OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [virtio-comment] [PATCH v2] content: Reserve virtio-nsm device ID

On Wed, May 27, 2020 at 12:07:07PM +0300, Petre Eftime wrote:
> The NitroSecureModule is a device with a very stripped down
> Trusted Platform Module functionality, which is used in the
> context of a Nitro Enclave (see https://lkml.org/lkml/2020/4/21/1020)
> to provide boot time measurement and attestation.
> Since this device provides some critical cryptographic operations,
> there are a series of operations which are required to have guarantees
> of atomicity, ordering and consistency: operations fully succeed or fully
> fail, including when some external events might interfere in the
> process: live migration, crashes, etc; any failure in the critical
> section requires termination of the enclave it is attached to, so
> the device needs to be as resilient as possible, simplicity is
> strongly desired.
> To account for that, the device and driver are made to have very few
> error cases in the critical path and the operations themselves can be
> rolled back and retried if events happen outside the critical
> area, while processing a request. The driver itself can be made very
> simple and thus is easily portable.
> Since the requests can be handled directly in the virtio queue, serving
> most requests requires no additional buffering or memory allocations
> on the host side.
> Signed-off-by: Petre Eftime <epetre@amazon.com>
> ---
>  content.tex | 2 ++
>  1 file changed, 2 insertions(+)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

Attachment: signature.asc
Description: PGP signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]