1dec2e1f19
Expose SGX to the guest if and only if KVM is enabled and supports virtualization of SGX. While the majority of ENCLS can be emulated to some degree, because SGX uses a hardware-based root of trust, the attestation aspects of SGX cannot be emulated in software, i.e. ultimately emulation will fail as software cannot generate a valid quote/report. The complexity of partially emulating SGX in Qemu far outweighs the value added, e.g. an SGX specific simulator for userspace applications can emulate SGX for development and testing purposes. Note, access to the PROVISIONKEY is not yet advertised to the guest as KVM blocks access to the PROVISIONKEY by default and requires userspace to provide additional credentials (via ioctl()) to expose PROVISIONKEY. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20210719112136.57018-13-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|---|---|---|
| .. | ||
| apic_internal.h | ||
| apic-msidef.h | ||
| apic.h | ||
| hostmem-epc.h | ||
| ich9.h | ||
| intel_iommu.h | ||
| ioapic_internal.h | ||
| ioapic.h | ||
| microvm.h | ||
| pc.h | ||
| sgx-epc.h | ||
| topology.h | ||
| vmport.h | ||
| x86-iommu.h | ||
| x86.h | ||