runtime: add support for SGX

Support the `sgx.intel.com/epc` annotation that is defined by the intel k8s plugin. This annotation enables SGX. Hardware-based isolation and memory encryption. For example, use `sgx.intel.com/epc = "64Mi"` to create a container with 1 EPC section with pre-allocated memory. At the time of writing this patch, SGX patches have not landed on the linux kernel project. The following github kernel fork contains all the SGX patches for the host and guest: https://github.com/intel/kvm-sgx fixes #483 Signed-off-by: Julio Montes <julio.montes@intel.com>
2025-12-17 22:34:25 +01:00 · 2020-09-22 15:33:51 -05:00
parent cce80bf746
commit 6df165c19d
10 changed files with 52 additions and 0 deletions
--- a/src/runtime/pkg/katautils/config_test.go
+++ b/src/runtime/pkg/katautils/config_test.go
@@ -83,6 +83,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config testRuntimeConf
 	disableNewNetNs := false
 	sharedFS := "virtio-9p"
 	virtioFSdaemon := path.Join(dir, "virtiofsd")
+	epcSize := int64(0)

 	configFileOptions := ktu.RuntimeConfigOptions{
 		Hypervisor:           "qemu",
@@ -165,6 +166,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (config testRuntimeConf
 		SharedFS:              sharedFS,
 		VirtioFSDaemon:        virtioFSdaemon,
 		VirtioFSCache:         defaultVirtioFSCacheMode,
+		SGXEPCSize:            epcSize,
 	}

 	agentConfig := vc.KataAgentConfig{