{"id":2197501,"url":"http://patchwork.ozlabs.org/api/1.0/covers/2197501/?format=json","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.0/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260218015151.4052-1-graf@amazon.com>","date":"2026-02-18T01:51:40","name":"[00/10] Native Nitro Enclaves support","submitter":{"id":76572,"url":"http://patchwork.ozlabs.org/api/1.0/people/76572/?format=json","name":"Alexander Graf","email":"graf@amazon.com"},"series":[{"id":492503,"url":"http://patchwork.ozlabs.org/api/1.0/series/492503/?format=json","date":"2026-02-18T01:51:40","name":"Native Nitro Enclaves support","version":1,"mbox":"http://patchwork.ozlabs.org/series/492503/mbox/"}],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=amazon.com header.i=@amazon.com header.a=rsa-sha256\n header.s=amazoncorp2 header.b=PtQYbxCI;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fFzzs38Gyz1xwr\n\tfor ; Wed, 18 Feb 2026 12:52:55 +1100 (AEDT)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1vsWjX-000776-Qg; Tue, 17 Feb 2026 20:52:07 -0500","from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1vsWjV-00076S-Vu; Tue, 17 Feb 2026 20:52:06 -0500","from pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com\n ([50.112.246.219])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1vsWjT-0004Oh-9P; Tue, 17 Feb 2026 20:52:05 -0500","from ip-10-5-6-203.us-west-2.compute.internal (HELO\n smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.6.203])\n by internal-pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com with\n ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2026 01:51:56 +0000","from EX19MTAUWB001.ant.amazon.com [205.251.233.51:4137]\n by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.27.218:2525]\n with esmtp (Farcaster)\n id 7e2b54c3-e305-428d-9986-7ac32ff77d39;\n Wed, 18 Feb 2026 01:51:55 +0000 (UTC)","from EX19D020UWC004.ant.amazon.com (10.13.138.149) by\n EX19MTAUWB001.ant.amazon.com (10.250.64.248) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:51:55 +0000","from ip-10-253-83-51.amazon.com (172.19.99.218) by\n EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:51:53 +0000"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2;\n t=1771379523; x=1802915523;\n h=from:to:cc:subject:date:message-id:mime-version:\n content-transfer-encoding;\n bh=Bxk16uEB7hM1KBZH7q7qAvCsv9atjs2SuGxLa0iEh4U=;\n b=PtQYbxCIQEqcueiTDFbkZNO8A+E4gkLn184giFy11vN2oXKEChX5JGW+\n cFUZnOOo9ZcxJhOV89iPirpzwFy9W+KKihcfizSH6DIxs1D8YkoSDYt/L\n mfYybKs1SES59wHdMtfVm53jO0ag1xKSSyJmodbAnjPDXeCsG1rz0XSBc\n nJgldDS8osy5II8G/SapIgdk8NiiLMrvbK9Lq8+WSO4XWJMJfXLeZ/Ajl\n VxPuu5zNevYiqPjBjx8wNraba8tdWvINk0M6yNRJv/3QH6wNvWzaaH6A9\n l4db39EPRoV10HuS77FtUl0g4+YxY+k1iob8nb85SslFj0Wsipw8ZI1cI A==;","X-CSE-ConnectionGUID":"CqneEwfkRZCS8+CEGvd3CQ==","X-CSE-MsgGUID":"xh6P1TAEQx6LqlYzY8ukEA==","X-IronPort-AV":"E=Sophos;i=\"6.21,297,1763424000\"; d=\"scan'208\";a=\"13085242\"","X-Farcaster-Flow-ID":"7e2b54c3-e305-428d-9986-7ac32ff77d39","From":"Alexander Graf ","To":"","CC":", Peter Maydell , \"Thomas\n Huth\" , , ,\n , , Cornelia Huck\n , , Dorjoy Chowdhury\n , Pierrick Bouvier ,\n Paolo Bonzini , Tyler Fanelli ,\n , ","Subject":"[PATCH 00/10] Native Nitro Enclaves support","Date":"Wed, 18 Feb 2026 01:51:40 +0000","Message-ID":"<20260218015151.4052-1-graf@amazon.com>","X-Mailer":"git-send-email 2.47.1","MIME-Version":"1.0","X-Originating-IP":"[172.19.99.218]","X-ClientProxiedBy":"EX19D046UWA001.ant.amazon.com (10.13.139.112) To\n EX19D020UWC004.ant.amazon.com (10.13.138.149)","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Received-SPF":"pass client-ip=50.112.246.219;\n envelope-from=prvs=502105d20=graf@amazon.de;\n helo=pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com","X-Spam_score_int":"-19","X-Spam_score":"-2.0","X-Spam_bar":"--","X-Spam_report":"(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01,\n UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"We had emulated Nitro Enclaves support in QEMU since 2024, but to launch\na native Nitro Enclave, you could only use the AWS nitro-cli tooling.