From: "Paraschiv, Andra-Irina" <email@example.com> To: Paolo Bonzini <firstname.lastname@example.org>, Alexander Graf <email@example.com>, <firstname.lastname@example.org> Cc: Anthony Liguori <email@example.com>, Benjamin Herrenschmidt <firstname.lastname@example.org>, Colm MacCarthaigh <email@example.com>, Bjoern Doebel <firstname.lastname@example.org>, David Woodhouse <email@example.com>, Frank van der Linden <firstname.lastname@example.org>, Martin Pohlack <email@example.com>, Matt Wilson <firstname.lastname@example.org>, Balbir Singh <email@example.com>, Stewart Smith <firstname.lastname@example.org>, Uwe Dannowski <email@example.com>, <firstname.lastname@example.org>, <email@example.com> Subject: Re: [PATCH v1 00/15] Add support for Nitro Enclaves Date: Mon, 27 Apr 2020 12:22:15 +0300 Message-ID: <firstname.lastname@example.org> (raw) In-Reply-To: <email@example.com> On 25/04/2020 19:05, Paolo Bonzini wrote: > > On 24/04/20 21:11, Alexander Graf wrote: >> What I was saying above is that maybe code is easier to transfer that >> than a .txt file that gets lost somewhere in the Documentation directory >> :). > whynotboth.jpg :D :) Alright, I added it to the list, in addition to the sample we've been talking before, with the basic flow of the ioctl interface usage. > >>>> To answer the question though, the target file is in a newly invented >>>> file format called "EIF" and it needs to be loaded at offset 0x800000 of >>>> the address space donated to the enclave. >>> What is this EIF? >> It's just a very dumb container format that has a trivial header, a >> section with the bzImage and one to many sections of initramfs. >> >> As mentioned earlier in this thread, it really is just "-kernel" and >> "-initrd", packed into a single binary for transmission to the host. > Okay, got it. So, correct me if this is wrong, the information that is > needed to boot the enclave is: > > * the kernel, in bzImage format > > * the initrd > > * a consecutive amount of memory, to be mapped with > KVM_SET_USER_MEMORY_REGION Yes, the kernel bzImage, the kernel command line, the ramdisk(s) are part of the Enclave Image Format (EIF); plus an EIF header including metadata such as magic number, eif version, image size and CRC. > > Off list, Alex and I discussed having a struct that points to kernel and > initrd off enclave memory, and have the driver build EIF at the > appropriate point in enclave memory (the 8 MiB ofset that you mentioned). > > This however has two disadvantages: > > 1) having the kernel and initrd loaded by the parent VM in enclave > memory has the advantage that you save memory outside the enclave memory > for something that is only needed inside the enclave Here you wanted to say disadvantage? :)Wrt saving memory, it's about additional memory from the parent / primary VM needed for handling the enclave image sections (such as the kernel, ramdisk) and setting the EIF at a certain offset in enclave memory? > > 2) it is less extensible (what if you want to use PVH in the future for > example) and puts in the driver policy that should be in userspace. > > > So why not just start running the enclave at 0xfffffff0 in real mode? > Yes everybody hates it, but that's what OSes are written against. In > the simplest example, the parent enclave can load bzImage and initrd at > 0x10000 and place firmware tables (MPTable and DMI) somewhere at > 0xf0000; the firmware would just be a few movs to segment registers > followed by a long jmp. > > If you want to keep EIF, we measured in QEMU that there is no measurable > difference between loading the kernel in the host and doing it in the > guest, so Amazon could provide an EIF loader stub at 0xfffffff0 for > backwards compatibility. Thanks for info. Andra > >>> Again, I cannot provide a sensible review without explaining how to use >>> all this. I understand that Amazon needs to do part of the design >>> behind closed doors, but this seems to have the resulted in issues that >>> reminds me of Intel's SGX misadventures. If Amazon has designed NE in a >>> way that is incompatible with open standards, it's up to Amazon to fix >> Oh, if there's anything that conflicts with open standards here, I would >> love to hear it immediately. I do not believe in security by obscurity :). > That's great to hear! > > Paolo > Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
