_MODE_CUSTOM: virBufferAdd(buf, cpu->model, -1); - if(def->sgx) + if (def->sgx) virBufferAdd(buf,
Fix in previous patch.
[Haibin] ok
",+sgx,+sgx-debug,+sgx1,+sgx-encls-c,+sgx- enclv,+sgx-exinfo," "+sgx-kss,+sgx-mode64,+sgx- provisionkey,+sgx-tokenkey,+sgx2," diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 637361d24d..1e377ee8dc 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3870,6 +3870,16 @@ qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, }
+int +qemuMonitorGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetSGXCapabilities(mon, capabilities); +} + + int qemuMonitorNBDServerStart(qemuMonitorPtr mon, const virStorageNetHostDef *server, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index d20a15c202..76b3cd54c7 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -836,6 +836,9 @@ int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, virSEVCapability **capabilities);
+int qemuMonitorGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND = 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK = 1 << 1, /* migration with non-shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 9cdf6c0f7f..06f0738ad8 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -44,6 +44,7 @@ # include "libvirt_qemu_probes.h" #endif
+#define KB 1024 #define VIR_FROM_THIS VIR_FROM_QEMU
VIR_LOG_INIT("qemu.qemu_monitor_json"); @@ -7056,6 +7057,96 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, }
+/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx- capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns -1 on error, 0 if SGX is not supported, and 1 if SGX is supported on + * the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities) +{ + int ret = -1; + virJSONValuePtr cmd; + virJSONValuePtr reply = NULL; + virJSONValuePtr caps; + bool sgx = false; + bool flc = false; + unsigned int section_size = 0; + g_autoptr(virSGXCapability) capability = NULL; + + *capabilities = NULL; + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) { + ret = 0; + goto cleanup; + } + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "sgx", &sgx) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx reply was missing" + " 'sgx' field")); + goto cleanup; + } + if (!sgx) { + VIR_WARN("sgx is not support %d\n", sgx); + ret = 0; + goto cleanup; + } + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing" + " 'flc' field")); + goto cleanup; + } + + if (virJSONValueObjectGetNumberUint(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing" + " 'section-size' field")); + goto cleanup; + } + + + if (VIR_ALLOC(capability) < 0) + goto cleanup; + + capability->flc = flc; + + capability->epc_size = section_size/(KB); + *capabilities = g_steal_pointer(&capability); + ret = 1; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply);
Using "g_autoptr(virJsonValue) cmd;" and "g_autoptr(virJsonValue) reply;" would remove the need for "goto" and the label.
[Haibin] good point
Regards, Tim
+ + return ret; +} + + /** * qemuMonitorJSONGetSEVCapabilities: * @mon: qemu monitor object diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 098ab857be..b0c23e57ac 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -159,6 +159,9 @@ int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, virSEVCapability **capabilities);
+int qemuMonitorJSONGetSGXCapabilities(qemuMonitorPtr mon, + virSGXCapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitorPtr mon, unsigned int flags, const char *uri); diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml b/tests/domaincapsdata/bhyve_basic.x86_64.xml index bdf2c4eee8..8998fb2cee 100644 --- a/tests/domaincapsdata/bhyve_basic.x86_64.xml +++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml @@ -32,5 +32,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml index f998c457c1..e013463456 100644 --- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml +++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml @@ -49,5 +49,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml b/tests/domaincapsdata/bhyve_uefi.x86_64.xml index 18f90023d5..d6243db384 100644 --- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml +++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml @@ -41,5 +41,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml index 6c3f5f54fd..df55215ed5 100644 --- a/tests/domaincapsdata/empty.xml +++ b/tests/domaincapsdata/empty.xml @@ -12,5 +12,6 @@ </devices> <features> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/libxl-xenfv.xml index 4efc137c97..160c220728 100644 --- a/tests/domaincapsdata/libxl-xenfv.xml +++ b/tests/domaincapsdata/libxl-xenfv.xml @@ -75,5 +75,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/libxl-xenpv.xml index 70e598fe9e..cbd64fabfc 100644 --- a/tests/domaincapsdata/libxl-xenpv.xml +++ b/tests/domaincapsdata/libxl-xenpv.xml @@ -65,5 +65,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml index 3ed96a3ee7..183f55a09d 100644 --- a/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml index 3b3d89a643..680751ab5e 100644 --- a/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.5.3.x86_64.xml b/tests/domaincapsdata/qemu_1.5.3.x86_64.xml index 20cd3a105a..f2737be495 100644 --- a/tests/domaincapsdata/qemu_1.5.3.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.5.3.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml index a4b26b46cb..38f510c0b4 100644 --- a/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml index 6bff19bad5..970d2b7b83 100644 --- a/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.6.0.x86_64.xml b/tests/domaincapsdata/qemu_1.6.0.x86_64.xml index 16417a13d2..eaa3e872e4 100644 --- a/tests/domaincapsdata/qemu_1.6.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.6.0.