On Fri 2020-05-08 10:00:27, Paraschiv, Andra-Irina wrote: > > > On 07/05/2020 20:44, Pavel Machek wrote: > > > >Hi! > > > >>>it uses its own memory and CPUs + its virtio-vsock emulated device for > >>>communication with the primary VM. > >>> > >>>The memory and CPUs are carved out of the primary VM, they are dedicated > >>>for the enclave. The Nitro hypervisor running on the host ensures memory > >>>and CPU isolation between the primary VM and the enclave VM. > >>> > >>>These two components need to reflect the same state e.g. when the > >>>enclave abstraction process (1) is terminated, the enclave VM (2) is > >>>terminated as well. > >>> > >>>With regard to the communication channel, the primary VM has its own > >>>emulated virtio-vsock PCI device. The enclave VM has its own emulated > >>>virtio-vsock device as well. This channel is used, for example, to fetch > >>>data in the enclave and then process it. An application that sets up the > >>>vsock socket and connects or listens, depending on the use case, is then > >>>developed to use this channel; this happens on both ends - primary VM > >>>and enclave VM. > >>> > >>>Let me know if further clarifications are needed. > >>Thanks, this is all useful. However can you please clarify the > >>low-level details here? > >Is the virtual machine manager open-source? If so, I guess pointer for sources > >would be useful. > > Hi Pavel, > > Thanks for reaching out. > > The VMM that is used for the primary / parent VM is not open source. Do we want to merge code that opensource community can not test? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
