sgx.rst - OpenGrok cross reference for /linux/Documentation/arch/x86/sgx.rst

Lines Matching +full:out +full:- +full:functions
1 .. SPDX-License-Identifier: GPL-2.0
13 * Privileged (ring-0) ENCLS functions orchestrate the construction of the
15 * Unprivileged (ring-3) ENCLU functions allow an application to enter and
21 ENCLS functions, only the threads inside the enclave can access its memory. The
38 with an enclave. It is contained in a BIOS-reserved region of physical memory.
49 ------------------
67 ----------------------
76 remain read-only.  EPCM permissions may only impose additional restrictions on
87 Enclave build functions
88 -----------------------
97 .. kernel-doc:: arch/x86/kernel/cpu/sgx/ioctl.c
98    :functions: sgx_ioc_enclave_create
104 --------------------------
113 .. kernel-doc:: arch/x86/kernel/cpu/sgx/ioctl.c
114    :functions: sgx_ioc_enclave_restrict_permissions
119 ------------
121 Entering an enclave can only be done through SGX-specific EENTER and ERESUME
122 functions, and is a non-trivial process.  Because of the complexity of
132 can leverage special exception fixup provided by the vDSO.  The kernel-provided
133 vDSO function wraps low-level transitions to/from the enclave like EENTER and
138 .. kernel-doc:: arch/x86/include/uapi/asm/sgx.h
139    :functions: vdso_sgx_enter_enclave_t
147 ----------------
153 reinitializes all enclave pages so that they can be allocated and re-used.
161 --------------
164 overcommitment of enclave memory.  If the system runs out of enclave memory,
174 EINIT function takes an RSA-3072 signature of the enclave measurement.  The function
187 In order to conceal the enclave data while it is out of the CPU package, the
192 encrypt pages leaving the CPU caches. MEE uses a n-ary Merkle tree with root in
194 anti-replay protection but does not scale to large memory sizes because the time
199 MEE. TME-based SGX implementations do not have an integrity Merkle tree, which
200 means integrity and replay-attacks are not mitigated.  B, it includes
211 --------------
216 the enclave through special SGX instructions. A run-time within the enclave is
217 configured to marshal function parameters into and out of the enclave and to
221 ---------------------
224 configured with a library OS and run-time which permits the application to run.
225 The enclave run-time and library OS work together to execute the application
232 ---------
238 This is effectively a kernel use-after-free of an EPC page, and due
265 on the same machine, the user should reserve enough EPC (by taking out