aws / aws-nitro-enclaves-cli

Tooling for Nitro Enclave Management
Apache License 2.0
123 stars 80 forks source link

nitro-cli run-enclave should enforce the allocated memory has space to unpack the initramfs #196

Closed alexggh closed 3 years ago

alexggh commented 3 years ago

https://github.com/aws/aws-nitro-enclaves-cli/issues/188 https://github.com/aws/aws-nitro-enclaves-cli/issues/194

Seem to have the same root cause the allocated memory for the enclave is not enough for the kernel running inside the enclave to unpack the initramfs and user sees in the kernel logs:

Followed by:

The guideline to overcome this problem is to always have the enclave memory 4 times more than the size of Enclave image file(EIF).

The nitro-cli should enforce this rule and provide an intuitive error when this happens.

bercarug commented 3 years ago

Solved by https://github.com/aws/aws-nitro-enclaves-cli/pull/198