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml index 559b49491e..55460bb3eb 100644 --- a/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0-q35.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml index 97e71bffff..cf816e1315 100644 --- a/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0-tcg.x86_64.xml @@ -133,5 +133,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_1.7.0.x86_64.xml b/tests/domaincapsdata/qemu_1.7.0.x86_64.xml index 472c073de9..e86e538268 100644 --- a/tests/domaincapsdata/qemu_1.7.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_1.7.0.x86_64.xml @@ -137,5 +137,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml index a87f5b2a63..7a94784943 100644 --- a/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1-q35.x86_64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml index 192a505d77..413f46d5a6 100644 --- a/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1-tcg.x86_64.xml @@ -134,5 +134,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.1.1.x86_64.xml b/tests/domaincapsdata/qemu_2.1.1.x86_64.xml index 15adfe0ee8..d087157b06 100644 --- a/tests/domaincapsdata/qemu_2.1.1.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.1.1.x86_64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml index be2840d9b8..a70eb157d9 100644 --- a/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-q35.x86_64.xml @@ -161,5 +161,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml index 1193f49bd6..1730dd81ab 100644 --- a/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-tcg.x86_64.xml @@ -176,5 +176,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml index 4505d64e3a..0fded78a64 100644 --- a/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.10.0-virt.aarch64.xml @@ -145,5 +145,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.aarch64.xml b/tests/domaincapsdata/qemu_2.10.0.aarch64.xml index 629833b745..d74e018aea 100644 --- a/tests/domaincapsdata/qemu_2.10.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.aarch64.xml @@ -139,5 +139,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.ppc64.xml b/tests/domaincapsdata/qemu_2.10.0.ppc64.xml index 863afbc0df..ba102fd26f 100644 --- a/tests/domaincapsdata/qemu_2.10.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.s390x.xml b/tests/domaincapsdata/qemu_2.10.0.s390x.xml index ce5c92edce..3c16cc8b05 100644 --- a/tests/domaincapsdata/qemu_2.10.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.10.0.s390x.xml @@ -200,5 +200,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.10.0.x86_64.xml b/tests/domaincapsdata/qemu_2.10.0.x86_64.xml index 6596016d33..a47914a796 100644 --- a/tests/domaincapsdata/qemu_2.10.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.10.0.x86_64.xml @@ -161,5 +161,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml index c2e148e0fc..f0348486fd 100644 --- a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml @@ -159,5 +159,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml index 7f66cf7b7e..e8282b30fc 100644 --- a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml @@ -171,5 +171,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml index c5b48fdad5..2fdbe3ce5d 100644 --- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml @@ -199,5 +199,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml index 38b6b20f77..de5404b2a4 100644 --- a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml @@ -159,5 +159,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml index 8d38d33369..e977a8937a 100644 --- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml @@ -176,5 +176,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml index 9a89587115..3a4c85eb65 100644 --- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml @@ -185,5 +185,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml index 8ea58bfa25..f78722ea3c 100644 --- a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml index 667516e75e..c7de5ad674 100644 --- a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml @@ -141,5 +141,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml index eac3e6a868..8d3377e937 100644 --- a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.s390x.xml b/tests/domaincapsdata/qemu_2.12.0.s390x.xml index 01cc3d81ec..12ff7cfd95 100644 --- a/tests/domaincapsdata/qemu_2.12.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.12.0.s390x.xml @@ -198,5 +198,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml index 6e006a3ba3..2039b77790 100644 --- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml @@ -176,5 +176,6 @@ <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml index 23e103927e..608118652a 100644 --- a/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml index 2a6296739c..411780d41e 100644 --- a/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml index 7c6d78e510..6bd8627277 100644 --- a/tests/domaincapsdata/qemu_2.4.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.4.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml index bb8bd9c5c5..fe465bcfaa 100644 --- a/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml index 8b022e9bd7..b4803039df 100644 --- a/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml index a89990a42e..07eea7c96c 100644 --- a/tests/domaincapsdata/qemu_2.5.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.5.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml index 251696a161..c490c36170 100644 --- a/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-q35.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml index 7937fad971..3b53321be5 100644 --- a/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-tcg.x86_64.xml @@ -142,5 +142,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml index 95053e9cbe..c1697eabf8 100644 --- a/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0-virt.aarch64.xml @@ -144,5 +144,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml index 223e944c8a..121acd636f 100644 --- a/tests/domaincapsdata/qemu_2.6.