Home
last modified time | relevance | path

Searched refs:enclave (Results 1 – 10 of 10) sorted by relevance

/Linux-v5.15/Documentation/translations/zh_CN/virt/
Dne_overview.rst28 enclave
30 一个enclave与催生它的虚拟机一起运行。这种设置符合低延迟应用的需要。为enclave
31 分配的资源,如内存和CPU,是从主虚拟机中分割出来的。每个enclave都被映射到一
36 1. 一个enclave抽象进程——一个运行在主虚拟机客体中的用户空间进程,它使用NE驱动
37 提供的ioctl接口来生成一个enclave虚拟机(这就是下面的2)。
41 ioctl逻辑被映射到PCI设备命令,例如,NE_START_ENCLAVE ioctl映射到一个enclave
45 2. enclave本身——一个运行在与催生它的主虚拟机相同的主机上的虚拟机。内存和CPU
46 从主虚拟机中分割出来,专门用于enclave虚拟机。enclave没有连接持久性存储。
48 从主虚拟机中分割出来并给enclave的内存区域需要对齐2 MiB/1 GiB物理连续的内存
50 配[2][3]。一个enclave的内存大小需要至少64 MiB。enclave内存和CPU需要来自同
[all …]
/Linux-v5.15/Documentation/virt/
Dne_overview.rst16 application then runs in a separate VM than the primary VM, namely an enclave.
18 An enclave runs alongside the VM that spawned it. This setup matches low latency
19 applications needs. The resources that are allocated for the enclave, such as
20 memory and CPUs, are carved out of the primary VM. Each enclave is mapped to a
26 1. An enclave abstraction process - a user space process running in the primary
28 enclave VM (that's 2 below).
34 maps to an enclave start PCI command. The PCI device commands are then
39 2. The enclave itself - a VM running on the same host as the primary VM that
41 for the enclave VM. An enclave does not have persistent storage attached.
43 The memory regions carved out of the primary VM and given to an enclave need to
[all …]
/Linux-v5.15/Documentation/x86/
Dsgx.rst18 These memory regions are called enclaves. An enclave can be only entered at a
20 at a time. While the enclave is loaded from a regular binary file by using
21 ENCLS functions, only the threads inside the enclave can access its memory. The
38 with an enclave. It is contained in a BIOS-reserved region of physical memory.
40 the enclave during enclave construction with special, limited SGX instructions.
42 Only a CPU executing inside an enclave can directly access enclave memory.
43 However, a CPU executing inside an enclave may access normal memory outside the
44 enclave.
46 The kernel manages enclave memory similar to how it treats device memory.
56 Regular EPC pages contain the code and data of an enclave.
[all …]
/Linux-v5.15/tools/testing/selftests/sgx/
Dmain.c110 FIXTURE(enclave) { in FIXTURE() argument
115 FIXTURE_SETUP(enclave) in FIXTURE_SETUP() argument
191 FIXTURE_TEARDOWN(enclave) in FIXTURE_TEARDOWN() argument
216 TEST_F(enclave, unclobbered_vdso) in TEST_F() argument
238 TEST_F(enclave, clobbered_vdso) in TEST_F() argument
268 TEST_F(enclave, clobbered_vdso_and_user_function) in TEST_F() argument
Dtest_encl_bootstrap.S44 # inside the enclave. By adding the value of le_stack_end to it, we get
51 push %rbx # push the enclave base address
55 pop %rbx # pop the enclave base address
/Linux-v5.15/Documentation/admin-guide/hw-vuln/
Dspecial-register-buffer-data-sampling.rst92 enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
104 enclave on that logical processor. Opting out of the mitigation for a
108 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
/Linux-v5.15/drivers/virt/nitro_enclaves/
DKconfig16 This driver consists of support for enclave lifetime management
/Linux-v5.15/arch/x86/kvm/
DKconfig92 This includes support to expose "raw" unreclaimable enclave memory to
/Linux-v5.15/arch/x86/
DKconfig1908 and data, referred to as enclaves. An enclave's private memory can
1909 only be accessed by code running within the enclave. Accesses from
1910 outside the enclave, including other enclaves, are disallowed by
/Linux-v5.15/Documentation/virt/kvm/
Dapi.rst6636 more priveleged enclave attributes. args[0] must hold a file handle to a valid
6640 The SGX subsystem restricts access to a subset of enclave attributes to provide
6644 by running an enclave in a VM, KVM prevents access to privileged attributes by