xref: /cloud-hypervisor/docs/intel_sgx.md (revision 9af2968a7dc47b89bf07ea9dc5e735084efcfa3a) 
1# Intel SGX
2
3Intel® Software Guard Extensions (Intel® SGX) is an Intel technology designed
4to increase the security of application code and data. Cloud-Hypervisor supports
5SGX virtualization through KVM. Because SGX is built on hardware features that
6cannot be emulated in software, virtualizing SGX requires support in KVM and in
7the host kernel. The required Linux and KVM changes can be found in the
8[KVM SGX Tree](https://github.com/intel/kvm-sgx).
9
10Utilizing SGX in the guest requires a kernel/OS with SGX support, e.g. a kernel
11built using the [SGX Linux Development Tree](https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-sgx.git)
12or the [KVM SGX Tree](https://github.com/intel/kvm-sgx). Running KVM SGX as the
13guest kernel allows nested virtualization of SGX.
14
15For more information about SGX, please refer to the [SGX Homepage](https://software.intel.com/sgx).
16
17For more information about SGX SDK and how to test SGX, please refer to the
18following [instructions](https://github.com/intel/linux-sgx).
19
20## Cloud-Hypervisor support
21
22Assuming the host exposes `/dev/sgx_vepc`, we can pass SGX enclaves through
23the guest.
24
25In order to use SGX enclaves within a Cloud-Hypervisor VM, we must define one
26or several Enclave Page Cache (EPC) sections. Here is an example of a VM being
27created with 2 EPC sections, the first one being 64MiB with pre-allocated
28memory, the second one being 32MiB with no pre-allocated memory.
29
30```bash
31./cloud-hypervisor \
32    --cpus boot=1 \
33    --memory size=1G \
34    --disk path=focal-server-cloudimg-amd64.raw \
35    --kernel vmlinux \
36    --cmdline "console=ttyS0 console=hvc0 root=/dev/vda1 rw" \
37    --sgx-epc id=epc0,size=64M,prefault=on id=epc1,size=32M,prefault=off
38```
39
40Once booted, and assuming your guest kernel contains the patches from the
41[KVM SGX Tree](https://github.com/intel/kvm-sgx), you can validate SGX devices
42have been correctly created under `/dev/sgx`:
43
44```bash
45ls /dev/sgx*
46/dev/sgx_enclave  /dev/sgx_provision  /dev/sgx_vepc
47```
48
49From this point, it is possible to run any SGX application from the guest, as
50it will access `/dev/sgx_enclave` device to create dedicated SGX enclaves.
51
52Note: There is only one contiguous SGX EPC region, which contains all SGX EPC
53sections. This region is exposed through ACPI and marked as reserved through
54the e820 table. It is treated as yet another device, which means it should
55appear at the end of the guest address space.
56