OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [virtio-comment] Re: [PATCH v2] content: Reserve virtio-nsm device ID

On Wed, Jun 10, 2020 at 04:17:25PM +0300, Eftime, Petre wrote:
> On 2020-05-27 12:07, Petre Eftime wrote:
> 
>     The NitroSecureModule is a device with a very stripped down
>     Trusted Platform Module functionality, which is used in the
>     context of a Nitro Enclave (see https://lkml.org/lkml/2020/4/21/1020)
>     to provide boot time measurement and attestation.
> 
>     Since this device provides some critical cryptographic operations,
>     there are a series of operations which are required to have guarantees
>     of atomicity, ordering and consistency: operations fully succeed or fully
>     fail, including when some external events might interfere in the
>     process: live migration, crashes, etc; any failure in the critical
>     section requires termination of the enclave it is attached to, so
>     the device needs to be as resilient as possible, simplicity is
>     strongly desired.
> 
>     To account for that, the device and driver are made to have very few
>     error cases in the critical path and the operations themselves can be
>     rolled back and retried if events happen outside the critical
>     area, while processing a request. The driver itself can be made very
>     simple and thus is easily portable.
> 
>     Since the requests can be handled directly in the virtio queue, serving
>     most requests requires no additional buffering or memory allocations
>     on the host side.
> 
>     Signed-off-by: Petre Eftime <epetre@amazon.com>
>     ---
>      content.tex | 2 ++
>      1 file changed, 2 insertions(+)
> 
>     diff --git a/content.tex b/content.tex
>     index 91735e3..66c8f2b 100644
>     --- a/content.tex
>     +++ b/content.tex
>     @@ -2801,6 +2801,8 @@ \chapter{Device Types}\label{sec:Device Types}
>      \hline
>      31         &   Video decoder device \\
>      \hline
>     +33         &   NitroSecureModule \\
>     +\hline
>      \end{tabular}
> 
>      Some of the devices above are unspecified by this document,
> 
> Hi all,
> 
> I've opened a corresponding issue on Github.
> 
> Fixes: https://github.com/oasis-tcs/virtio-spec/issues/81
> 
> Thank you,
> Petre Eftime


Looks like no one minds. Do you want the TC to vote on this?

> 
> Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar
> Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in
> Romania. Registration number J22/2621/2005.
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]