2020-07-17 19:22:40 +02:00
|
|
|
# Intel SGX
|
|
|
|
|
|
|
|
Intel® Software Guard Extensions (Intel® SGX) is an Intel technology designed
|
|
|
|
to increase the security of application code and data. Cloud-Hypervisor supports
|
|
|
|
SGX virtualization through KVM. Because SGX is built on hardware features that
|
|
|
|
cannot be emulated in software, virtualizing SGX requires support in KVM and in
|
|
|
|
the host kernel. The required Linux and KVM changes can be found in the
|
|
|
|
[KVM SGX Tree](https://github.com/intel/kvm-sgx).
|
|
|
|
|
|
|
|
Utilizing SGX in the guest requires a kernel/OS with SGX support, e.g. a kernel
|
2020-11-04 17:27:04 +02:00
|
|
|
built using the [SGX Linux Development Tree](https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-sgx.git)
|
2020-07-17 19:22:40 +02:00
|
|
|
or the [KVM SGX Tree](https://github.com/intel/kvm-sgx). Running KVM SGX as the
|
|
|
|
guest kernel allows nested virtualization of SGX.
|
|
|
|
|
|
|
|
For more information about SGX, please refer to the [SGX Homepage](https://software.intel.com/sgx).
|
|
|
|
|
|
|
|
For more information about SGX SDK and how to test SGX, please refer to the
|
|
|
|
following [instructions](https://github.com/intel/linux-sgx).
|
|
|
|
|
|
|
|
## Cloud-Hypervisor support
|
|
|
|
|
2020-11-04 17:27:04 +02:00
|
|
|
Assuming the host exposes `/dev/sgx_virt_epc`, we can pass SGX enclaves through
|
2020-07-17 19:22:40 +02:00
|
|
|
the guest.
|
|
|
|
|
|
|
|
In order to use SGX enclaves within a Cloud-Hypervisor VM, we must define one
|
|
|
|
or several Enclave Page Cache (EPC) sections. Here is an example of a VM being
|
|
|
|
created with 2 EPC sections, the first one being 64MiB with pre-allocated
|
|
|
|
memory, the second one being 32MiB with no pre-allocated memory.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
./cloud-hypervisor \
|
|
|
|
--cpus boot=1 \
|
|
|
|
--memory size=1G \
|
|
|
|
--disk path=focal-server-cloudimg-amd64.raw \
|
2021-04-06 10:49:40 +01:00
|
|
|
--kernel vmlinux \
|
2020-07-17 19:22:40 +02:00
|
|
|
--cmdline "console=ttyS0 console=hvc0 root=/dev/vda1 rw" \
|
|
|
|
--sgx-epc size=64M,prefault=on size=32M,prefault=off
|
|
|
|
```
|
|
|
|
|
|
|
|
Once booted, and assuming your guest kernel contains the patches from the
|
|
|
|
[KVM SGX Tree](https://github.com/intel/kvm-sgx), you can validate SGX devices
|
|
|
|
have been correctly created under `/dev/sgx`:
|
|
|
|
|
|
|
|
```bash
|
2020-11-04 17:27:04 +02:00
|
|
|
ls /dev/sgx*
|
|
|
|
/dev/sgx_enclave /dev/sgx_provision /dev/sgx_virt_epc
|
2020-07-17 19:22:40 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
From this point, it is possible to run any SGX application from the guest, as
|
2020-11-04 17:27:04 +02:00
|
|
|
it will access `/dev/sgx_enclave` device to create dedicated SGX enclaves.
|
2020-07-17 19:22:40 +02:00
|
|
|
|
|
|
|
Note: There is only one contiguous SGX EPC region, which contains all SGX EPC
|
|
|
|
sections. This region is exposed through ACPI and marked as reserved through
|
|
|
|
the e820 table. It is treated yet as another device, which means it should
|
|
|
|
appear at the end of the guest address space.
|