Join Log in
Score:1
anjali rai avatar Ubuntu

SGX Drivers are not showing with QEMU VM

ml flag
anjali rai

I am trying to setup Ubuntu 20.04 VM with QEMU on Ubuntu 22.04, the VM is up but /dev/sgx_enclave is not present inside VM, When I checked the EPC size, it returned "There are zero EPC sections".

sudo dmesg | grep sgx
sgx: There are zero EPC sections

I have enabled commandline args in QEMU, but it is still not working.

<qemu:commandline>
    <qemu:arg value='-cpu'/>
    <qemu:arg value='host,+sgx,+sgx-debug,+sgx-exinfo,+sgx-mode64,+sgx-provisionkey,+sgx-tokenkey,+sgx1,+sgx2,+sgxlc'/>
    <qemu:arg value='-object'/>
    <qemu:arg value='memory-backend-epc,id=mem0,size=128M,prealloc=on,host-nodes=0,policy=bind'/>
    <qemu:arg value='-object'/>
    <qemu:arg value='memory-backend-epc,id=mem1,size=128M,host-nodes=1,policy=bind'/>
    <qemu:arg value='-M'/>
    <qemu:arg value='sgx-epc.0.memdev=mem0,sgx-epc.1.memdev=mem1'/>
  </qemu:commandline>

How should I fix this. Thank you in advance

lscpu output lscpu

XML file:

<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
  virsh edit ubuntu20.04
or other application using the libvirt API.
-->

<domain type='kvm'>
  <name>ubuntu20.04</name>
  <uuid>18d9cd5f-fc23-48d9-a7c2-1dcb362d6cdc</uuid>
  <metadata>
    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
      <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/>
    </libosinfo:libosinfo>
  </metadata>
  <memory unit='KiB'>16777216</memory>
  <currentMemory unit='KiB'>16777216</currentMemory>
  <vcpu placement='static'>8</vcpu>
  <os firmware='efi'>
    <type arch='x86_64' machine='pc-q35-6.2'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <vmport state='off'/>
  </features>
  <cpu mode='host-passthrough' check='none' migratable='on'/>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <pm>
    <suspend-to-mem enabled='no'/>
    <suspend-to-disk enabled='no'/>
  </pm>
  <devices>
  <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <qemu:commandline>
      <qemu:arg value='-cpu'/>
      <qemu:arg value='host,+sgx'/>
      <qemu:arg value='-device'/>
      <qemu:arg value='sgx-epc,id=epc0,size=128M'/>
      <qemu:arg value='-device'/>
      <qemu:arg value='sgx-epc,id=epc1,size=128M'/>
    </qemu:commandline>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' discard='unmap'/>
      <source file='/home/intel/.local/share/libvirt/images/ubuntu20.04.qcow2'/>
      <target dev='vda' bus='virtio'/>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <target dev='sda' bus='sata'/>
      <readonly/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'/>
    <controller type='pci' index='1' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='1' port='0x10'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='2' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='2' port='0x11'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
    </controller>
    <controller type='pci' index='3' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='3' port='0x12'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
    </controller>
    <controller type='pci' index='4' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='4' port='0x13'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
    </controller>
    <controller type='pci' index='5' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='5' port='0x14'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
    </controller>
    <controller type='pci' index='6' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='6' port='0x15'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
    </controller>
    <controller type='pci' index='7' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='7' port='0x16'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
    </controller>
    <controller type='pci' index='8' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='8' port='0x17'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
    </controller>
    <controller type='pci' index='9' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='9' port='0x18'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='10' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='10' port='0x19'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
    </controller>
    <controller type='pci' index='11' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='11' port='0x1a'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
    </controller>
    <controller type='pci' index='12' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='12' port='0x1b'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
    </controller>
    <controller type='pci' index='13' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='13' port='0x1c'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
    </controller>
    <controller type='pci' index='14' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='14' port='0x1d'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
    </controller>
    <controller type='sata' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
    </controller>
    <interface type='user'>
      <mac address='52:54:00:35:20:bb'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <channel type='unix'>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <channel type='spicevmc'>
      <target type='virtio' name='com.redhat.spice.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='2'/>
    </channel>
    <input type='tablet' bus='usb'>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <graphics type='spice' autoport='yes'>
      <listen type='address'/>
      <image compression='off'/>
    </graphics>
    <sound model='ich9'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
    </sound>
    <audio id='1' type='spice'/>
    <video>
      <model type='virtio' heads='1' primary='yes'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>
    <redirdev bus='usb' type='spicevmc'>
      <address type='usb' bus='0' port='2'/>
    </redirdev>
    <redirdev bus='usb' type='spicevmc'>
      <address type='usb' bus='0' port='3'/>
    </redirdev>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
    </memballoon>
    <rng model='virtio'>
      <backend model='random'>/dev/urandom</backend>
      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
    </rng>
  </devices>
  <qemu:commandline>
    <qemu:arg value='-cpu'/>
    <qemu:arg value='host,+sgx,+sgx-debug,+sgx-exinfo,+sgx-mode64,+sgx-provisionkey,+sgx-tokenkey,+sgx1,+sgx2,+sgxlc'/>
    <qemu:arg value='-object'/>
    <qemu:arg value='memory-backend-epc,id=mem0,size=128M,prealloc=on,host-nodes=0,policy=bind'/>
    <qemu:arg value='-object'/>
    <qemu:arg value='memory-backend-epc,id=mem1,size=128M,host-nodes=1,policy=bind'/>
    <qemu:arg value='-M'/>
    <qemu:arg value='sgx-epc.0.memdev=mem0,sgx-epc.1.memdev=mem1,sgx-epc.0.node=0,sgx-epc.1.node=1'/>
  </qemu:commandline>
</domain>
184
2 + 0
sgx
Score:0
Saxtheowl avatar Ubuntu
iq flag
Saxtheowl

