xref: /cloud-hypervisor/docs/intel_sgx.md (revision 1968805ba291ae08e07abf0ef8c0ade4cf11ab68) 
1# Intel SGX
2
3Intel® Software Guard Extensions (Intel® SGX) is an Intel technology designed
4to increase the security of application code and data. Cloud Hypervisor supports
5SGX virtualization through KVM. Because SGX is built on hardware features that
6cannot be emulated in software, virtualizing SGX requires support in KVM and in
7the host kernel. The required Linux and KVM changes can be found in the
8[KVM SGX Tree](https://github.com/intel/kvm-sgx).
9
10Utilizing SGX in the guest requires a kernel/OS with SGX support, e.g. a kernel
11since release 5.11, see
12[here](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html)
13or the [KVM SGX Tree](https://github.com/intel/kvm-sgx). Running KVM SGX as the
14guest kernel allows nested virtualization of SGX.
15
16For more information about SGX, please refer to the [SGX Homepage](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html).
17
18For more information about SGX SDK and how to test SGX, please refer to the
19following [instructions](https://github.com/intel/linux-sgx).
20
21## Cloud Hypervisor support
22
23Assuming the host exposes `/dev/sgx_vepc`, we can pass SGX enclaves through
24the guest.
25
26In order to use SGX enclaves within a Cloud Hypervisor VM, we must define one
27or several Enclave Page Cache (EPC) sections. Here is an example of a VM being
28created with 2 EPC sections, the first one being 64MiB with pre-allocated
29memory, the second one being 32MiB with no pre-allocated memory.
30
31```bash
32./cloud-hypervisor \
33    --cpus boot=1 \
34    --memory size=1G \
35    --disk path=focal-server-cloudimg-amd64.raw \
36    --kernel vmlinux \
37    --cmdline "console=ttyS0 console=hvc0 root=/dev/vda1 rw" \
38    --sgx-epc id=epc0,size=64M,prefault=on id=epc1,size=32M,prefault=off
39```
40
41Once booted, and assuming your guest kernel contains the patches from the
42[KVM SGX Tree](https://github.com/intel/kvm-sgx), you can validate SGX devices
43have been correctly created under `/dev/sgx`:
44
45```bash
46ls /dev/sgx*
47/dev/sgx_enclave  /dev/sgx_provision  /dev/sgx_vepc
48```
49
50From this point, it is possible to run any SGX application from the guest, as
51it will access `/dev/sgx_enclave` device to create dedicated SGX enclaves.
52
53Note: There is only one contiguous SGX EPC region, which contains all SGX EPC
54sections. This region is exposed through ACPI and marked as reserved through
55the e820 table. It is treated as yet another device, which means it should
56appear at the end of the guest address space.
57