search

aws / aws-nitro-enclaves-image-format

This library provides the definition of the enclave image format (EIF) file used in AWS Nitro Enclaves.
Apache License 2.0
11 stars 17 forks source link

README: Add EIF format specification #23

Closed foersleo closed 4 months ago

foersleo commented 5 months ago

Issue #, if available: #19

Description of changes:

README: Add EIF format specification

We have been lacking an detailed description of the EIF format for a
long time. Close that gap by providing some background on what goes into
an EIF and how it is used by the virtualization stack.

Final formatting can be reviewed in https://github.com/foersleo/aws-nitro-enclaves-image-format/tree/eif_specification

Testing done:

None other than proof reading. This is only touching documentation.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

foersleo commented 5 months ago

Rebase on top of latest main which includes https://github.com/aws/aws-nitro-enclaves-image-format/pull/24

GrosQuildu commented 4 months ago

Seems really great. Will take a deeper look in near future. Thanks!

dorjoy03 commented 4 months ago

Understood. Yeah would be nice to add these information. Thanks!

On Tue, Jun 18, 2024, 9:14 PM Leonard Foerster @.***> wrote:

@.**** commented on this pull request.

In README.md https://github.com/aws/aws-nitro-enclaves-image-format/pull/23#discussion_r1644640319 :

++-------------------------+ +| EifSectionHeader 0 | ++-------------------------+ +| Data Section 0 | ++-------------------------+ +| EifSectionHeader 1 | ++-------------------------+ +| Data Section 1 | ++-------------------------+

The answer to this one is a bit more complicated and I had to go back and do some validation and code reading to properly answer it.

The virtualization stack goes by the sections as specified in the EifHeader and will just ignore such gaps. In that regard the gaps are allowed. However, the EifReader ( https://github.com/aws/aws-nitro-enclaves-image-format/blob/main/src/utils/eif_reader.rs) used by nitro-cli does not go by the sections as described in the EifHeader and goes by the file without gaps interpreting everything as sections. This means the EifReader is stricter and will reject more files than the virtualization stack. This can lead to interesting behavior and I am planning to fix that mismatch through issue #25 https://github.com/aws/aws-nitro-enclaves-image-format/issues/25.

Long story short: Gaps should be allowed, but our tooling is not perfect at the moment. I will add some more info on that to the next iteration of the doc.

— Reply to this email directly, view it on GitHub https://github.com/aws/aws-nitro-enclaves-image-format/pull/23#discussion_r1644640319, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARJ7DUODIA2HR5DEBATFCRLZIBFHFAVCNFSM6AAAAABJH2KGQKVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDCMRVHAYTEMRZGM . You are receiving this because you commented.Message ID: @.***>