* aesmd availability
@ 2022-01-28 10:08 Jarkko Sakkinen
2022-01-28 11:50 ` Jarkko Sakkinen
0 siblings, 1 reply; 4+ messages in thread
From: Jarkko Sakkinen @ 2022-01-28 10:08 UTC (permalink / raw)
To: linux-sgx
I noticed that with aesmd the only feasible way to host it is to make a
VM for it because:
- A beter predictable round-trip time for attestation.
- In the worst case, attestation could be potentially blocked.
Should the driver have a page locking mechanism to make this more robust,
or do we want to satisfy to this? I'm not 100% sure what'd be the right
path forward, just pointing out a potential availability issue.
BR, Jarkko
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: aesmd availability
2022-01-28 10:08 aesmd availability Jarkko Sakkinen
@ 2022-01-28 11:50 ` Jarkko Sakkinen
2022-02-01 16:15 ` Haitao Huang
0 siblings, 1 reply; 4+ messages in thread
From: Jarkko Sakkinen @ 2022-01-28 11:50 UTC (permalink / raw)
To: linux-sgx
Cc: dave.hansen, kristen, cedric.xing, haitao.huang, reinette.chatre,
bp, seanjc, luto, nathaniel, harald
On Fri, Jan 28, 2022 at 12:08:07PM +0200, Jarkko Sakkinen wrote:
> I noticed that with aesmd the only feasible way to host it is to make a
> VM for it because:
>
> - A beter predictable round-trip time for attestation.
> - In the worst case, attestation could be potentially blocked.
>
> Should the driver have a page locking mechanism to make this more robust,
> or do we want to satisfy to this? I'm not 100% sure what'd be the right
> path forward, just pointing out a potential availability issue.
Probably makes sense to spread just a bit :-)
BR, Jarkko
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: aesmd availability
2022-01-28 11:50 ` Jarkko Sakkinen
@ 2022-02-01 16:15 ` Haitao Huang
2022-02-20 19:01 ` Jarkko Sakkinen
0 siblings, 1 reply; 4+ messages in thread
From: Haitao Huang @ 2022-02-01 16:15 UTC (permalink / raw)
To: linux-sgx, Jarkko Sakkinen
Cc: dave.hansen, kristen, cedric.xing, haitao.huang, reinette.chatre,
bp, seanjc, luto, nathaniel, harald
Hi Jarkko
On Fri, 28 Jan 2022 05:50:22 -0600, Jarkko Sakkinen <jarkko@kernel.org>
wrote:
> On Fri, Jan 28, 2022 at 12:08:07PM +0200, Jarkko Sakkinen wrote:
>> I noticed that with aesmd the only feasible way to host it is to make a
>> VM for it because:
>>
>> - A beter predictable round-trip time for attestation.
>> - In the worst case, attestation could be potentially blocked.
>>
I don't fully understand your description here. Based on what you said
below, I think you are talking about how to improve (control of) EPC
allocation for apps in case of over-subscription (i.e., when EPC runs
out). My comments below are with this understanding.
In case you think there are limitations of aesmd implementation that
prevent aesmd from being hosted in other than a separate VM, please create
an issue on the corresponding GitHub.
>> Should the driver have a page locking mechanism to make this more
>> robust,
>> or do we want to satisfy to this? I'm not 100% sure what'd be the right
>> path forward, just pointing out a potential availability issue.
>
Current swapping would ensure the last active pages be loaded so it gives
some level of insurance that aesmd would be able to run as long as there
is swapping RAM and other apps are not super active during attestation.
I think SGX cgroups support should help address this concern in a general
way, which was discussed before and I think is in plan.
Not sure if lock works better, could you explain how it work?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: aesmd availability
2022-02-01 16:15 ` Haitao Huang
@ 2022-02-20 19:01 ` Jarkko Sakkinen
0 siblings, 0 replies; 4+ messages in thread
From: Jarkko Sakkinen @ 2022-02-20 19:01 UTC (permalink / raw)
To: Haitao Huang
Cc: linux-sgx, dave.hansen, kristen, cedric.xing, haitao.huang,
reinette.chatre, bp, seanjc, luto, nathaniel, harald
On Tue, Feb 01, 2022 at 10:15:04AM -0600, Haitao Huang wrote:
> Hi Jarkko
>
> On Fri, 28 Jan 2022 05:50:22 -0600, Jarkko Sakkinen <jarkko@kernel.org>
> wrote:
>
> > On Fri, Jan 28, 2022 at 12:08:07PM +0200, Jarkko Sakkinen wrote:
> > > I noticed that with aesmd the only feasible way to host it is to make a
> > > VM for it because:
> > >
> > > - A beter predictable round-trip time for attestation.
> > > - In the worst case, attestation could be potentially blocked.
> > >
>
> I don't fully understand your description here. Based on what you said
> below, I think you are talking about how to improve (control of) EPC
> allocation for apps in case of over-subscription (i.e., when EPC runs out).
> My comments below are with this understanding.
>
> In case you think there are limitations of aesmd implementation that prevent
> aesmd from being hosted in other than a separate VM, please create an issue
> on the corresponding GitHub.
>
> > > Should the driver have a page locking mechanism to make this more
> > > robust,
> > > or do we want to satisfy to this? I'm not 100% sure what'd be the right
> > > path forward, just pointing out a potential availability issue.
> >
>
> Current swapping would ensure the last active pages be loaded so it gives
> some level of insurance that aesmd would be able to run as long as there is
> swapping RAM and other apps are not super active during attestation.
>
> I think SGX cgroups support should help address this concern in a general
> way, which was discussed before and I think is in plan.
>
> Not sure if lock works better, could you explain how it work?
I agree that since cgroups is coming eventually it will address these
concerns.
BR, Jarkko
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-02-20 19:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-28 10:08 aesmd availability Jarkko Sakkinen
2022-01-28 11:50 ` Jarkko Sakkinen
2022-02-01 16:15 ` Haitao Huang
2022-02-20 19:01 ` Jarkko Sakkinen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.