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.aarch64.xml @@ -138,5 +138,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml index c97f232028..41217aa7b1 100644 --- a/tests/domaincapsdata/qemu_2.6.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml index f95f8fb46a..586855e7e3 100644 --- a/tests/domaincapsdata/qemu_2.6.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.6.0.x86_64.xml @@ -146,5 +146,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml index 1e6c47f2d6..d8e523e904 100644 --- a/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml index 8b7c2ce8e6..ed92bee692 100644 --- a/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.s390x.xml b/tests/domaincapsdata/qemu_2.7.0.s390x.xml index ff3dd4939b..b8bc1245ec 100644 --- a/tests/domaincapsdata/qemu_2.7.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.7.0.s390x.xml @@ -103,5 +103,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml index da1b10c41b..c2df40d00e 100644 --- a/tests/domaincapsdata/qemu_2.7.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.7.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml index 0a7493d86d..78acecdfd7 100644 --- a/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-q35.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml index 100e8e059c..638bfea6f7 100644 --- a/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0-tcg.x86_64.xml @@ -143,5 +143,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.s390x.xml b/tests/domaincapsdata/qemu_2.8.0.s390x.xml index 47b1aa46f7..233092be64 100644 --- a/tests/domaincapsdata/qemu_2.8.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.8.0.s390x.xml @@ -184,5 +184,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml index 6fa754c18a..deb094df40 100644 --- a/tests/domaincapsdata/qemu_2.8.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.8.0.x86_64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml index 3df3c3738e..0669e56b1d 100644 --- a/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-q35.x86_64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml index 08bb5fbad7..045c308f8e 100644 --- a/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0-tcg.x86_64.xml @@ -175,5 +175,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml index 3776b6ed9c..deca3b2373 100644 --- a/tests/domaincapsdata/qemu_2.9.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.ppc64.xml @@ -111,5 +111,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.s390x.xml b/tests/domaincapsdata/qemu_2.9.0.s390x.xml index cf7e7781cc..263a2a9a71 100644 --- a/tests/domaincapsdata/qemu_2.9.0.s390x.xml +++ b/tests/domaincapsdata/qemu_2.9.0.s390x.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml index a80ef28488..a553b5c7f2 100644 --- a/tests/domaincapsdata/qemu_2.9.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.9.0.x86_64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml index cd37906bc7..b8e27b774d 100644 --- a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml @@ -174,5 +174,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml index d3211e7a13..797b3496b8 100644 --- a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml @@ -185,5 +185,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml index 1b8ddd4ed0..e791c0619c 100644 --- a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml @@ -113,5 +113,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.s390x.xml b/tests/domaincapsdata/qemu_3.0.0.s390x.xml index 7a4e536fb5..c12e40ca10 100644 --- a/tests/domaincapsdata/qemu_3.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_3.0.0.s390x.xml @@ -205,5 +205,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml index 9fa4224760..7667232cb1 100644 --- a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml @@ -174,5 +174,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml index 82b1b6a095..f24b621b4a 100644 --- a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml index 756b28034e..8ddcf7495d 100644 --- a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml @@ -188,5 +188,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml index 6a2bc87947..b34c8e8e02 100644 --- a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml @@ -113,5 +113,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml index ffc82f17c3..5440773513 100644 --- a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml index c837de966f..2ccb7e850f 100644 --- a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml index 0aa8aa18be..87a56371e1 100644 --- a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml index f5347aba9f..6a8a15cb82 100644 --- a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml @@ -154,5 +154,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml index b879d7553c..2a6d6cb4ec 100644 --- a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml @@ -148,5 +148,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml index 0642753f11..4831fe949d 100644 --- a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml @@ -114,5 +114,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.s390x.xml b/tests/domaincapsdata/qemu_4.0.0.s390x.xml index 632c26d689..7277154d38 100644 --- a/tests/domaincapsdata/qemu_4.