let's modify the QEMU commandline arguments:

<qemu:commandline>
  <qemu:arg value='-cpu'/>
  <qemu:arg value='host,+sgx'/>
  <qemu:arg value='-device'/>
  <qemu:arg value='sgx-epc,id=epc0,size=128M'/>
  <qemu:arg value='-device'/>
  <qemu:arg value='sgx-epc,id=epc1,size=128M'/>
</qemu:commandline>

After that restart the VM, and then you can check if /dev/sgx_enclave device is present in the VM with ls /dev/sgx_enclave If that did not work also make sure that SGX is enabled in your host's BIOS settings, and that the SGX driver is properly installed and loaded on both the host and guest systems, also ensure that your host CPU supports SGX and that the necessary virtualization extensions are enabled

+ 5
anjali rai avatar
ml flag
anjali rai
It did not help
0
Reply
Saxtheowl avatar
iq flag
Saxtheowl
I added more test to do in my answer
0
Reply
anjali rai avatar
ml flag
anjali rai
Yes, the host machine supports SGX, and Virtualization is also enabled
0
Reply
Saxtheowl avatar
iq flag
Saxtheowl
If you are sure it is supporting SGX then I am kinda lost, I modified my answer with a new config, try it, if it still dont work give us the output of lscpu and the full XML configuration of your VM
0
Reply
anjali rai avatar
ml flag
anjali rai
I have added XML file and attached lscpu screenshot as well. I don't know what is wrong here, but it is not working
0
Reply
Score:0
anjali rai avatar Ubuntu
ml flag
anjali rai

With latest libvirtd the syntax updated and to specify command line options we need to add qemu schema

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
......
<qemu:commandline>
    <qemu:arg value='-cpu'/>
    <qemu:arg value='host,+sgx,+sgx-debug,+sgx-exinfo,+sgx-mode64,+sgx-provisionkey,+sgx-tokenkey,+sgx1,+sgx2,+sgxlc'/>
    <qemu:arg value='-object'/>
    <qemu:arg value='memory-backend-epc,id=mem1,size=64M,prealloc=on'/>
    <qemu:arg value='-M'/>
    <qemu:arg value='sgx-epc.0.memdev=mem1'/>
  </qemu:commandline>
</domain>

The syntax helped and VM was up with SGX mountings

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.