[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 01/15] xen: x86: expose SGX to HVM domain in CPU featureset





On 7/12/2017 11:09 PM, Andrew Cooper wrote:
On 09/07/17 10:04, Kai Huang wrote:
Expose SGX in CPU featureset for HVM domain. SGX will not be supported for
PV domain, as ENCLS (which SGX driver in guest essentially runs) must run
in ring 0, while PV kernel runs in ring 3. Theoretically we can support SGX in PV domain via either emulating #GP caused by ENCLS running in ring 3, or by PV ENCLS but it is really not necessary at this stage. And currently SGX
is only exposed to HAP HVM domain (we can add for shadow in the future).

SGX Launch Control is also exposed in CPU featureset for HVM domain. SGX
Launch Control depends on SGX.

Signed-off-by: Kai Huang <kai.huang@xxxxxxxxxxxxxxx>

I think its perfectly reasonable to restrict to HVM guests to start with, although I don't see how shadow vs HAP has any impact at this stage? All that matters is that the EPC pages appear in the guests p2m.

Hmm it seems I forgot replying this one. Sorry. Actually there's no difference between shadow and HAP SGX, as currently SGX functionality is not depending on EPT. I didn't expose SGX to shadow as I haven't got chance to implement and test shadow part. I will add shadow support in next version.

Thanks,
-Kai

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.