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.0.0.s390x.xml @@ -210,5 +210,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml index 3f64bd4b66..e230e39773 100644 --- a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml index 8bf41d6b49..4ea0c221e3 100644 --- a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml @@ -182,5 +182,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml index d6265ce243..fd8a2d29de 100644 --- a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml index 5010f879a6..db4fbb81d5 100644 --- a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml @@ -182,5 +182,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml index 6f72b67f68..dc1e0b1bcc 100644 --- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml index 7339a3f81c..298cd92d3d 100644 --- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml index ef57216562..8ede831af4 100644 --- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml @@ -155,5 +155,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml index 3cf2a6faf1..802631b704 100644 --- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml @@ -149,5 +149,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml index 0f2cf6da64..14923e14b5 100644 --- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml @@ -115,5 +115,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml index ecd037438a..21cefb9ff4 100644 --- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml @@ -224,5 +224,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml index f4a8321637..55b3e0d545 100644 --- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml index fc21b2ad62..0252950bb6 100644 --- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml index 110a79dd34..bcbbf8a8d8 100644 --- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml index b2b37c0f7b..fc110c1028 100644 --- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml @@ -156,5 +156,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml index 7377a2c4cf..d21e85f289 100644 --- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml @@ -150,5 +150,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml index 9693aeb72e..f3ffaaeca9 100644 --- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml @@ -115,5 +115,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml index aceca34c43..269976d0c4 100644 --- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml @@ -190,5 +190,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml index e1762611c5..9044d839ad 100644 --- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml @@ -202,5 +202,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml index 86f091d238..cec56619d6 100644 --- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml @@ -196,5 +196,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml index 117f316b6a..b0b0d8b4a9 100644 --- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml @@ -202,5 +202,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities>
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature>
2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain
<launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM. Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode. To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2]. Pavel [1] <https://libvirt.org/formatdomain.html#memory-backing> [2] <https://libvirt.org/formatdomain.html#cpu-model-and-topology>
Haibin Huang (1): Support to query SGX capability
Lin Yang (3): conf: Introduce SGX related element into domain xml qemu: Add command-line to generate SGX EPC memory backend qemu: Add command-line to enable SGX
src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/conf/domain_conf.c | 106 +++++++++---- src/conf/domain_conf.h | 10 ++ src/conf/virconftypes.h | 3 + src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_command.c | 30 ++++ src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 91 +++++++++++ src/qemu/qemu_monitor_json.h | 3 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + .../qemu_2.10.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + .../qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + 109 files changed, 519 insertions(+), 29 deletions(-)
-- 2.17.1
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Wednesday, July 7, 2021 5:48 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature>
2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain
<launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM.
Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode.
To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2]. [Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2]. Do we need to add new element in memory backend for SGX EPC memory?
Pavel
[1] <https://libvirt.org/formatdomain.html#memory-backing> [2] <https://libvirt.org/formatdomain.html#cpu-model-and-topology>
Haibin Huang (1): Support to query SGX capability
Lin Yang (3): conf: Introduce SGX related element into domain xml qemu: Add command-line to generate SGX EPC memory backend qemu: Add command-line to enable SGX
src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/conf/domain_conf.c | 106 +++++++++---- src/conf/domain_conf.h | 10 ++ src/conf/virconftypes.h | 3 + src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_command.c | 30 ++++ src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 91 +++++++++++ src/qemu/qemu_monitor_json.h | 3 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + .../qemu_2.10.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + .../qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + 109 files changed, 519 insertions(+), 29 deletions(-)
-- 2.17.1
On Fri, Jul 16, 2021 at 12:58:19AM +0000, Huang, Haibin wrote:
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Wednesday, July 7, 2021 5:48 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature>
2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain
<launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM.
Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode.
To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2].
[Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2]. Do we need to add new element in memory backend for SGX EPC memory?
