Be the first to like this
Software Guard Extensions (SGX) is Intel's unique security feature which has been present in Intel's processors since Skylake generation. Existing HW/SW solutions hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX solves this by using enclave, which is a protected portion of userspace application where the code/data cannot be accessed directly from outside by any software, including privileged ones, such as BIOS and VMM. This discussion is intended for the deep dive introduction to SGX, and the design discussion of adding SGX virtualization to Xen. We will start with SGX deep dive, and then go into SGX virtualization design, from high level design to details, such as EPC management/virtualization, CPUID handling, interaction with VMX, live migration support, etc.