Lines Matching refs:enclave

1 'nitro-enclave' virtual machine (``nitro-enclave``)
4 ``nitro-enclave`` is a machine type which emulates an *AWS nitro enclave*
8 no persistent storage and no external networking. The enclave VMs are based
12 the enclave VM gets a dynamic CID. Enclaves use an EIF (`Enclave Image Format`_)
15 In QEMU, ``nitro-enclave`` is a machine type based on ``microvm`` similar to how
21 must be run alongside nitro-enclave for the vsock communication to work.
23 ``libcbor`` and ``gnutls`` are required dependencies for nitro-enclave machine
26 .. _AWS nitro enclaves: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
31 Using the nitro-enclave machine type
39 - nitro-enclave.vsock=string (required) (Id of the chardev from '-chardev' option that vhost-user-v…
40 - nitro-enclave.id=string (optional) (Set enclave identifier)
41 - nitro-enclave.parent-role=string (optional) (Set parent instance IAM role ARN)
42 - nitro-enclave.parent-id=string (optional) (Set parent instance identifier)
45 Running a nitro-enclave VM
49 The forward-cid option below with value 1 forwards all connections from the enclave
51 for forwarding connections from the host machine to the enclave VM::
58 Now run the necessary applications on the host machine so that the nitro-enclave VM
59 applications' vsock communication works. For example, the nitro-enclave VM's init
63 after it receives the heartbeat for enclave VM to boot successfully. You should run all
65 VM for successful communication with the enclave VM.
67 Then run the nitro-enclave VM using the following command where ``hello.eif`` is
68 an EIF file you would use to spawn a real AWS nitro enclave virtual machine::
70 $ qemu-system-x86_64 -M nitro-enclave,vsock=c,id=hello-world \
74 In this example, the nitro-enclave VM has CID 4. If there are applications that
75 connect to the enclave VM, run them on the host machine after enclave VM starts.
76 You need to modify the applications to connect to CID 1 (instead of the enclave