Keystone device driver relies on Linux buddy allocation system, which can fail when a large memory size (> 2MB)is requested.
CMA allocator reserves kernel memory at boot, and can reliably allocate large-sized contiguous memory.
Current enclave only supports running a statically compiled single binary, which should run once at a time
However, this is not a good workload model, since a lot of workloads need dynamic libraries such as glibc.
We need to make it load arbitrary executable format in memory and let host edge call into enclave using various entry points.