Lines Matching +full:runs +full:- +full:on

1 .. SPDX-License-Identifier: GPL-2.0
14 For example, an application that processes sensitive data and runs in a VM,
16 application then runs in a separate VM than the primary VM, namely an enclave.
18 An enclave runs alongside the VM that spawned it. This setup matches low latency
26 1. An enclave abstraction process - a user space process running in the primary
35 translated into  actions taken on the hypervisor side; that's the Nitro
36 hypervisor running on the host where the primary VM is running. The Nitro
37 hypervisor is based on core KVM technology.
39 2. The enclave itself - a VM running on the same host as the primary VM that
49 An enclave runs on dedicated cores. CPU 0 and its CPU siblings need to remain
55 using virtio-vsock [5]. The primary VM has virtio-pci vsock emulated device,
56 while the enclave VM has a virtio-mmio vsock emulated device. The vsock device
57 uses eventfd for signaling. The enclave VM sees the usual interfaces - local
58 APIC and IOAPIC - to get interrupts from virtio-vsock device. The virtio-mmio
61 The application that runs in the enclave needs to be packaged in an enclave
81 predefined port - 9000 - to send a heartbeat value - 0xb7. This mechanism is
90 [1] https://aws.amazon.com/ec2/nitro/nitro-enclaves/
91 [2] https://www.kernel.org/doc/html/latest/admin-guide/mm/hugetlbpage.html
93 [4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
94 [5] https://man7.org/linux/man-pages/man7/vsock.7.html