Correct, reading QEMU and kernel patches to enable this feature in libvirt user will need to configure SGX EPC memory backend manually. However, we will not be able to reuse <memoryBacking> element in the VM XML without a lot of modification to the current code. Mainly, there can be mupltiple SGX EPC memory sections and each can have different size. Current code allows only single <memoryBacking> file and it is closely tied with VM RAM. To express SGX EPC in VM XML we will need new element, for example we can use <memory> device: <devices> ... <memory model='sgx-epc'> <target> <size unit='MiB'>64</size> <node>0</node> </target> </memory> ... </devices> but this would require to modify the current <memory> code as the 'sgx-epc' would be a special case where we would not use '-device' option because we need to add it to '-machine' parameter. Another option is to create completely new element, similar to <launchSecurity> outside of <devices> element. I'm not sure about the naming of the new element, one thing that comes to my mind is <memoryRegion> with type='sgx-epc'. Based on my findings and reading different documentations and QEMU patches it seems that in real HW the 'sgx-epc' is encrypted memory stored within the physical RAM but in QEMU it will be additional memory region sitting next to the VM RAM. Adding to CC Dan, Peter, Michal to get more opinions/ideas how to design this feature. Here is the documentation posted to QEMU list [1]. Pavel [1] <https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg02539.html>
Pavel
[1] <https://libvirt.org/formatdomain.html#memory-backing> [2] <https://libvirt.org/formatdomain.html#cpu-model-and-topology>
On Tue, Jul 20, 2021 at 10:47:27AM +0200, Pavel Hrdina wrote:
On Fri, Jul 16, 2021 at 12:58:19AM +0000, Huang, Haibin wrote:
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Wednesday, July 7, 2021 5:48 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature>
2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain
<launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM.
Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode.
To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2].
[Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2]. Do we need to add new element in memory backend for SGX EPC memory?
Correct, reading QEMU and kernel patches to enable this feature in libvirt user will need to configure SGX EPC memory backend manually. However, we will not be able to reuse <memoryBacking> element in the VM XML without a lot of modification to the current code. Mainly, there can be mupltiple SGX EPC memory sections and each can have different size. Current code allows only single <memoryBacking> file and it is closely tied with VM RAM.
To express SGX EPC in VM XML we will need new element, for example we can use <memory> device:
<devices> ... <memory model='sgx-epc'> <target> <size unit='MiB'>64</size> <node>0</node> </target> </memory> ... </devices>
but this would require to modify the current <memory> code as the 'sgx-epc' would be a special case where we would not use '-device' option because we need to add it to '-machine' parameter.
Where are you seeing the -machine params ? In the patch 2 here it uses standalone parameters: -object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ -sgx-epc id=epc1,memdev=mem1 which makes sense given you say that multiple SGX regions can be defined.
Another option is to create completely new element, similar to <launchSecurity> outside of <devices> element. I'm not sure about the naming of the new element, one thing that comes to my mind is <memoryRegion> with type='sgx-epc'.
I think adding a <memoryRegion> outside <devices> feels a little odd given that this parameter is defining new RAM blocks and we already have <memory> inside <devices>. I'd be more inclined towards the latter Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Tue, Jul 20, 2021 at 10:16:48AM +0100, Daniel P. Berrangé wrote:
On Tue, Jul 20, 2021 at 10:47:27AM +0200, Pavel Hrdina wrote:
On Fri, Jul 16, 2021 at 12:58:19AM +0000, Huang, Haibin wrote:
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Wednesday, July 7, 2021 5:48 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature>
2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain
<launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM.
Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode.
To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2].
[Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2]. Do we need to add new element in memory backend for SGX EPC memory?
Correct, reading QEMU and kernel patches to enable this feature in libvirt user will need to configure SGX EPC memory backend manually. However, we will not be able to reuse <memoryBacking> element in the VM XML without a lot of modification to the current code. Mainly, there can be mupltiple SGX EPC memory sections and each can have different size. Current code allows only single <memoryBacking> file and it is closely tied with VM RAM.
To express SGX EPC in VM XML we will need new element, for example we can use <memory> device:
<devices> ... <memory model='sgx-epc'> <target> <size unit='MiB'>64</size> <node>0</node> </target> </memory> ... </devices>
but this would require to modify the current <memory> code as the 'sgx-epc' would be a special case where we would not use '-device' option because we need to add it to '-machine' parameter.
Where are you seeing the -machine params ? In the patch 2 here it uses standalone parameters:
-object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ -sgx-epc id=epc1,memdev=mem1
which makes sense given you say that multiple SGX regions can be defined.
