OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [virtio-comment] Re: [PATCH v2] content: Reserve virtio-nsm device ID

On Mon, Aug 10, 2020 at 04:06:26PM +0200, Alexander Graf wrote:
> 
> 
> On 21.07.20 13:23, Eftime, Petre wrote:
> > On 2020-07-20 20:10, Michael S. Tsirkin wrote:
> > > On Wed, Jun 10, 2020 at 04:17:25PM +0300, Eftime, Petre wrote:
> > > > On 2020-05-27 12:07, Petre Eftime wrote:
> > > > 
> > > >      The NitroSecureModule is a device with a very stripped down
> > > >      Trusted Platform Module functionality, which is used in the
> > > >      context of a Nitro Enclave (see
> > > > https://lkml.org/lkml/2020/4/21/1020)
> > > >      to provide boot time measurement and attestation.
> > > > 
> > > >      Since this device provides some critical cryptographic operations,
> > > >      there are a series of operations which are required to have
> > > > guarantees
> > > >      of atomicity, ordering and consistency: operations fully
> > > > succeed or fully
> > > >      fail, including when some external events might interfere in the
> > > >      process: live migration, crashes, etc; any failure in the critical
> > > >      section requires termination of the enclave it is attached to, so
> > > >      the device needs to be as resilient as possible, simplicity is
> > > >      strongly desired.
> > > > 
> > > >      To account for that, the device and driver are made to have
> > > > very few
> > > >      error cases in the critical path and the operations
> > > > themselves can be
> > > >      rolled back and retried if events happen outside the critical
> > > >      area, while processing a request. The driver itself can be
> > > > made very
> > > >      simple and thus is easily portable.
> > > > 
> > > >      Since the requests can be handled directly in the virtio
> > > > queue, serving
> > > >      most requests requires no additional buffering or memory
> > > > allocations
> > > >      on the host side.
> > > > 
> > > >      Signed-off-by: Petre Eftime <epetre@amazon.com>
> > > >      ---
> > > >       content.tex | 2 ++
> > > >       1 file changed, 2 insertions(+)
> > > > 
> > > >      diff --git a/content.tex b/content.tex
> > > >      index 91735e3..66c8f2b 100644
> > > >      --- a/content.tex
> > > >      +++ b/content.tex
> > > >      @@ -2801,6 +2801,8 @@ \chapter{Device
> > > > Types}\label{sec:Device Types}
> > > >       \hline
> > > >       31         &   Video decoder device \\
> > > >       \hline
> > > >      +33         &   NitroSecureModule \\
> > > >      +\hline
> > > >       \end{tabular}
> > > > 
> > > >       Some of the devices above are unspecified by this document,
> > > > 
> > > > Hi all,
> > > > 
> > > > I've opened a corresponding issue on Github.
> > > > 
> > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/81
> > > > 
> > > > Thank you,
> > > > Petre Eftime
> > > 
> > > Looks like no one minds. Do you want the TC to vote on this?
> > > 
> > Yes, would help us get started towards upstreaming the Linux driver for
> > this.
> 
> So what is the next step to get the vote happening? :)
> 
> 
> Alex
> 

Missed the answer, sorry.  Started vote now.

> 
> Amazon Development Center Germany GmbH
> Krausenstr. 38
> 10117 Berlin
> Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
> Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
> Sitz: Berlin
> Ust-ID: DE 289 237 879
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]