The notes and PPT were sent to me by Kai to be published
An SGX back-ground presentation can be found at
https://www.slideshare.net/xen_com_mgr/xpdds18-design-session-sgx-deep-dive-and-sgx-virtualization-discussion-kai-huang-intel
Key agreements during a discussion between present maintainers and Kai
* There is no need to support SGX for PV guests at least initially: this is
something that can be added in a second phase
* We don’t need to expose SGX to dom0 and let Xen hypervisor manage EPC
* Query SGX info:
- Ultimately the interface is the toolstack maintainer's call (aka Wei).
- George: maybe extending existing xl command is the best way forward:
something like ‘xl info -sgx’, ‘xl list <did> -sgx’
* New XL parameter for SGX to create VM to allow admin to configure virtual EPC
size and support launch control:
- sgx = ‘epc=<size>,lehash=<sha256-hash>,lewr=<0|1>’
* EPC size configured by ‘epc=<size>’, EPC base calculated by toolstack.
- KVM SGX will introduce new SGX parameter (similar to Xen’s) in Qemu
- Should we pass SGX info to Qemu from XL? Andrew: No we should not. It
should not be very complicated to calculate in XL.
* EPC management: we should integrate EPC management into the existing memory
management framework to leverage existing MM code (ex, page allocation, etc).
* EPC virtualization: it’s perfectly fine to only support static partitioning,
at least in a first implementation
- When needed, we can extend to support EPC ballooning and oversubscription,
depending on user requirements as they emerge
* CPUID handling: We should rebase patches based on Andrew’s CPUID and MSR
series.
- Note from Lars: the patches in question are
- [PATCH 00/13] x86: CPUID and MSR policy marshalling support, which has
been posted but it is only covering ⅓ of the needed patches and requires some
fixes.
- Sergey is working on the libxc side and Andrew on the hypervisor
auditing/checking.
- Roger is working on topology support, which depends on the other three
pieces, bit Lars is not sure whether these are needed for SGX
- Andrew: it’s also good to review other patches not related to CPUID/MSR.
* Live migration, snapshot, checkpointing: we should support them as long as
both Linux and Windows SGX drivers commit to support “sudden loss of EPC”
(which is not hardware behaviour though).
* ACPI: Overall current approach is OK. We can review when patch is ready. Need
to use 2 32-bit variables for 64-bit variables in ‘struct acpi_info’.
_______________________________________________
Xen-devel mailing list
[email protected]
https://lists.xenproject.org/mailman/listinfo/xen-devel