This RFC is a bit outdated, latest patches in QEMU dropped the new option '-sgx-epc' and replaced it with compound -machine parameters [1]. This was explicitly requested by Paolo here [2].
Another option is to create completely new element, similar to <launchSecurity> outside of <devices> element. I'm not sure about the naming of the new element, one thing that comes to my mind is <memoryRegion> with type='sgx-epc'.
I think adding a <memoryRegion> outside <devices> feels a little odd given that this parameter is defining new RAM blocks and we already have <memory> inside <devices>. I'd be more inclined towards the latter
Using <memory> was my first idea, I just wanted to offer some alternative as I was not completely sure about using <memory> mainly because it will be part of -machine option. Pavel [1] <https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg02507.html> [2] <https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00644.html>
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Tuesday, July 20, 2021 5:29 PM To: Daniel P. Berrangé <berrange@redhat.com> Cc: Huang, Haibin <haibin.huang@intel.com>; libvir-list@redhat.com; Ding, Jian- feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com>; Peter Krempa <pkrempa@redhat.com>; Michal Prívozník <mprivozn@redhat.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Tue, Jul 20, 2021 at 10:16:48AM +0100, Daniel P. Berrangé wrote:
On Tue, Jul 20, 2021 at 10:47:27AM +0200, Pavel Hrdina wrote:
On Fri, Jul 16, 2021 at 12:58:19AM +0000, Huang, Haibin wrote:
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Wednesday, July 7, 2021 5:48 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature>
2. User requests to start a guest calling virCreateXML() with SGX
requirement.
It should contain
<launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM.
Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode.
To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2].
[Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2]. Do we need to add new element in memory backend for SGX EPC memory?
Correct, reading QEMU and kernel patches to enable this feature in libvirt user will need to configure SGX EPC memory backend manually. However, we will not be able to reuse <memoryBacking> element in the VM XML without a lot of modification to the current code. Mainly, there can be mupltiple SGX EPC memory sections and each can have different size. Current code allows only single <memoryBacking> file and it is closely tied with VM RAM.
To express SGX EPC in VM XML we will need new element, for example we can use <memory> device:
<devices> ... <memory model='sgx-epc'> <target> <size unit='MiB'>64</size> <node>0</node> </target> </memory> ... </devices>
but this would require to modify the current <memory> code as the 'sgx-epc' would be a special case where we would not use '-device' option because we need to add it to '-machine' parameter.
Where are you seeing the -machine params ? In the patch 2 here it uses standalone parameters:
-object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ -sgx-epc id=epc1,memdev=mem1
which makes sense given you say that multiple SGX regions can be defined.
This RFC is a bit outdated, latest patches in QEMU dropped the new option '-sgx- epc' and replaced it with compound -machine parameters [1]. This was explicitly requested by Paolo here [2].
Another option is to create completely new element, similar to <launchSecurity> outside of <devices> element. I'm not sure about the naming of the new element, one thing that comes to my mind is <memoryRegion> with type='sgx-epc'.
I think adding a <memoryRegion> outside <devices> feels a little odd given that this parameter is defining new RAM blocks and we already have <memory> inside <devices>. I'd be more inclined towards the latter
Using <memory> was my first idea, I just wanted to offer some alternative as I was not completely sure about using <memory> mainly because it will be part of -machine option.
[Haibin] Can you guys confirm that putting <memory> in <device> is an acceptable solution? Even it will be translated to -machine instead of -device. <devices> ... <memory model='sgx-epc'> <target> <size unit='MiB'>64</size> <node>0</node> </target> </memory> ... </devices>
Pavel
[1] <https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg02507.html> [2] <https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00644.html>
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Tue, Jul 27, 2021 at 05:38:02AM +0000, Huang, Haibin wrote:
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Tuesday, July 20, 2021 5:29 PM To: Daniel P. Berrangé <berrange@redhat.com> Cc: Huang, Haibin <haibin.huang@intel.com>; libvir-list@redhat.com; Ding, Jian- feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com>; Peter Krempa <pkrempa@redhat.com>; Michal Prívozník <mprivozn@redhat.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Tue, Jul 20, 2021 at 10:16:48AM +0100, Daniel P. Berrangé wrote:
On Tue, Jul 20, 2021 at 10:47:27AM +0200, Pavel Hrdina wrote:
On Fri, Jul 16, 2021 at 12:58:19AM +0000, Huang, Haibin wrote:
-----Original Message----- From: Pavel Hrdina <phrdina@redhat.com> Sent: Wednesday, July 7, 2021 5:48 PM To: Huang, Haibin <haibin.huang@intel.com> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang, Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com> Subject: Re: [libvirt][PATCH v4 0/4] Support query and use SGX
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote: > This patch series provides support for enabling Intel's > Software Guard Extensions (SGX) feature in guest VM. > > Giving the SGX support in QEMU is still pending for reviewing, > this patch series is not submmited for code review, but only > describe the SGX enabling solution design that contains > changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated. > > Intel Software Guard Extensions (Intel® SGX) is a set of > instructions that increases the security of application code > and data, giving them more protection from disclosure or > modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection. > > The typical flow looks below at very high level: > > 1. Calls virConnectGetDomainCapabilities API to domain > capabilities that includes the following SGX information. > > <feature> > ... > <sgx supported='yes'> > <epc_size unit=’KiB’>N</epc_size> > </sgx> > </feature> > > 2. User requests to start a guest calling virCreateXML() with SGX
requirement.
