Lines Matching full:vm
14 For example, an application that processes sensitive data and runs in a VM,
15 can be separated from other applications running in the same VM. This
16 application then runs in a separate VM than the primary VM, namely an enclave.
18 An enclave runs alongside the VM that spawned it. This setup matches low latency
20 memory and CPUs, are carved out of the primary VM. Each enclave is mapped to a
21 process running in the primary VM, that communicates with the NE driver via an
27 VM guest that uses the provided ioctl interface of the NE driver to spawn an
28 enclave VM (that's 2 below).
30 There is a NE emulated PCI device exposed to the primary VM. The driver for this
36 hypervisor running on the host where the primary VM is running. The Nitro
39 2. The enclave itself - a VM running on the same host as the primary VM that
40 spawned it. Memory and CPUs are carved out of the primary VM and are dedicated
41 for the enclave VM. An enclave does not have persistent storage attached.
43 The memory regions carved out of the primary VM and given to an enclave need to
50 available for the primary VM. A CPU pool has to be set for NE purposes by an
54 An enclave communicates with the primary VM via a local communication channel,
55 using virtio-vsock [5]. The primary VM has virtio-pci vsock emulated device,
56 while the enclave VM has a virtio-mmio vsock emulated device. The vsock device
57 uses eventfd for signaling. The enclave VM sees the usual interfaces - local
63 enclave VM. The enclave VM has its own kernel and follows the standard Linux
72 loaded in the enclave VM is the one that was intended to be run.
80 init process in the enclave connects to the vsock CID of the primary VM and a
82 used to check in the primary VM that the enclave has booted. The CID of the
83 primary VM is 3.
85 If the enclave VM crashes or gracefully exits, an interrupt event is received by
87 running in the primary VM via a poll notification mechanism. Then the user space