Hey Michael,
On 20.02.26 15:59, Michael S. Tsirkin wrote:
On Wed, Feb 18, 2026 at 01:51:47AM +0000, Alexander Graf wrote:
Add a machine model to spawn a Nitro Enclave. Unlike the existing -M
nitro-enclave, this machine model works exclusively with the -accel
nitro accelerator to drive real Nitro Enclave creation. It supports
memory allocation, number of CPU selection, both x86_64 as well as
aarch64, implements the Enclave heartbeat logic and debug serial
console.
To use it, create an EIF file and run
$ qemu-system-x86_64 -accel nitro,debug-mode=on -M nitro -nographic \
-kernel test.eif
or
$ qemu-system-aarch64 -accel nitro,debug-mode=on -M nitro -nographic \
-kernel test.eif
Signed-off-by: Alexander Graf <[email protected]>
[...]
+
+ /*
+ * In debug mode, Nitro Enclaves expose the guest's serial output via
+ * vsock. When the accel is in debug mode, wire the vsock serial to
+ * the machine's serial port so that -nographic automatically works
+ */
+ if (object_property_get_bool(OBJECT(current_accel()), "debug-mode", NULL))
{
+ Chardev *chr = serial_hd(0);
+
+ if (chr) {
+ DeviceState *dev = qdev_new(TYPE_NITRO_SERIAL_VSOCK);
+
+ qdev_prop_set_chr(dev, "chardev", chr);
+ sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
+ }
+ }
Would respecting -nodefaults and then maybe not wiring up all the
vsock things make sense? allows users to set it up any way
they want ...
So you would set up the individual special-purpose nitro devices via
-device or handle the respective virtio streams externally instead? That
definitely makes a lot of sense! Happy to add in v2.
Alex
Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597
