ne_overview.rst - OpenGrok cross reference for /linux/Documentation/virt/ne

Lines Matching +full:primary +full:- +full:device
1 .. SPDX-License-Identifier: GPL-2.0
16 application then runs in a separate VM than the primary VM, namely an enclave.
24 carved out of the primary VM. Each enclave is mapped to a process running in the
25 primary VM, that communicates with the NE kernel driver via an ioctl interface.
29 1. An enclave abstraction process - a user space process running in the primary
33 There is a NE emulated PCI device exposed to the primary VM. The driver for this
34 new PCI device is included in the NE driver.
36 The ioctl logic is mapped to PCI device commands e.g. the NE_START_ENCLAVE ioctl
37 maps to an enclave start PCI command. The PCI device commands are then
39 hypervisor running on the host where the primary VM is running. The Nitro
42 2. The enclave itself - a VM running on the same host as the primary VM that
43 spawned it. Memory and CPUs are carved out of the primary VM and are dedicated
46 The memory regions carved out of the primary VM and given to an enclave need to
53 available for the primary VM. A CPU pool has to be set for NE purposes by an
57 An enclave communicates with the primary VM via a local communication channel,
58 using virtio-vsock [5]. The primary VM has virtio-pci vsock emulated device,
59 while the enclave VM has a virtio-mmio vsock emulated device. The vsock device
60 uses eventfd for signaling. The enclave VM sees the usual interfaces - local
61 APIC and IOAPIC - to get interrupts from virtio-vsock device. The virtio-mmio
62 device is placed in memory below the typical 4 GiB.
83 init process in the enclave connects to the vsock CID of the primary VM and a
84 predefined port - 9000 - to send a heartbeat value - 0xb7. This mechanism is
85 used to check in the primary VM that the enclave has booted. The CID of the
86 primary VM is 3.
90 running in the primary VM via a poll notification mechanism. Then the user space
93 [1] https://aws.amazon.com/ec2/nitro/nitro-enclaves/
94 [2] https://www.kernel.org/doc/html/latest/admin-guide/mm/hugetlbpage.html
96 [4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
97 [5] https://man7.org/linux/man-pages/man7/vsock.7.html