184044509SSebastien Boeuf# Intel SGX 284044509SSebastien Boeuf 384044509SSebastien BoeufIntel® Software Guard Extensions (Intel® SGX) is an Intel technology designed 4e6e58e6dSSebastien Boeufto increase the security of application code and data. Cloud Hypervisor supports 584044509SSebastien BoeufSGX virtualization through KVM. Because SGX is built on hardware features that 684044509SSebastien Boeufcannot be emulated in software, virtualizing SGX requires support in KVM and in 7*100c6d81SDemi Marie Obenourthe host kernel. The required Linux and KVM changes can be found in Linux 5.13+. 884044509SSebastien Boeuf 984044509SSebastien BoeufUtilizing SGX in the guest requires a kernel/OS with SGX support, e.g. a kernel 101caa69d0SRuoqing Hesince release 5.11, see 11*100c6d81SDemi Marie Obenour[here](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html). 12*100c6d81SDemi Marie ObenourRunning Linux 5.13+ as the guest kernel allows nested virtualization of SGX. 1384044509SSebastien Boeuf 141caa69d0SRuoqing HeFor more information about SGX, please refer to the [SGX Homepage](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html). 1584044509SSebastien Boeuf 1684044509SSebastien BoeufFor more information about SGX SDK and how to test SGX, please refer to the 1784044509SSebastien Boeuffollowing [instructions](https://github.com/intel/linux-sgx). 1884044509SSebastien Boeuf 19e6e58e6dSSebastien Boeuf## Cloud Hypervisor support 2084044509SSebastien Boeuf 213b18caf2SMikko YlinenAssuming the host exposes `/dev/sgx_vepc`, we can pass SGX enclaves through 2284044509SSebastien Boeufthe guest. 2384044509SSebastien Boeuf 24e6e58e6dSSebastien BoeufIn order to use SGX enclaves within a Cloud Hypervisor VM, we must define one 2584044509SSebastien Boeufor several Enclave Page Cache (EPC) sections. Here is an example of a VM being 2684044509SSebastien Boeufcreated with 2 EPC sections, the first one being 64MiB with pre-allocated 2784044509SSebastien Boeufmemory, the second one being 32MiB with no pre-allocated memory. 2884044509SSebastien Boeuf 2984044509SSebastien Boeuf```bash 3084044509SSebastien Boeuf./cloud-hypervisor \ 3184044509SSebastien Boeuf --cpus boot=1 \ 3284044509SSebastien Boeuf --memory size=1G \ 3384044509SSebastien Boeuf --disk path=focal-server-cloudimg-amd64.raw \ 345c7164e5SRob Bradford --kernel vmlinux \ 3584044509SSebastien Boeuf --cmdline "console=ttyS0 console=hvc0 root=/dev/vda1 rw" \ 369aedabe1SSebastien Boeuf --sgx-epc id=epc0,size=64M,prefault=on id=epc1,size=32M,prefault=off 3784044509SSebastien Boeuf``` 3884044509SSebastien Boeuf 3984044509SSebastien BoeufOnce booted, and assuming your guest kernel contains the patches from the 4084044509SSebastien Boeuf[KVM SGX Tree](https://github.com/intel/kvm-sgx), you can validate SGX devices 4184044509SSebastien Boeufhave been correctly created under `/dev/sgx`: 4284044509SSebastien Boeuf 4384044509SSebastien Boeuf```bash 44f583aa9dSMikko Ylinenls /dev/sgx* 453b18caf2SMikko Ylinen/dev/sgx_enclave /dev/sgx_provision /dev/sgx_vepc 4684044509SSebastien Boeuf``` 4784044509SSebastien Boeuf 4884044509SSebastien BoeufFrom this point, it is possible to run any SGX application from the guest, as 49f583aa9dSMikko Ylinenit will access `/dev/sgx_enclave` device to create dedicated SGX enclaves. 5084044509SSebastien Boeuf 5184044509SSebastien BoeufNote: There is only one contiguous SGX EPC region, which contains all SGX EPC 5284044509SSebastien Boeufsections. This region is exposed through ACPI and marked as reserved through 533b18caf2SMikko Ylinenthe e820 table. It is treated as yet another device, which means it should 5484044509SSebastien Boeufappear at the end of the guest address space. 55