Split Stage0 into library and binary crates#3992
Split Stage0 into library and binary crates#3992conradgrobler merged 5 commits intoproject-oak:mainfrom
Conversation
| "oak_functions_app", | ||
| "oak_tensorflow_app", | ||
| "stage0", | ||
| "stage0_bin", |
There was a problem hiding this comment.
Should this be called stage0_amd?
There was a problem hiding this comment.
I thought about that as well. The TDX-specific one will only work on TDX with memory encryption. This version will work on AMD CPUs with or without memory encryption and Intel CPUs without memory encryption, so I went for more generic naming.
In future we might want to simplify the per-instance logic by a split between no-encryption and SEV, in which case we can use this for the no-encryption version and create a new SEV (+ ES + SNP) version.
|
artifact_name = "quirk_echo_enclave_app" |
|
artifact_name = "stage0_bin" |
|
artifact_name = "oak_restricted_kernel_bin" |
|
artifact_name = "oak_echo_enclave_app" |
|
artifact_name = "oak_echo_raw_enclave_app" |
|
artifact_name = "oak_restricted_kernel_simple_io_bin" |
|
artifact_name = "oak_functions_enclave_app" |
|
artifact_name = "oak_tensorflow_enclave_app" |
3 participants
This is the first step towards refactoring Stage0 so that we can build separate Stage0 binaries for AMD SEV-SNP and Intel TDX, since the linker scripts and assembly code will have to be different.
This follows the same pattern as the restricted kernel, where the main logic is in a library crate with a separate binary crate that contains only what is needed to build the binary.