Lines Matching +full:- +full:runs
1 .. SPDX-License-Identifier: GPL-2.0
14 For example, an application that processes sensitive data and runs in a VM,
16 application then runs in a separate VM than the primary VM, namely an enclave.
17 It runs alongside the VM that spawned it. This setup matches low latency
29 1. An enclave abstraction process - a user space process running in the primary
42 2. The enclave itself - a VM running on the same host as the primary VM that
52 An enclave runs on dedicated cores. CPU 0 and its CPU siblings need to remain
58 using virtio-vsock [5]. The primary VM has virtio-pci vsock emulated device,
59 while the enclave VM has a virtio-mmio vsock emulated device. The vsock device
60 uses eventfd for signaling. The enclave VM sees the usual interfaces - local
61 APIC and IOAPIC - to get interrupts from virtio-vsock device. The virtio-mmio
64 The application that runs in the enclave needs to be packaged in an enclave
84 predefined port - 9000 - to send a heartbeat value - 0xb7. This mechanism is
93 [1] https://aws.amazon.com/ec2/nitro/nitro-enclaves/
94 [2] https://www.kernel.org/doc/html/latest/admin-guide/mm/hugetlbpage.html
96 [4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
97 [5] https://man7.org/linux/man-pages/man7/vsock.7.html