Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On Sun, May 10, 2020 at 11:02:18AM +, Herrenschmidt, Benjamin wrote: > On Sat, 2020-05-09 at 21:21 +0200, Pavel Machek wrote: > > > > On Fri 2020-05-08 10:00:27, Paraschiv, Andra-Irina wrote: > > > > > > > > > On 07/05/2020 20:44, Pavel Machek wrote: > > > > > > > > Hi! > > > > > > > > > >

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 10/05/2020 12:57, Li Qiang wrote: Paraschiv, Andra-Irina > 于2020年4月24日周五 下午10:03写道： On 24/04/2020 12:59, Tian, Kevin wrote: > >> From: Paraschiv, Andra-Irina >> Sent: Thursday, April 23, 2020 9:20 PM >> >> On 22/04/2020 00:46, Paolo B

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 10/05/2020 14:02, Herrenschmidt, Benjamin wrote: On Sat, 2020-05-09 at 21:21 +0200, Pavel Machek wrote: On Fri 2020-05-08 10:00:27, Paraschiv, Andra-Irina wrote: On 07/05/2020 20:44, Pavel Machek wrote: Hi! it uses its own memory and CPUs + its virtio-vsock emulated device for communic

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On Sat, 2020-05-09 at 21:21 +0200, Pavel Machek wrote: > > On Fri 2020-05-08 10:00:27, Paraschiv, Andra-Irina wrote: > > > > > > On 07/05/2020 20:44, Pavel Machek wrote: > > > > > > Hi! > > > > > > > > it uses its own memory and CPUs + its virtio-vsock emulated device for > > > > > communicati

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On Fri 2020-05-08 10:00:27, Paraschiv, Andra-Irina wrote: > > > On 07/05/2020 20:44, Pavel Machek wrote: > > > >Hi! > > > >>>it uses its own memory and CPUs + its virtio-vsock emulated device for > >>>communication with the primary VM. > >>> > >>>The memory and CPUs are carved out of the primary

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 07/05/2020 20:44, Pavel Machek wrote: Hi! it uses its own memory and CPUs + its virtio-vsock emulated device for communication with the primary VM. The memory and CPUs are carved out of the primary VM, they are dedicated for the enclave. The Nitro hypervisor running on the host ensures m

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

Hi! > > it uses its own memory and CPUs + its virtio-vsock emulated device for > > communication with the primary VM. > > > > The memory and CPUs are carved out of the primary VM, they are dedicated > > for the enclave. The Nitro hypervisor running on the host ensures memory > > and CPU isolation

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 29/04/2020 16:20, Paolo Bonzini wrote: On 28/04/20 17:07, Alexander Graf wrote: So why not just start running the enclave at 0xfff0 in real mode? Yes everybody hates it, but that's what OSes are written against. In the simplest example, the parent enclave can load bzImage and initrd at

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 30.04.20 13:58, Paolo Bonzini wrote: On 30/04/20 13:47, Alexander Graf wrote: So the issue would be that a firmware image provided by the parent could be tampered with by something malicious running in the parent enclave? You have to have a root of trust somewhere. That root then checks

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 30/04/20 13:47, Alexander Graf wrote: >> >> So the issue would be that a firmware image provided by the parent could >> be tampered with by something malicious running in the parent enclave? > > You have to have a root of trust somewhere. That root then checks and > attests everything it runs.

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 30.04.20 13:38, Paolo Bonzini wrote: On 30/04/20 13:21, Alexander Graf wrote: Also, would you consider a mode where ne_load_image is not invoked and the enclave starts in real mode at 0xff0? Consider, sure. But I don't quite see any big benefit just yet. The current abstraction level

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 30/04/20 13:21, Alexander Graf wrote: >> Also, would you consider a mode where ne_load_image is not invoked and >> the enclave starts in real mode at 0xff0? > > Consider, sure. But I don't quite see any big benefit just yet. The > current abstraction level for the booted payloads is much hi

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 30.04.20 12:34, Paolo Bonzini wrote: On 28/04/20 17:07, Alexander Graf wrote: Why don't we build something like the following instead? vm = ne_create(vcpus = 4) ne_set_memory(vm, hva, len) ne_load_image(vm, addr, len) ne_start(vm) That way we would get the EIF loading into k

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 28/04/20 17:07, Alexander Graf wrote: > > Why don't we build something like the following instead? > >   vm = ne_create(vcpus = 4) >   ne_set_memory(vm, hva, len) >   ne_load_image(vm, addr, len) >   ne_start(vm) > > That way we would get the EIF loading into kernel space. "LOAD_IMAGE" > woul

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 28/04/20 17:07, Alexander Graf wrote: >> So why not just start running the enclave at 0xfff0 in real mode? >> Yes everybody hates it, but that's what OSes are written against. In >> the simplest example, the parent enclave can load bzImage and initrd at >> 0x1 and place firmware tables

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 28/04/2020 18:25, Alexander Graf wrote: On 27.04.20 13:44, Liran Alon wrote: On 27/04/2020 10:56, Paraschiv, Andra-Irina wrote: On 25/04/2020 18:25, Liran Alon wrote: On 23/04/2020 16:19, Paraschiv, Andra-Irina wrote: The memory and CPUs are carved out of the primary VM, they are d

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 27.04.20 13:44, Liran Alon wrote: On 27/04/2020 10:56, Paraschiv, Andra-Irina wrote: On 25/04/2020 18:25, Liran Alon wrote: On 23/04/2020 16:19, Paraschiv, Andra-Irina wrote: The memory and CPUs are carved out of the primary VM, they are dedicated for the enclave. The Nitro hypervisor

Re: [PATCH v1 00/15] Add support for Nitro Enclaves

On 25.04.20 18:05, Paolo Bonzini wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. On 24/04/20 21:11, Alexander Graf wrote: What I was saying above is that maybe co