[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [virtio-comment] [PATCH v2] content: Reserve virtio-nsm device ID
On Wed, May 27, 2020 at 12:07:07PM +0300, Petre Eftime wrote: > The NitroSecureModule is a device with a very stripped down > Trusted Platform Module functionality, which is used in the > context of a Nitro Enclave (see https://lkml.org/lkml/2020/4/21/1020) > to provide boot time measurement and attestation. > > Since this device provides some critical cryptographic operations, > there are a series of operations which are required to have guarantees > of atomicity, ordering and consistency: operations fully succeed or fully > fail, including when some external events might interfere in the > process: live migration, crashes, etc; any failure in the critical > section requires termination of the enclave it is attached to, so > the device needs to be as resilient as possible, simplicity is > strongly desired. > > To account for that, the device and driver are made to have very few > error cases in the critical path and the operations themselves can be > rolled back and retried if events happen outside the critical > area, while processing a request. The driver itself can be made very > simple and thus is easily portable. > > Since the requests can be handled directly in the virtio queue, serving > most requests requires no additional buffering or memory allocations > on the host side. > > Signed-off-by: Petre Eftime <epetre@amazon.com> > --- > content.tex | 2 ++ > 1 file changed, 2 insertions(+) Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]