Home
last modified time | relevance | path

Searched refs:enclave (Results 1 – 18 of 18) sorted by relevance

/openbmc/linux/Documentation/translations/zh_CN/virt/
H A Dne_overview.rst28 enclave
30 一个enclave与催生它的虚拟机一起运行。这种设置符合低延迟应用的需要。为enclave
37 提供的ioctl接口来生成一个enclave虚拟机(这就是下面的2)。
46 从主虚拟机中分割出来,专门用于enclave虚拟机。enclave没有连接持久性存储。
50 配[2][3]。一个enclave的内存大小需要至少64 MiB。enclave内存和CPU需要来自同
62enclave中运行的应用程序需要和将在enclave虚拟机中运行的操作系统(如内核、
63 ramdisk、init)一起被打包到enclave镜像中。enclave虚拟机有自己的内核并遵循标
70 查在enclave虚拟机中加载的enclave镜像是否是打算运行的那个。
75 enclave镜像(EIF)被加载到enclave内存中,偏移量为8 MiB。enclave中的初始进程
77 个机制用于在主虚拟机中检查enclave是否已经启动。主虚拟机的CID是3。
[all …]
/openbmc/linux/Documentation/virt/
H A Dne_overview.rst16 application then runs in a separate VM than the primary VM, namely an enclave.
31 enclave VM (that's 2 below).
37 maps to an enclave start PCI command. The PCI device commands are then
44 for the enclave VM. An enclave does not have persistent storage attached.
49 user space [2][3][7]. The memory size for an enclave needs to be at least
50 64 MiB. The enclave memory and CPUs need to be from the same NUMA node.
64 The application that runs in the enclave needs to be packaged in an enclave
66 enclave VM. The enclave VM has its own kernel and follows the standard Linux
75 loaded in the enclave VM is the one that was intended to be run.
82 The enclave image (EIF) is loaded in the enclave memory at offset 8 MiB. The
[all …]
/openbmc/linux/Documentation/arch/x86/
H A Dsgx.rst40 the enclave during enclave construction with special, limited SGX instructions.
42 Only a CPU executing inside an enclave can directly access enclave memory.
44 enclave.
95 pages and establish enclave page permissions.
108 adding and removing of enclave pages. When an enclave accesses an address
110 regular page will be dynamically added to the enclave. The enclave is
164 overcommitment of enclave memory. If the system runs out of enclave memory,
172 this the CPU can execute inside the enclave.
189 enclave memory.
216 the enclave through special SGX instructions. A run-time within the enclave is
[all …]
/openbmc/linux/tools/testing/selftests/sgx/
H A Dtest_encl_bootstrap.S44 # inside the enclave for TCS #1 and one page into the enclave for
58 push %rbx # push the enclave base address
62 pop %rbx # pop the enclave base address
H A Dmain.c170 FIXTURE(enclave) { in FIXTURE() argument
253 FIXTURE_SETUP(enclave) in FIXTURE_SETUP() argument
257 FIXTURE_TEARDOWN(enclave) in FIXTURE_TEARDOWN() argument
282 TEST_F(enclave, unclobbered_vdso) in TEST_F() argument
504 TEST_F(enclave, clobbered_vdso) in TEST_F() argument
574 TEST_F(enclave, tcs_entry) in TEST_F() argument
616 TEST_F(enclave, pte_permissions) in TEST_F() argument
720 TEST_F(enclave, tcs_permissions) in TEST_F() argument
778 TEST_F(enclave, epcm_permissions) in TEST_F() argument
977 TEST_F(enclave, augment) in TEST_F() argument
[all …]
/openbmc/openbmc/meta-arm/meta-arm-bsp/documentation/corstone1000/
H A Dsoftware-architecture.rst97 enclave and content of the CC312 OTP (One Time Programmable) memory
105 the secure enclave starts executing BL1 code from the ROM which is the RoT
114 In the secure enclave, BL1 authenticates the BL2 and passes the execution
117 time executable of secure enclave which initializes itself and, at the end,
127 it also has hardware isolated secure enclave environment to run such secure
131 these services which are running on a secure enclave instead of the
142 managed by OPTEE which forwards such calls to the secure enclave. The
150 lower latency vs higher security. Services running on a secure enclave are
213 calls are forwarded to the secure enclave as explained above.
H A Dchange-log.rst263 - U-Boot: send bootcomplete event to secure enclave.
H A Duser-guide.rst968 see appropriate logs in the secure enclave terminal.
992 boot time, secure enclave will try new images predetermined number of times
/openbmc/linux/Documentation/admin-guide/hw-vuln/
H A Dspecial-register-buffer-data-sampling.rst92 enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
104 enclave on that logical processor. Opting out of the mitigation for a
108 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
H A Dgather_data_sampling.rst32 Non-enclaves can infer SGX enclave data
/openbmc/linux/Documentation/firmware-guide/acpi/apei/
H A Deinj.rst190 address. But the h/w prevents any software outside of an SGX enclave
191 from accessing enclave pages (even BIOS SMM mode).
194 1) Determine physical address of enclave page
197 3) Enter the enclave
/openbmc/linux/drivers/virt/nitro_enclaves/
H A DKconfig12 This driver consists of support for enclave lifetime management
/openbmc/qemu/docs/system/i386/
H A Dsgx.rst10 address space as an *enclave*, which is a protected area provides confidentiality
12 enclave memory area from any software not resident in the enclave are prevented,
72 and when enclave fails to unseal sensitive information from outside, it can
/openbmc/openbmc/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/
H A D0009-plat-corstone1000-fmp-client-id.patch6 Corstone1000 uses trusted-firmware-m as secure enclave software component. Due
/openbmc/linux/Documentation/ABI/testing/
H A Dsecurityfs-secrets-coco11 by the Guest Owner and decrypted inside the trusted enclave,
/openbmc/linux/arch/x86/kvm/
H A DKconfig97 This includes support to expose "raw" unreclaimable enclave memory to
/openbmc/linux/arch/x86/
H A DKconfig1905 and data, referred to as enclaves. An enclave's private memory can
1906 only be accessed by code running within the enclave. Accesses from
1907 outside the enclave, including other enclaves, are disallowed by
/openbmc/linux/Documentation/virt/kvm/
H A Dapi.rst7515 more privileged enclave attributes. args[0] must hold a file handle to a valid
7519 The SGX subsystem restricts access to a subset of enclave attributes to provide
7523 by running an enclave in a VM, KVM prevents access to privileged attributes by