Replacing the prototype runtime with sel4 microkernel.

Google Asylo Integration

Updated Jan 23, 2019

No description

Keystone device driver relies on Linux buddy allocation system, which can fail when a large memory size (> 2MB)is requested. CMA allocator reserves kernel memory at boot, and can reliably allocate large-sized contiguous memory.

Affected submodules: riscv-linux

Current enclave only supports running a statically compiled single binary, which should run once at a time However, this is not a good workload model, since a lot of workloads need dynamic libraries such as glibc. We need to make it load arbitrary executable format in memory and let host edge call into enclave using various entry points.

Affected submodules: riscv-linux, riscv-pk, keystone-runtime, keystone-sdk