Cover Letter Detail
Show a cover letter.
GET /api/1.0/covers/2197501/?format=api
{ "id": 2197501, "url": "http://patchwork.ozlabs.org/api/1.0/covers/2197501/?format=api", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/1.0/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260218015151.4052-1-graf@amazon.com>", "date": "2026-02-18T01:51:40", "name": "[00/10] Native Nitro Enclaves support", "submitter": { "id": 76572, "url": "http://patchwork.ozlabs.org/api/1.0/people/76572/?format=api", "name": "Alexander Graf", "email": "graf@amazon.com" }, "series": [ { "id": 492503, "url": "http://patchwork.ozlabs.org/api/1.0/series/492503/?format=api", "date": "2026-02-18T01:51:40", "name": "Native Nitro Enclaves support", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/492503/mbox/" } ], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=amazon.com header.i=@amazon.com header.a=rsa-sha256\n header.s=amazoncorp2 header.b=PtQYbxCI;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fFzzs38Gyz1xwr\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 12:52:55 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vsWjX-000776-Qg; Tue, 17 Feb 2026 20:52:07 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjV-00076S-Vu; Tue, 17 Feb 2026 20:52:06 -0500", "from pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com\n ([50.112.246.219])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjT-0004Oh-9P; Tue, 17 Feb 2026 20:52:05 -0500", "from ip-10-5-6-203.us-west-2.compute.internal (HELO\n smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.6.203])\n by internal-pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com with\n ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2026 01:51:56 +0000", "from EX19MTAUWB001.ant.amazon.com [205.251.233.51:4137]\n by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.27.218:2525]\n with esmtp (Farcaster)\n id 7e2b54c3-e305-428d-9986-7ac32ff77d39;\n Wed, 18 Feb 2026 01:51:55 +0000 (UTC)", "from EX19D020UWC004.ant.amazon.com (10.13.138.149) by\n EX19MTAUWB001.ant.amazon.com (10.250.64.248) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:51:55 +0000", "from ip-10-253-83-51.amazon.com (172.19.99.218) by\n EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:51:53 +0000" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2;\n t=1771379523; x=1802915523;\n h=from:to:cc:subject:date:message-id:mime-version:\n content-transfer-encoding;\n bh=Bxk16uEB7hM1KBZH7q7qAvCsv9atjs2SuGxLa0iEh4U=;\n b=PtQYbxCIQEqcueiTDFbkZNO8A+E4gkLn184giFy11vN2oXKEChX5JGW+\n cFUZnOOo9ZcxJhOV89iPirpzwFy9W+KKihcfizSH6DIxs1D8YkoSDYt/L\n mfYybKs1SES59wHdMtfVm53jO0ag1xKSSyJmodbAnjPDXeCsG1rz0XSBc\n nJgldDS8osy5II8G/SapIgdk8NiiLMrvbK9Lq8+WSO4XWJMJfXLeZ/Ajl\n VxPuu5zNevYiqPjBjx8wNraba8tdWvINk0M6yNRJv/3QH6wNvWzaaH6A9\n l4db39EPRoV10HuS77FtUl0g4+YxY+k1iob8nb85SslFj0Wsipw8ZI1cI A==;", "X-CSE-ConnectionGUID": "CqneEwfkRZCS8+CEGvd3CQ==", "X-CSE-MsgGUID": "xh6P1TAEQx6LqlYzY8ukEA==", "X-IronPort-AV": "E=Sophos;i=\"6.21,297,1763424000\"; d=\"scan'208\";a=\"13085242\"", "X-Farcaster-Flow-ID": "7e2b54c3-e305-428d-9986-7ac32ff77d39", "From": "Alexander Graf <graf@amazon.com>", "To": "<qemu-devel@nongnu.org>", "CC": "<qemu-arm@nongnu.org>, Peter Maydell <peter.maydell@linaro.org>, \"Thomas\n Huth\" <thuth@redhat.com>, <alex.bennee@linaro.org>, <philmd@linaro.org>,\n <berrange@redhat.com>, <marcandre.lureau@redhat.com>, Cornelia Huck\n <cohuck@redhat.com>, <mst@redhat.com>, Dorjoy Chowdhury\n <dorjoychy111@gmail.com>, Pierrick Bouvier <pierrick.bouvier@linaro.org>,\n Paolo Bonzini <pbonzini@redhat.com>, Tyler Fanelli <tfanelli@redhat.com>,\n <mknaust@amazon.com>, <nh-open-source@amazon.com>", "Subject": "[PATCH 00/10] Native Nitro Enclaves support", "Date": "Wed, 18 Feb 2026 01:51:40 +0000", "Message-ID": "<20260218015151.4052-1-graf@amazon.com>", "X-Mailer": "git-send-email 2.47.1", "MIME-Version": "1.0", "X-Originating-IP": "[172.19.99.218]", "X-ClientProxiedBy": "EX19D046UWA001.ant.amazon.com (10.13.139.112) To\n EX19D020UWC004.ant.amazon.com (10.13.138.149)", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Received-SPF": "pass client-ip=50.112.246.219;\n envelope-from=prvs=502105d20=graf@amazon.de;\n helo=pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com", "X-Spam_score_int": "-19", "X-Spam_score": "-2.0", "X-Spam_bar": "--", "X-Spam_report": "(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01,\n UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "We had emulated Nitro Enclaves support in QEMU since 2024, but to launch\na native Nitro Enclave, you could only use the AWS nitro-cli tooling.