sgx.rst - OpenGrok cross reference for /Linux-v5.15/Documentation/x86/sgx.rst

Lines Matching +full:run +full:- +full:control
1 .. SPDX-License-Identifier: GPL-2.0
13 * Privileged (ring-0) ENCLS functions orchestrate the construction of the.
15 * Unprivileged (ring-3) ENCLU functions allow an application to enter and
38 with an enclave. It is contained in a BIOS-reserved region of physical memory.
49 ------------------
51 **SGX Enclave Control Structure (SECS)**
58 **Thread Control Structure (TCS)**
59    Thread Control Structure pages define the entry points to an enclave and
67 ----------------------
76 remain read-only.  EPCM permissions may only impose additional restrictions on
88 -----------------------
97 .. kernel-doc:: arch/x86/kernel/cpu/sgx/ioctl.c
104 ------------
106 Entering an enclave can only be done through SGX-specific EENTER and ERESUME
107 functions, and is a non-trivial process.  Because of the complexity of
117 can leverage special exception fixup provided by the vDSO.  The kernel-provided
118 vDSO function wraps low-level transitions to/from the enclave like EENTER and
123 .. kernel-doc:: arch/x86/include/uapi/asm/sgx.h
132 ----------------
138 reinitializes all enclave pages so that they can be allocated and re-used.
146 --------------
152 Launch Control
155 SGX provides a launch control mechanism. After all enclave pages have been
159 ENIT function takes an RSA-3072 signature of the enclave measurement.  The function
165 Linux supports only writable configuration in order to give full control to the
166 kernel on launch control policy. Before calling EINIT function, the driver sets
177 encrypt pages leaving the CPU caches. MEE uses a n-ary Merkle tree with root in
179 anti-replay protection but does not scale to large memory sizes because the time
184 MEE. TME-based SGX implementations do not have an integrity Merkle tree, which
185 means integrity and replay-attacks are not mitigated.  B, it includes
196 --------------
201 the enclave through special SGX instructions. A run-time within the enclave is
206 ---------------------
209 configured with a library OS and run-time which permits the application to run.
210 The enclave run-time and library OS work together to execute the application
217 ---------
223 This is effectively a kernel use-after-free of an EPC page, and due
252 host SGX applications so they can run with acceptable performance.