Re: [PATCH v1 00/15] Add support for Nitro Enclaves

[Paraschiv, Andra-Irina]

On 27/04/2020 12:46, Paolo Bonzini wrote:
> On 27/04/20 11:22, Paraschiv, Andra-Irina wrote:
> > > 1) having the kernel and initrd loaded by the parent VM in enclave
> > > memory has the advantage that you save memory outside the enclave memory
> > > for something that is only needed inside the enclave
> > Here you wanted to say disadvantage? :)Wrt saving memory, it's about
> > additional memory from the parent / primary VM needed for handling the
> > enclave image sections (such as the kernel, ramdisk) and setting the EIF
> > at a certain offset in enclave memory?
> No, it's an advantage.  If the parent VM can load everything in enclave
> memory, it can read() into it directly.  It doesn't to waste its own
> memory for a kernel and initrd, whose only reason to exist is to be
> copied into enclave memory.

Ok, got it, saving was referring to actually not using additional memory.

Thank you for clarification.

Andra




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.