hypervisor: Add enable_sgx_attribute to the Vm API

We need a dedicated function to enable the SGX attribute capability through the Hypervisor abstraction. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2025-01-18 10:35:23 +00:00 · 2021-07-07 12:03:05 +02:00 · 2021-07-07 12:03:05 +02:00 · 9ec0c981f8
commit 9ec0c981f8
parent 3d4e27fa0a
3 changed files with 32 additions and 0 deletions
--- a/hypervisor/src/kvm/mod.rs
+++ b/hypervisor/src/kvm/mod.rs
@ -24,6 +24,8 @@ use kvm_ioctls::{NoDatamatch, VcpuFd, VmFd};
 use serde_derive::{Deserialize, Serialize};
 #[cfg(target_arch = "aarch64")]
 use std::convert::TryInto;
+#[cfg(target_arch = "x86_64")]
+use std::fs::File;
 use std::os::unix::io::{AsRawFd, RawFd};
 use std::result;
 #[cfg(target_arch = "x86_64")]
@ -87,6 +89,9 @@ pub use {
    kvm_ioctls::VcpuExit,
 };

+#[cfg(target_arch = "x86_64")]
+const KVM_CAP_SGX_ATTRIBUTE: u32 = 196;
+
 #[cfg(feature = "tdx")]
 ioctl_iowr_nr!(KVM_MEMORY_ENCRYPT_OP, KVMIO, 0xba, std::os::raw::c_ulong);

@ -324,6 +329,18 @@ impl vm::Vm for KvmVm {
            .map_err(|e| vm::HypervisorVmError::EnableSplitIrq(e.into()))?;
        Ok(())
    }
+    #[cfg(target_arch = "x86_64")]
+    fn enable_sgx_attribute(&self, file: File) -> vm::Result<()> {
+        let mut cap = kvm_enable_cap {
+            cap: KVM_CAP_SGX_ATTRIBUTE,
+            ..Default::default()
+        };
+        cap.args[0] = file.as_raw_fd() as u64;
+        self.fd
+            .enable_cap(&cap)
+            .map_err(|e| vm::HypervisorVmError::EnableSgxAttribute(e.into()))?;
+        Ok(())
+    }
    /// Retrieve guest clock.
    #[cfg(target_arch = "x86_64")]
    fn get_clock(&self) -> vm::Result<ClockData> {
--- a/hypervisor/src/mshv/mod.rs
+++ b/hypervisor/src/mshv/mod.rs
@ -28,6 +28,8 @@ pub use x86_64::VcpuMshvState as CpuState;
 #[cfg(target_arch = "x86_64")]
 pub use x86_64::*;

+#[cfg(target_arch = "x86_64")]
+use std::fs::File;
 use std::os::unix::io::AsRawFd;
 use std::sync::RwLock;

@ -760,6 +762,10 @@ impl vm::Vm for MshvVm {
    fn enable_split_irq(&self) -> vm::Result<()> {
        Ok(())
    }
+    #[cfg(target_arch = "x86_64")]
+    fn enable_sgx_attribute(&self, _file: File) -> vm::Result<()> {
+        Ok(())
+    }
    fn register_ioevent(
        &self,
        fd: &EventFd,
--- a/hypervisor/src/vm.rs
+++ b/hypervisor/src/vm.rs
@ -25,6 +25,8 @@ use crate::KvmVmState as VmState;
 use crate::{IoEventAddress, IrqRoutingEntry, MemoryRegion};
 #[cfg(feature = "kvm")]
 use kvm_ioctls::Cap;
+#[cfg(target_arch = "x86_64")]
+use std::fs::File;
 use std::sync::Arc;
 use thiserror::Error;
 use vmm_sys_util::eventfd::EventFd;
@ -117,6 +119,11 @@ pub enum HypervisorVmError {
    #[error("Failed to enable split Irq: {0}")]
    EnableSplitIrq(#[source] anyhow::Error),
    ///
+    /// Enable SGX attribute error
+    ///
+    #[error("Failed to enable SGX attribute: {0}")]
+    EnableSgxAttribute(#[source] anyhow::Error),
+    ///
    /// Get clock error
    ///
    #[error("Failed to get clock: {0}")]
@ -246,6 +253,8 @@ pub trait Vm: Send + Sync {
    /// Enable split Irq capability
    #[cfg(target_arch = "x86_64")]
    fn enable_split_irq(&self) -> Result<()>;
+    #[cfg(target_arch = "x86_64")]
+    fn enable_sgx_attribute(&self, file: File) -> Result<()>;
    /// Retrieve guest clock.
    #[cfg(all(feature = "kvm", target_arch = "x86_64"))]
    fn get_clock(&self) -> Result<ClockData>;