From: "Eftime, Petre" <epetre@amazon.com>
To: virtio-comment@lists.oasis-open.org
Cc: graf@amazon.de
Subject: [virtio-comment] Re: [PATCH v2] content: Reserve virtio-nsm device ID
Date: Wed, 10 Jun 2020 16:17:25 +0300 [thread overview]
Message-ID: <dbca5c9e-8809-f121-1e08-441b4800ab09@amazon.com> (raw)
In-Reply-To: <20200527090707.75747-1-epetre@amazon.com>
[-- Attachment #1: Type: text/plain, Size: 2129 bytes --]
On 2020-05-27 12:07, Petre Eftime wrote:
> The NitroSecureModule is a device with a very stripped down
> Trusted Platform Module functionality, which is used in the
> context of a Nitro Enclave (see https://lkml.org/lkml/2020/4/21/1020)
> to provide boot time measurement and attestation.
>
> Since this device provides some critical cryptographic operations,
> there are a series of operations which are required to have guarantees
> of atomicity, ordering and consistency: operations fully succeed or fully
> fail, including when some external events might interfere in the
> process: live migration, crashes, etc; any failure in the critical
> section requires termination of the enclave it is attached to, so
> the device needs to be as resilient as possible, simplicity is
> strongly desired.
>
> To account for that, the device and driver are made to have very few
> error cases in the critical path and the operations themselves can be
> rolled back and retried if events happen outside the critical
> area, while processing a request. The driver itself can be made very
> simple and thus is easily portable.
>
> Since the requests can be handled directly in the virtio queue, serving
> most requests requires no additional buffering or memory allocations
> on the host side.
>
> Signed-off-by: Petre Eftime <epetre@amazon.com>
> ---
> content.tex | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/content.tex b/content.tex
> index 91735e3..66c8f2b 100644
> --- a/content.tex
> +++ b/content.tex
> @@ -2801,6 +2801,8 @@ \chapter{Device Types}\label{sec:Device Types}
> \hline
> 31 & Video decoder device \\
> \hline
> +33 & NitroSecureModule \\
> +\hline
> \end{tabular}
>
> Some of the devices above are unspecified by this document,
Hi all,
I've opened a corresponding issue on Github.
|Fixes: https://github.com/oasis-tcs/virtio-spec/issues/81|
|Thank you,|
|Petre Eftime
|
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
[-- Attachment #2: Type: text/html, Size: 2768 bytes --]
next prev parent reply other threads:[~2020-06-10 13:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-27 9:07 [virtio-comment] [PATCH v2] content: Reserve virtio-nsm device ID Petre Eftime
2020-05-28 10:34 ` Stefan Hajnoczi
2020-06-10 13:17 ` Eftime, Petre [this message]
2020-06-10 13:22 ` [virtio-comment] " Eftime, Petre
2020-07-20 17:10 ` Michael S. Tsirkin
2020-07-21 11:23 ` Eftime, Petre
[not found] ` <97eafeaa-7897-39b7-10fb-5ffed2298b00@amazon.de>
2020-08-10 14:34 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dbca5c9e-8809-f121-1e08-441b4800ab09@amazon.com \
--to=epetre@amazon.com \
--cc=graf@amazon.de \
--cc=virtio-comment@lists.oasis-open.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.