ne_overview.rst - OpenGrok cross reference for /Linux-v5.15/Documentation/virt/ne

Lines Matching refs:enclave
16 application then runs in a separate VM than the primary VM, namely an enclave.
18 An enclave runs alongside the VM that spawned it. This setup matches low latency
19 applications needs. The resources that are allocated for the enclave, such as
20 memory and CPUs, are carved out of the primary VM. Each enclave is mapped to a
26 1. An enclave abstraction process - a user space process running in the primary
28 enclave VM (that's 2 below).
34 maps to an enclave start PCI command. The PCI device commands are then
39 2. The enclave itself - a VM running on the same host as the primary VM that
41 for the enclave VM. An enclave does not have persistent storage attached.
43 The memory regions carved out of the primary VM and given to an enclave need to
46 user space [2][3]. The memory size for an enclave needs to be at least 64 MiB.
47 The enclave memory and CPUs need to be from the same NUMA node.
49 An enclave runs on dedicated cores. CPU 0 and its CPU siblings need to remain
54 An enclave communicates with the primary VM via a local communication channel,
56 while the enclave VM has a virtio-mmio vsock emulated device. The vsock device
57 uses eventfd for signaling. The enclave VM sees the usual interfaces - local
61 The application that runs in the enclave needs to be packaged in an enclave
63 enclave VM. The enclave VM has its own kernel and follows the standard Linux
70 Hash values are computed for the entire enclave image (EIF), the kernel and
71 ramdisk(s). That's used, for example, to check that the enclave image that is
72 loaded in the enclave VM is the one that was intended to be run.
76 enclave; KMS is an example of service that NE is integrated with and that checks
79 The enclave image (EIF) is loaded in the enclave memory at offset 8 MiB. The
80 init process in the enclave connects to the vsock CID of the primary VM and a
82 used to check in the primary VM that the enclave has booted. The CID of the
85 If the enclave VM crashes or gracefully exits, an interrupt event is received by
86 the NE driver. This event is sent further to the user space enclave process
88 enclave process can exit.