On 28/04/20 17:07, Alexander Graf wrote: > > Why don't we build something like the following instead? > > vm = ne_create(vcpus = 4) > ne_set_memory(vm, hva, len) > ne_load_image(vm, addr, len) > ne_start(vm) > > That way we would get the EIF loading into kernel space. "LOAD_IMAGE" > would only be available in the time window between set_memory and start. > It basically implements a memcpy(), but it would completely hide the > hidden semantics of where an EIF has to go, so future device versions > (or even other enclave implementers) could change the logic. Can we add a file format argument and flags to ne_load_image, to avoid having a v2 ioctl later? Also, would you consider a mode where ne_load_image is not invoked and the enclave starts in real mode at 0xffffff0? Thanks, Paolo
