Add SGX features to libvirt
Software environment
- Operating system: CentOS 8.2.2004
- Architecture: x86_64
- kernel version: 5.11.0-rc3+
- libvirt version: 6.6.0
- Hypervisor and version: QEMU sgx-v5.1.0-rc3
Description of problem
I tried to add SGX features to libvirt. I updated cpu model xml file in cpu_map directory and added sgx and sgxlc features to x86_features.xml. It now looks like this:
[root@sgx-hypervisor /]# grep -nA3 sgx /usr/share/libvirt/cpu_map/x86_features.xml
283: <feature name='sgx'>
284- <cpuid eax_in='0x07' ecx_in='0x00' ebx='0x029c67af'/>
285- </feature>
286-
--
338: <feature name='sgxlc'>
339- <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x40000000'/>
340- </feature>
I found out the necessary registers using the cpuid:
[root@sgx-hypervisor /]# cpuid -1 -l 0x07 |grep SGX
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
[root@sgx-hypervisor /]# cpuid -1 -l 0x07 -r
CPU:
0x00000007 0x00: eax=0x00000000 ebx=0x029c67af ecx=0x40000000 edx=0xbc000600
But when I tried to start VM I got
error : x86Compute:1952 : out of memory
This happens when the check is specified as partial in the domain xml file, but if I select full, the guest domain will start without errors.
<cpu mode='custom' match='exact' check='partial'>
<model fallback='forbid'>Skylake-Client-IBRS</model>
<topology sockets='2' dies='1' cores='1' threads='1'/>
<feature policy='require' name='sgx'/>
<feature policy='require' name='sgxlc'/>
What could be the reason for this error? Do I need to make changes somewhere else?
I run a VM in openstack, and it puts a "partial" check when specifying the cpu features. I can't force set check as "full" in it.
Steps to reproduce
- Compile and install kernel for KVM with support SGX
- Compile and install QEMU with support SGX
- Add similar cpu feature flags to cpu mapping
- Put check CPU as partial to domain xml file
Additional information
Edited by Alexey Kashavkin