> It should contain > > <launchSecurity type='sgx'> > <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM.
Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode.
To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2].
[Haibin] ok, those specific CPU features we added have been deleted and let user to specify it in [2]. Do we need to add new element in memory backend for SGX EPC memory?
Correct, reading QEMU and kernel patches to enable this feature in libvirt user will need to configure SGX EPC memory backend manually. However, we will not be able to reuse <memoryBacking> element in the VM XML without a lot of modification to the current code. Mainly, there can be mupltiple SGX EPC memory sections and each can have different size. Current code allows only single <memoryBacking> file and it is closely tied with VM RAM.
To express SGX EPC in VM XML we will need new element, for example we can use <memory> device:
<devices> ... <memory model='sgx-epc'> <target> <size unit='MiB'>64</size> <node>0</node> </target> </memory> ... </devices>
but this would require to modify the current <memory> code as the 'sgx-epc' would be a special case where we would not use '-device' option because we need to add it to '-machine' parameter.
Where are you seeing the -machine params ? In the patch 2 here it uses standalone parameters:
-object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ -sgx-epc id=epc1,memdev=mem1
which makes sense given you say that multiple SGX regions can be defined.
This RFC is a bit outdated, latest patches in QEMU dropped the new option '-sgx- epc' and replaced it with compound -machine parameters [1]. This was explicitly requested by Paolo here [2].
Another option is to create completely new element, similar to <launchSecurity> outside of <devices> element. I'm not sure about the naming of the new element, one thing that comes to my mind is <memoryRegion> with type='sgx-epc'.
I think adding a <memoryRegion> outside <devices> feels a little odd given that this parameter is defining new RAM blocks and we already have <memory> inside <devices>. I'd be more inclined towards the latter
Using <memory> was my first idea, I just wanted to offer some alternative as I was not completely sure about using <memory> mainly because it will be part of -machine option.
[Haibin] Can you guys confirm that putting <memory> in <device> is an acceptable solution? Even it will be translated to -machine instead of -device.
<devices> ... <memory model='sgx-epc'> <target> <size unit='MiB'>64</size> <node>0</node> </target> </memory> ... </devices>
IMHO this will be the best place where to define sgx-epc so I agree with this. Pavel
On Wed, Jul 07, 2021 at 11:47:37AM +0200, Pavel Hrdina wrote:
On Thu, Jul 01, 2021 at 08:10:25PM +0800, Haibin Huang wrote:
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature>
2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain
<launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity>
I don't think that Intel SGX belongs into <launchSecurity> in libvirt. Similar feature to AMD SEV is Intel TDX which would be implement using <launchSecurity> as it offers isolation between host and VM.
Looking at the patches this doesn't even use confidential-guest-support machine option, it adds a new memory backend and enables CPU features only if libvirt uses <cpu mode='custom'> so it would not work with any other CPU mode.
This just looks like a bug - there's no reason I see why it shouldn't work with all CPU modes. In fact the user could just specify the <feature> elements under <cpu> using existing syntax. We just need the cpu map to know about them
To me this sounds like we should split the feature into two components where one would add support for the new memory backend into correct XML part [1] and the other component would be support for CPU features related to Intel SGX [2].
Yeah, sounds more sensible Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (5)
-
Daniel P. Berrangé -
Haibin Huang -
Huang, Haibin
-
Pavel Hrdina -
Tim Wiederhake