OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [virtio-comment] [PATCH 1/1] content: Reserve virtio-nsm device ID

On 2020-05-26 12:05, Stefan Hajnoczi wrote:
On Thu, May 21, 2020 at 01:49:42PM +0300, Petre Eftime wrote:
The NitroSecureModule is a device with a very stripped down
Trusted Platform Module functionality, which is used in the
context of a Nitro Enclave (see https://lkml.org/lkml/2020/4/21/1020)
to provide boot time measurement and attestation.

Since this device provides some critical cryptographic operations,
there are a series of operations which are required to have guarantees
of atomicity, ordering and consistency: operations fully succeed or fully
fail, including when some external events might interfere in the
process: live migration, crashes, etc; any failure in the critical
section requires termination of the enclave it is attached to, so
the device needs to be as resilient as possible, simplicity is
strongly desired.

To account for that, the device and driver are made to have very few
error cases in the critical path and the operations themselves can be
rolled back and retried if events happen outside the critical
area, while processing a request. The driver itself can be made very
simple and thus is easily portable.

Since the requests can be handled directly in the virtio queue, serving
most requests requires no additional buffering or memory allocations
on the host side.

Signed-off-by: Petre Eftime <epetre@amazon.com>
  content.tex | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/content.tex b/content.tex
index 91735e3..6eee371 100644
--- a/content.tex
+++ b/content.tex
@@ -2801,6 +2801,8 @@ \chapter{Device Types}\label{sec:Device Types}
  31         &   Video decoder device \\
+0xec2000   &   NitroSecureModule \\
The PCI and CCW transports represent VIRTIO device type IDs with 16-bit
fields. Is there a reason why the NitroSecureModule device should only
work with VIRTIO transports that support >16-bit device type IDs?

If not, then please pick the next low-numbered ID instead.


I saw that there's already a vote open for device ID 32, so I went with 33 instead. I was under the impression that virtio device IDs are always 32bit, based on the data types used in Linux to express them.


Petre Eftime

Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]