[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [virtio-comment] [PATCH 1/1] content: Reserve virtio-nsm device ID
On Thu, May 21, 2020 at 01:49:42PM +0300, Petre Eftime wrote: > The NitroSecureModule is a device with a very stripped down > Trusted Platform Module functionality, which is used in the > context of a Nitro Enclave (see https://lkml.org/lkml/2020/4/21/1020) > to provide boot time measurement and attestation. > > Since this device provides some critical cryptographic operations, > there are a series of operations which are required to have guarantees > of atomicity, ordering and consistency: operations fully succeed or fully > fail, including when some external events might interfere in the > process: live migration, crashes, etc; any failure in the critical > section requires termination of the enclave it is attached to, so > the device needs to be as resilient as possible, simplicity is > strongly desired. > > To account for that, the device and driver are made to have very few > error cases in the critical path and the operations themselves can be > rolled back and retried if events happen outside the critical > area, while processing a request. The driver itself can be made very > simple and thus is easily portable. > > Since the requests can be handled directly in the virtio queue, serving > most requests requires no additional buffering or memory allocations > on the host side. > > Signed-off-by: Petre Eftime <epetre@amazon.com> > --- > content.tex | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/content.tex b/content.tex > index 91735e3..6eee371 100644 > --- a/content.tex > +++ b/content.tex > @@ -2801,6 +2801,8 @@ \chapter{Device Types}\label{sec:Device Types} > \hline > 31 & Video decoder device \\ > \hline > +0xec2000 & NitroSecureModule \\ The PCI and CCW transports represent VIRTIO device type IDs with 16-bit fields. Is there a reason why the NitroSecureModule device should only work with VIRTIO transports that support >16-bit device type IDs? If not, then please pick the next low-numbered ID instead. Stefan
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]