\n\nTo simplify tooling and allow users to leverage the most convenient swiss\narmy knife of virtualization known to mankind (QEMU!), add native support\nto launch a Nitro Enclave from within QEMU.\n\nA Nitro Enclave is a Confidential Computing Virtual Machine spawned by\nthe Nitro Hypervisor which has a very basic machine model, with\nvirtio-vsock as the only real I/O between parent and enclave. This means\nthe amount of interactions between QEMU and the VM are limited, but for\ndebugging, experimentation and non-conventional use cases, it can be handy\nto spawn a Nitro Enclave directly in a more fully featured virtualization\nstack.\n\nExample invocation:\n\n $ qemu-system-x86_64 -nographic -accel nitro,debug-mode=on -M nitro -kernel test.eif -smp 2\n QEMU 10.2.50 monitor - type 'help' for more information\n (qemu) [ 0.000000] Linux version 4.14.256-209.484.amzn2.x86_64 (mockbuild@ip-10-0-50-84) (gcc version 7.3.1 20180712 (Red Hat 7.3.1-13) (GCC)) #1 SMP Tue Jan 11 21:47:36 UTC 2022\n [ 0.000000] Command line: reboot=k panic=30 pci=off nomodules console=ttyS0 i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd random.trust_cpu=on virtio_mmio.device=4K@0xd0000000:5 virtio_mmio.device=4K@0xd0001000:6\n [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'\n [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'\n [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'\n\nThis patch set supports x86_64 as well as aarch64 Nitro Enclaves.\nVirtio-vsock communication with the Enclave is handled directly through the\nparent's virtio-vsock device.\n\nAlex\n\nAlexander Graf (10):\n scripts/update-linux-headers: Add Nitro Enclaves header\n linux-headers: Add nitro_enclaves.h\n accel: Add Nitro Enclaves accelerator\n hw/nitro/nitro-serial-vsock: Nitro Enclaves vsock console\n hw/nitro: Introduce Nitro Enclave Heartbeat device\n target/arm/cpu64: Allow -host for nitro\n hw/nitro: Add nitro machine\n hw/core/eif: Move definitions to header\n hw/nitro: Enable direct kernel boot\n docs: Add Nitro Enclaves documentation\n\n MAINTAINERS | 12 +\n accel/Kconfig | 3 +\n accel/meson.build | 1 +\n accel/nitro/meson.build | 3 +\n accel/nitro/nitro-accel.c | 334 ++++++++++++++++\n accel/nitro/trace-events | 6 +\n accel/nitro/trace.h | 2 +\n accel/stubs/meson.build | 1 +\n accel/stubs/nitro-stub.c | 11 +\n docs/system/confidential-guest-support.rst | 1 +\n docs/system/index.rst | 1 +\n docs/system/nitro.rst | 114 ++++++\n hw/Kconfig | 1 +\n hw/core/eif.c | 38 --\n hw/core/eif.h | 41 ++\n hw/meson.build | 1 +\n hw/nitro/Kconfig | 14 +\n hw/nitro/heartbeat.c | 118 ++++++\n hw/nitro/machine.c | 297 +++++++++++++++\n hw/nitro/meson.build | 3 +\n hw/nitro/serial-vsock.c | 155 ++++++++\n hw/nitro/trace-events | 8 +\n hw/nitro/trace.h | 1 +\n include/hw/nitro/heartbeat.h | 25 ++\n include/hw/nitro/machine.h | 20 +\n include/hw/nitro/serial-vsock.h | 26 ++\n .../standard-headers/linux/nitro_enclaves.h | 359 ++++++++++++++++++\n include/system/hw_accel.h | 1 +\n include/system/nitro-accel.h | 25 ++\n meson.build | 12 +\n meson_options.txt | 2 +\n qemu-options.hx | 8 +-\n scripts/meson-buildoptions.sh | 3 +\n scripts/update-linux-headers.sh | 1 +\n target/arm/cpu64.c | 8 +\n 35 files changed, 1614 insertions(+), 42 deletions(-)\n create mode 100644 accel/nitro/meson.build\n create mode 100644 accel/nitro/nitro-accel.c\n create mode 100644 accel/nitro/trace-events\n create mode 100644 accel/nitro/trace.h\n create mode 100644 accel/stubs/nitro-stub.c\n create mode 100644 docs/system/nitro.rst\n create mode 100644 hw/nitro/Kconfig\n create mode 100644 hw/nitro/heartbeat.c\n create mode 100644 hw/nitro/machine.c\n create mode 100644 hw/nitro/meson.build\n create mode 100644 hw/nitro/serial-vsock.c\n create mode 100644 hw/nitro/trace-events\n create mode 100644 hw/nitro/trace.h\n create mode 100644 include/hw/nitro/heartbeat.h\n create mode 100644 include/hw/nitro/machine.h\n create mode 100644 include/hw/nitro/serial-vsock.h\n create mode 100644 include/standard-headers/linux/nitro_enclaves.h\n create mode 100644 include/system/nitro-accel.h"}