next prev parent reply index Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-04-21 18:41 Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 01/15] nitro_enclaves: Add ioctl interface definition Andra Paraschiv 2020-04-21 18:47 ` Randy Dunlap 2020-04-21 21:45 ` Paolo Bonzini 2020-04-22 15:49 ` Paraschiv, Andra-Irina 2020-04-21 18:41 ` [PATCH v1 02/15] nitro_enclaves: Define the PCI device interface Andra Paraschiv 2020-04-21 21:22 ` Paolo Bonzini 2020-04-23 13:37 ` Paraschiv, Andra-Irina 2020-04-24 15:10 ` Paraschiv, Andra-Irina 2020-04-21 18:41 ` [PATCH v1 03/15] nitro_enclaves: Define enclave info for internal bookkeeping Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 04/15] nitro_enclaves: Init PCI device driver Andra Paraschiv 2020-04-25 14:25 ` Liran Alon 2020-04-29 16:31 ` Paraschiv, Andra-Irina 2020-04-21 18:41 ` [PATCH v1 05/15] nitro_enclaves: Handle PCI device command requests Andra Paraschiv 2020-04-25 14:52 ` Liran Alon 2020-04-29 17:00 ` Paraschiv, Andra-Irina 2020-04-21 18:41 ` [PATCH v1 06/15] nitro_enclaves: Handle out-of-band PCI device events Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 07/15] nitro_enclaves: Init misc device providing the ioctl interface Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 08/15] nitro_enclaves: Add logic for enclave vm creation Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 09/15] nitro_enclaves: Add logic for enclave vcpu creation Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 10/15] nitro_enclaves: Add logic for enclave memory region set Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 11/15] nitro_enclaves: Add logic for enclave start Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 12/15] nitro_enclaves: Add logic for enclave termination Andra Paraschiv 2020-04-21 18:41 ` [PATCH v1 13/15] nitro_enclaves: Add Kconfig for the Nitro Enclaves driver Andra Paraschiv 2020-04-21 18:50 ` Randy Dunlap 2020-04-22 14:35 ` Paraschiv, Andra-Irina 2020-04-21 18:41 ` [PATCH v1 14/15] nitro_enclaves: Add Makefile " Andra Paraschiv 2020-04-23 8:12 ` kbuild test robot 2020-04-24 17:00 ` Paraschiv, Andra-Irina 2020-04-23 8:43 ` kbuild test robot 2020-04-24 15:27 ` Paraschiv, Andra-Irina 2020-04-21 18:41 ` [PATCH v1 15/15] MAINTAINERS: Add entry " Andra Paraschiv 2020-04-21 21:46 ` [PATCH v1 00/15] Add support for Nitro Enclaves Paolo Bonzini 2020-04-23 13:19 ` Paraschiv, Andra-Irina 2020-04-23 13:42 ` Paolo Bonzini 2020-04-23 17:42 ` Paraschiv, Andra-Irina 2020-04-23 17:51 ` Paolo Bonzini 2020-04-23 20:56 ` Alexander Graf 2020-04-23 21:18 ` Paolo Bonzini 2020-04-24 12:56 ` Alexander Graf 2020-04-24 16:27 ` Paolo Bonzini 2020-04-24 19:11 ` Alexander Graf 2020-04-25 16:05 ` Paolo Bonzini 2020-04-27 9:15 ` Paraschiv, Andra-Irina 2020-04-27 9:22 ` Paraschiv, Andra-Irina [this message] 2020-04-27 9:46 ` Paolo Bonzini 2020-04-27 10:00 ` Paraschiv, Andra-Irina 2020-04-28 15:07 ` Alexander Graf 2020-04-29 13:20 ` Paolo Bonzini 2020-04-30 13:59 ` Paraschiv, Andra-Irina 2020-04-30 10:34 ` Paolo Bonzini 2020-04-30 11:21 ` Alexander Graf 2020-04-30 11:38 ` Paolo Bonzini 2020-04-30 11:47 ` Alexander Graf 2020-04-30 11:58 ` Paolo Bonzini 2020-04-30 12:19 ` Alexander Graf 2020-05-07 17:44 ` Pavel Machek 2020-05-08 7:00 ` Paraschiv, Andra-Irina 2020-05-09 19:21 ` Pavel Machek 2020-05-10 11:02 ` Herrenschmidt, Benjamin 2020-05-11 10:49 ` Paraschiv, Andra-Irina 2020-05-11 13:49 ` Stefan Hajnoczi 2020-04-24 3:04 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.) 2020-04-24 8:19 ` Paraschiv, Andra-Irina 2020-04-24 9:54 ` Paraschiv, Andra-Irina 2020-04-26 1:55 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.) 2020-04-27 18:39 ` Paraschiv, Andra-Irina 2020-04-24 9:59 ` Tian, Kevin 2020-04-24 13:59 ` Paraschiv, Andra-Irina 2020-04-26 8:16 ` Tian, Kevin 2020-04-27 19:05 ` Paraschiv, Andra-Irina [not found] ` <CAKXe6SLonLQLAOY9Q_2AzTeg4uJxiknsAWnJpTF0hMcXEG5Tew@mail.gmail.com> 2020-05-11 12:05 ` Paraschiv, Andra-Irina 2020-04-25 15:25 ` Liran Alon 2020-04-27 7:56 ` Paraschiv, Andra-Irina 2020-04-27 11:44 ` Liran Alon 2020-04-28 15:25 ` Alexander Graf 2020-04-28 16:01 ` Liran Alon
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \ firstname.lastname@example.org public-inbox-index lkml Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git