Closed Unik-lif closed 9 months ago
Hi @Unik-lif, thanks for your interest on HyperEnclave.
so how does the SECS translated using query step in function
as_guest_paddr
Hypervisor translates the virtual address using the page table in untrusted part, and then gets the the target physical address.
Why this guest physical address will fall just in the range of EPC that we reserved beforehand? ... If so, how does it make sure the address of SECS is in the reserved part?
The secs_gpaddr
does not locate in the range of EPC, but the data pointed by secs_gpaddr
is copied to the memory area held by the secs
in the following expression:
let secs = *GuestPtr::gpaddr_to_ref(&secs_gpaddr, false)?;
The memory area pointed by the field secs
in struct Enclave
locates in the hypervisor's memory, which cannot be accessed by untrusted software. But it should mentioned that there is no EPC page holding the SECS information in HyperEnclave currently, which is different from that in Intel SGX.
Thank u 4 ur timely reply!
But it should mentioned that there is no EPC page holding the SECS information in HyperEnclave currently, which is different from that in Intel SGX.
This helps me a lot.
So can I simply conclude like that? Different from other EPC pages, the SECS is not maintained in EPC part we divided beforehand, it is wrapped and maintained in Rust-Monitor part.
Hello. I got some questions about the memory allocation step in Hyperenclave. Assume the user app triggers an ECREATE request, the hypervisor driver catches this request and handles it using function
he_cmd_encl_create
, after some initialization steps, this function calls hypercall HC_ENCL_CREATE, which will be sent to the rust-monitor, and here it comes the functionenclave_create
.As mentioned above, the
config
is the SECS, so how does the SECS translated using query step in functionas_guest_paddr
, and Why this guest physical address will fall just in the range of EPC that we reserved beforehand? (According to my understanding, since SECS is stored in one of EPC, the guest physical address will fail just in this range.)Besides, what confused me is that in the hypervisor-driver, we allocated the
he_enclave
, includingSECS
using kzalloc, it seems that the mappings between guest physical address and the guest virtual address are set up here. If so, how does it make sure the address of SECS is in the reserved part?I tried to figure it out, but I failed to do so. Any helps will be appreciated, thanks a lot.