github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-04 19:16:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3619 from devimc/2021-02-03/supportQEMUSGX

Browse Source 
runtime: support QEMU SGX
This commit is contained in:
Julio Montes 2022-02-10 11:36:49 -06:00 committed by GitHub
commit 046aae7e52
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/runtime/virtcontainers/qemu_amd64.go
View File

@ -24,6 +24,8 @@ type qemuAmd64 struct {
vmFactory bool vmFactory bool
devLoadersCount uint32 devLoadersCount uint32
sgxEPCSize int64
} }
const ( const (
@ -140,6 +142,17 @@ func newQemuArch(config HypervisorConfig) (qemuArch, error) {
} }
} }
if config.SGXEPCSize != 0 {
q.sgxEPCSize = config.SGXEPCSize
if q.qemuMachine.Options != "" {
q.qemuMachine.Options += ","
}
// qemu sandboxes will only support one EPC per sandbox
// this is because there is only one annotation (sgx.intel.com/epc)
// to specify the size of the EPC.
q.qemuMachine.Options += "sgx-epc.0.memdev=epc0,sgx-epc.0.node=0"
}
q.handleImagePath(config) q.handleImagePath(config)
return q, nil return q, nil
@ -233,6 +246,16 @@ func (q *qemuAmd64) enableProtection() error {
// append protection device // append protection device
func (q *qemuAmd64) appendProtectionDevice(devices []govmmQemu.Device, firmware, firmwareVolume string) ([]govmmQemu.Device, string, error) { func (q *qemuAmd64) appendProtectionDevice(devices []govmmQemu.Device, firmware, firmwareVolume string) ([]govmmQemu.Device, string, error) {
if q.sgxEPCSize != 0 {
devices = append(devices,
govmmQemu.Object{
Type: govmmQemu.MemoryBackendEPC,
ID: "epc0",
Prealloc: true,
Size: uint64(q.sgxEPCSize),
})
}
switch q.protection { switch q.protection {
case tdxProtection: case tdxProtection:
id := q.devLoadersCount id := q.devLoadersCount