-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend to confidential computing #291
Comments
I'm happy to provide the code but I need help proposing API that would work for vm-memory. @bonzini my hovering here was related to this earlier this week. I just did not know exactly even which Rust crate I was looking for... I think this is the right one. |
One super basic question that I had no time look at and not sure if I fully understand what it is and how I should take into account: what is this Bitmap? |
One additional but relevant motivational factor for vm-memory to be aligned with this work: a confidential wasm run-time is a complex project but still factors simpler than a full-fledged VMM. So I think for vm-memory Enarx would be an excellent test workload. |
Hi @jarkkojs, |
OK, I'll look into this next week, thank you, and provide more details. |
I think I found a working pattern. For anonymous:
And for device files [In actual code enclave/guest would get first large RW mapping which is then sliced with MAP_FIXED mappings.] |
Motivation for this is written down here:
enarx/enarx#2580
Mappings identified from Enarx sources:
MAP_FIXED
and arbitrary permissions (SGX).These are required to host KVM, SGX and SEV-SNP. In our case the system booting is not necessarily under SNP sealing (not restriction but requires "2nd SNP gen" ENYX obviously for nested operation). Enarx initializes SNP VM per WASM payload.
So I'm looking for advice what would be best way to refine the existing API's in this project. I could write the patches then to realize those changes.
The text was updated successfully, but these errors were encountered: