• Sean Christopherson's avatar
    KVM: VMX: Enable SGX virtualization for SGX1, SGX2 and LC · 72add915
    Sean Christopherson authored
    Enable SGX virtualization now that KVM has the VM-Exit handlers needed
    to trap-and-execute ENCLS to ensure correctness and/or enforce the CPU
    model exposed to the guest.  Add a KVM module param, "sgx", to allow an
    admin to disable SGX virtualization independent of the kernel.
    
    When supported in hardware and the kernel, advertise SGX1, SGX2 and SGX
    LC to userspace via CPUID and wire up the ENCLS_EXITING bitmap based on
    the guest's SGX capabilities, i.e. to allow ENCLS to be executed in an
    SGX-enabled guest.  With the exception of the provision key, all SGX
    attribute bits may be exposed to the guest.  Guest access to the
    provision key, which is controlled via securityfs, will be added in a
    future patch.
    
    Note, KVM does not yet support exposing ENCLS_C leafs or ENCLV leafs.
    Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
    Signed-off-by: default avatarKai Huang <kai.huang@intel.com>
    Message-Id: <a99e9c23310c79f2f4175c1af4c4cbcef913c3e5.1618196135.git.kai.huang@intel.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    72add915
nested.h 8.92 KB