Home
last modified time | relevance | path

Searched refs:enclave (Results 1 – 12 of 12) sorted by relevance

/linux-6.1.9/Documentation/translations/zh_CN/virt/
Dne_overview.rst28 enclave
30 一个enclave与催生它的虚拟机一起运行。这种设置符合低延迟应用的需要。为enclave
31 分配的资源,如内存和CPU,是从主虚拟机中分割出来的。每个enclave都被映射到一
36 1. 一个enclave抽象进程——一个运行在主虚拟机客体中的用户空间进程,它使用NE驱动
37 提供的ioctl接口来生成一个enclave虚拟机(这就是下面的2)。
41 ioctl逻辑被映射到PCI设备命令,例如,NE_START_ENCLAVE ioctl映射到一个enclave
45 2. enclave本身——一个运行在与催生它的主虚拟机相同的主机上的虚拟机。内存和CPU
46 从主虚拟机中分割出来,专门用于enclave虚拟机。enclave没有连接持久性存储。
48 从主虚拟机中分割出来并给enclave的内存区域需要对齐2 MiB/1 GiB物理连续的内存
50 配[2][3]。一个enclave的内存大小需要至少64 MiB。enclave内存和CPU需要来自同
[all …]
/linux-6.1.9/Documentation/virt/
Dne_overview.rst16 application then runs in a separate VM than the primary VM, namely an enclave.
23 The resources that are allocated for the enclave, such as memory and CPUs, are
24 carved out of the primary VM. Each enclave is mapped to a process running in the
29 1. An enclave abstraction process - a user space process running in the primary
31 enclave VM (that's 2 below).
37 maps to an enclave start PCI command. The PCI device commands are then
42 2. The enclave itself - a VM running on the same host as the primary VM that
44 for the enclave VM. An enclave does not have persistent storage attached.
46 The memory regions carved out of the primary VM and given to an enclave need to
49 user space [2][3][7]. The memory size for an enclave needs to be at least
[all …]
/linux-6.1.9/Documentation/x86/
Dsgx.rst18 These memory regions are called enclaves. An enclave can be only entered at a
20 at a time. While the enclave is loaded from a regular binary file by using
21 ENCLS functions, only the threads inside the enclave can access its memory. The
38 with an enclave. It is contained in a BIOS-reserved region of physical memory.
40 the enclave during enclave construction with special, limited SGX instructions.
42 Only a CPU executing inside an enclave can directly access enclave memory.
43 However, a CPU executing inside an enclave may access normal memory outside the
44 enclave.
46 The kernel manages enclave memory similar to how it treats device memory.
56 Regular EPC pages contain the code and data of an enclave.
[all …]
/linux-6.1.9/tools/testing/selftests/sgx/
Dtest_encl_bootstrap.S44 # inside the enclave for TCS #1 and one page into the enclave for
58 push %rbx # push the enclave base address
62 pop %rbx # pop the enclave base address
Dmain.c170 FIXTURE(enclave) { in FIXTURE() argument
253 FIXTURE_SETUP(enclave) in FIXTURE_SETUP() argument
257 FIXTURE_TEARDOWN(enclave) in FIXTURE_TEARDOWN() argument
282 TEST_F(enclave, unclobbered_vdso) in TEST_F() argument
352 TEST_F(enclave, unclobbered_vdso_oversubscribed) in TEST_F() argument
383 TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900)
504 TEST_F(enclave, clobbered_vdso) in TEST_F() argument
540 TEST_F(enclave, clobbered_vdso_and_user_function) in TEST_F() argument
574 TEST_F(enclave, tcs_entry) in TEST_F() argument
616 TEST_F(enclave, pte_permissions) in TEST_F() argument
[all …]
/linux-6.1.9/Documentation/admin-guide/hw-vuln/
Dspecial-register-buffer-data-sampling.rst92 enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
104 enclave on that logical processor. Opting out of the mitigation for a
108 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
/linux-6.1.9/Documentation/firmware-guide/acpi/apei/
Deinj.rst190 address. But the h/w prevents any software outside of an SGX enclave
191 from accessing enclave pages (even BIOS SMM mode).
194 1) Determine physical address of enclave page
197 3) Enter the enclave
/linux-6.1.9/drivers/virt/nitro_enclaves/
DKconfig12 This driver consists of support for enclave lifetime management
/linux-6.1.9/Documentation/ABI/testing/
Dsecurityfs-secrets-coco11 by the Guest Owner and decrypted inside the trusted enclave,
/linux-6.1.9/arch/x86/kvm/
DKconfig97 This includes support to expose "raw" unreclaimable enclave memory to
/linux-6.1.9/arch/x86/
DKconfig1949 and data, referred to as enclaves. An enclave's private memory can
1950 only be accessed by code running within the enclave. Accesses from
1951 outside the enclave, including other enclaves, are disallowed by
/linux-6.1.9/Documentation/virt/kvm/
Dapi.rst7320 more priveleged enclave attributes. args[0] must hold a file handle to a valid
7324 The SGX subsystem restricts access to a subset of enclave attributes to provide
7328 by running an enclave in a VM, KVM prevents access to privileged attributes by