Home
last modified time | relevance | path

Searched refs:enclave (Results 1 – 21 of 21) sorted by relevance

/openbmc/linux/Documentation/translations/zh_CN/virt/
H A Dne_overview.rst28 enclave
30 一个enclave与催生它的虚拟机一起运行。这种设置符合低延迟应用的需要。为enclave
31 分配的资源,如内存和CPU,是从主虚拟机中分割出来的。每个enclave都被映射到一
36 1. 一个enclave抽象进程——一个运行在主虚拟机客体中的用户空间进程,它使用NE驱动
37 提供的ioctl接口来生成一个enclave虚拟机(这就是下面的2)。
41 ioctl逻辑被映射到PCI设备命令,例如,NE_START_ENCLAVE ioctl映射到一个enclave
45 2. enclave本身——一个运行在与催生它的主虚拟机相同的主机上的虚拟机。内存和CPU
46 从主虚拟机中分割出来,专门用于enclave虚拟机。enclave没有连接持久性存储。
48 从主虚拟机中分割出来并给enclave的内存区域需要对齐2 MiB/1 GiB物理连续的内存
50 配[2][3]。一个enclave的内存大小需要至少64 MiB。enclave内存和CPU需要来自同
[all …]
/openbmc/qemu/docs/system/i386/
H A Dnitro-enclave.rst1 'nitro-enclave' virtual machine (``nitro-enclave``)
4 ``nitro-enclave`` is a machine type which emulates an *AWS nitro enclave*
8 no persistent storage and no external networking. The enclave VMs are based
12 the enclave VM gets a dynamic CID. Enclaves use an EIF (`Enclave Image Format`_)
15 In QEMU, ``nitro-enclave`` is a machine type based on ``microvm`` similar to how
21 must be run alongside nitro-enclave for the vsock communication to work.
23 ``libcbor`` and ``gnutls`` are required dependencies for nitro-enclave machine
26 .. _AWS nitro enclaves: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
31 Using the nitro-enclave machine type
39 - nitro-enclave.vsock=string (required) (Id of the chardev from '-chardev' option that vhost-user-v…
[all …]
H A Dsgx.rst10 address space as an *enclave*, which is a protected area provides confidentiality
12 enclave memory area from any software not resident in the enclave are prevented,
72 and when enclave fails to unseal sensitive information from outside, it can
/openbmc/linux/Documentation/virt/
H A Dne_overview.rst16 application then runs in a separate VM than the primary VM, namely an enclave.
23 The resources that are allocated for the enclave, such as memory and CPUs, are
24 carved out of the primary VM. Each enclave is mapped to a process running in the
29 1. An enclave abstraction process - a user space process running in the primary
31 enclave VM (that's 2 below).
37 maps to an enclave start PCI command. The PCI device commands are then
42 2. The enclave itself - a VM running on the same host as the primary VM that
44 for the enclave VM. An enclave does not have persistent storage attached.
46 The memory regions carved out of the primary VM and given to an enclave need to
49 user space [2][3][7]. The memory size for an enclave needs to be at least
[all …]
/openbmc/linux/Documentation/arch/x86/
H A Dsgx.rst18 These memory regions are called enclaves. An enclave can be only entered at a
20 at a time. While the enclave is loaded from a regular binary file by using
21 ENCLS functions, only the threads inside the enclave can access its memory. The
38 with an enclave. It is contained in a BIOS-reserved region of physical memory.
40 the enclave during enclave construction with special, limited SGX instructions.
42 Only a CPU executing inside an enclave can directly access enclave memory.
43 However, a CPU executing inside an enclave may access normal memory outside the
44 enclave.
46 The kernel manages enclave memory similar to how it treats device memory.
56 Regular EPC pages contain the code and data of an enclave.
[all …]
/openbmc/linux/tools/testing/selftests/sgx/
H A Dtest_encl_bootstrap.S44 # inside the enclave for TCS #1 and one page into the enclave for
58 push %rbx # push the enclave base address
62 pop %rbx # pop the enclave base address
H A Dmain.c170 FIXTURE(enclave) { in FIXTURE() argument
253 FIXTURE_SETUP(enclave) in FIXTURE_SETUP() argument
257 FIXTURE_TEARDOWN(enclave) in FIXTURE_TEARDOWN() argument
282 TEST_F(enclave, unclobbered_vdso) in TEST_F() argument
352 TEST_F(enclave, unclobbered_vdso_oversubscribed) in TEST_F() argument
383 TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900)
504 TEST_F(enclave, clobbered_vdso) in TEST_F() argument
540 TEST_F(enclave, clobbered_vdso_and_user_function) in TEST_F() argument
574 TEST_F(enclave, tcs_entry) in TEST_F() argument
616 TEST_F(enclave, pte_permissions) in TEST_F() argument
[all …]
/openbmc/linux/Documentation/firmware-guide/acpi/apei/
H A Deinj.rst190 address. But the h/w prevents any software outside of an SGX enclave
191 from accessing enclave pages (even BIOS SMM mode).
194 1) Determine physical address of enclave page
197 3) Enter the enclave
/openbmc/linux/Documentation/admin-guide/hw-vuln/
H A Dspecial-register-buffer-data-sampling.rst92 enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
104 enclave on that logical processor. Opting out of the mitigation for a
108 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
H A Dgather_data_sampling.rst32 Non-enclaves can infer SGX enclave data
/openbmc/qemu/docs/system/
H A Dtarget-i386.rst19 i386/nitro-enclave
/openbmc/linux/drivers/virt/nitro_enclaves/
H A DKconfig12 This driver consists of support for enclave lifetime management
/openbmc/openbmc/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/
H A D0008-plat-corstone1000-add-client_id-for-FMP-service.patch6 Corstone1000 uses trusted-firmware-m as secure enclave software component. Due
/openbmc/linux/Documentation/ABI/testing/
H A Dsecurityfs-secrets-coco11 by the Guest Owner and decrypted inside the trusted enclave,
/openbmc/linux/arch/x86/include/asm/
H A Dptrace.h86 enclave : 1,
/openbmc/linux/arch/x86/kvm/
H A DKconfig97 This includes support to expose "raw" unreclaimable enclave memory to
/openbmc/openbmc/meta-arm/meta-arm-bsp/documentation/corstone1000/
H A Dchange-log.rst398 - U-Boot: send bootcomplete event to secure enclave.
H A Dsoftware-architecture.rst175 by the secure enclave's BL2 (MCUBoot) before starting TF-A.
/openbmc/linux/arch/x86/
H A DKconfig1927 and data, referred to as enclaves. An enclave's private memory can
1928 only be accessed by code running within the enclave. Accesses from
1929 outside the enclave, including other enclaves, are disallowed by
/openbmc/qemu/
H A DMAINTAINERS1846 nitro-enclave
1854 F: docs/system/i386/nitro-enclave.rst
/openbmc/linux/Documentation/virt/kvm/
H A Dapi.rst7515 more privileged enclave attributes. args[0] must hold a file handle to a valid
7519 The SGX subsystem restricts access to a subset of enclave attributes to provide
7523 by running an enclave in a VM, KVM prevents access to privileged attributes by