sgx.rst - OpenGrok cross reference for /Documentation/arch/x86/sgx.rst

Lines Matching +full:system +full:- +full:cache +full:- +full:controller
1 .. SPDX-License-Identifier: GPL-2.0
13 * Privileged (ring-0) ENCLS functions orchestrate the construction of the
15 * Unprivileged (ring-3) ENCLU functions allow an application to enter and
30 appears to be unsupported on a system which has hardware support, ensure
34 Enclave Page Cache
37 SGX utilizes an *Enclave Page Cache (EPC)* to store pages that are associated
38 with an enclave. It is contained in a BIOS-reserved region of physical memory.
49 ------------------
66 Enclave Page Cache Map
67 ----------------------
70 *Enclave Page Cache Map (EPCM)*.  The EPCM contains an entry for each EPC page
76 remain read-only.  EPCM permissions may only impose additional restrictions on
88 -----------------------
97 .. kernel-doc:: arch/x86/kernel/cpu/sgx/ioctl.c
104 --------------------------
113 .. kernel-doc:: arch/x86/kernel/cpu/sgx/ioctl.c
119 ------------
121 Entering an enclave can only be done through SGX-specific EENTER and ERESUME
122 functions, and is a non-trivial process.  Because of the complexity of
125 implementations are used by most applications to wrap system calls.
132 can leverage special exception fixup provided by the vDSO.  The kernel-provided
133 vDSO function wraps low-level transitions to/from the enclave like EENTER and
138 .. kernel-doc:: arch/x86/include/uapi/asm/sgx.h
147 ----------------
153 reinitializes all enclave pages so that they can be allocated and re-used.
161 --------------
164 overcommitment of enclave memory.  If the system runs out of enclave memory,
174 EINIT function takes an RSA-3072 signature of the enclave measurement.  The function
188 memory controller has an encryption engine to transparently encrypt and decrypt
192 encrypt pages leaving the CPU caches. MEE uses a n-ary Merkle tree with root in
194 anti-replay protection but does not scale to large memory sizes because the time
199 MEE. TME-based SGX implementations do not have an integrity Merkle tree, which
200 means integrity and replay-attacks are not mitigated.  B, it includes
211 --------------
216 the enclave through special SGX instructions. A run-time within the enclave is
221 ---------------------
224 configured with a library OS and run-time which permits the application to run.
225 The enclave run-time and library OS work together to execute the application
232 ---------
238 This is effectively a kernel use-after-free of an EPC page, and due