\n\nTo simplify tooling and allow users to leverage the most convenient swiss\narmy knife of virtualization known to mankind (QEMU!), add native support\nto launch a Nitro Enclave from within QEMU.\n\nA Nitro Enclave is a Confidential Computing Virtual Machine spawned by\nthe Nitro Hypervisor which has a very basic machine model, with\nvirtio-vsock as the only real I/O between parent and enclave. This means\nthe amount of interactions between QEMU and the VM are limited, but for\ndebugging, experimentation and non-conventional use cases, it can be handy\nto spawn a Nitro Enclave directly in a more fully featured virtualization\nstack.\n\nExample invocation:\n\n $ qemu-system-x86_64 -nographic -accel nitro,debug-mode=on -M nitro -kernel test.eif -smp 2\n QEMU 10.2.50 monitor - type 'help' for more information\n (qemu) [ 0.000000] Linux version 4.14.256-209.484.amzn2.x86_64 (mockbuild@ip-10-0-50-84) (gcc version 7.3.1 20180712 (Red Hat 7.3.1-13) (GCC)) #1 SMP Tue Jan 11 21:47:36 UTC 2022\n [ 0.000000] Command line: reboot=k panic=30 pci=off nomodules console=ttyS0 i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd random.trust_cpu=on virtio_mmio.device=4K@0xd0000000:5 virtio_mmio.device=4K@0xd0001000:6\n [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'\n [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'\n [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'\n\nThis patch set supports x86_64 as well as aarch64 Nitro Enclaves.\nVirtio-vsock communication with the Enclave is handled directly through the\nparent's virtio-vsock device.\n\nAlex\n\nAlexander Graf (10):\n scripts/update-linux-headers: Add Nitro Enclaves header\n linux-headers: Add nitro_enclaves.h\n accel: Add Nitro Enclaves accelerator\n hw/nitro/nitro-serial-vsock: Nitro Enclaves vsock console\n hw/nitro: Introduce Nitro Enclave Heartbeat device\n target/arm/cpu64: Allow -host for nitro\n hw/nitro: Add nitro machine\n hw/core/eif: Move definitions to header\n hw/nitro: Enable direct kernel boot\n docs: Add Nitro Enclaves documentation\n\n MAINTAINERS | 12 +\n accel/Kconfig | 3 +\n accel/meson.build | 1 +\n accel/nitro/meson.build | 3 +\n accel/nitro/nitro-accel.c | 334 ++++++++++++++++\n accel/nitro/trace-events | 6 +\n accel/nitro/trace.h | 2 +\n accel/stubs/meson.build | 1 +\n accel/stubs/nitro-stub.c | 11 +\n docs/system/confidential-guest-support.rst | 1 +\n docs/system/index.rst | 1 +\n docs/system/nitro.rst | 114 ++++++\n hw/Kconfig | 1 +\n hw/core/eif.c | 38 --\n hw/core/eif.h | 41 ++\n hw/meson.build | 1 +\n hw/nitro/Kconfig | 14 +\n hw/nitro/heartbeat.c | 118 ++++++\n hw/nitro/machine.c | 297 +++++++++++++++\n hw/nitro/meson.build | 3 +\n hw/nitro/serial-vsock.c | 155 ++++++++\n hw/nitro/trace-events | 8 +\n hw/nitro/trace.h | 1 +\n include/hw/nitro/heartbeat.h | 25 ++\n include/hw/nitro/machine.h | 20 +\n include/hw/nitro/serial-vsock.h | 26 ++\n .../standard-headers/linux/nitro_enclaves.h | 359 ++++++++++++++++++\n include/system/hw_accel.h | 1 +\n include/system/nitro-accel.h | 25 ++\n meson.build | 12 +\n meson_options.txt | 2 +\n qemu-options.hx | 8 +-\n scripts/meson-buildoptions.sh | 3 +\n scripts/update-linux-headers.sh | 1 +\n target/arm/cpu64.c | 8 +\n 35 files changed, 1614 insertions(+), 42 deletions(-)\n create mode 100644 accel/nitro/meson.build\n create mode 100644 accel/nitro/nitro-accel.c\n create mode 100644 accel/nitro/trace-events\n create mode 100644 accel/nitro/trace.h\n create mode 100644 accel/stubs/nitro-stub.c\n create mode 100644 docs/system/nitro.rst\n create mode 100644 hw/nitro/Kconfig\n create mode 100644 hw/nitro/heartbeat.c\n create mode 100644 hw/nitro/machine.c\n create mode 100644 hw/nitro/meson.build\n create mode 100644 hw/nitro/serial-vsock.c\n create mode 100644 hw/nitro/trace-events\n create mode 100644 hw/nitro/trace.h\n create mode 100644 include/hw/nitro/heartbeat.h\n create mode 100644 include/hw/nitro/machine.h\n create mode 100644 include/hw/nitro/serial-vsock.h\n create mode 100644 include/standard-headers/linux/nitro_enclaves.h\n create mode 100644 include/system/nitro-accel.h" }