search

enarx-archive / sallyport

API for the hypervisor-microkernel boundary
Apache License 2.0
7 stars 6 forks source link

[Feature]: SGX2 enarxcalls #147

Closed jarkkojs closed 2 years ago

jarkkojs commented 2 years ago

Is there an existing issue for this?

Description

  1. TrimSgxPages(addr, length)
  2. RemoveSgxPages(addr, length)
  3. ResetSgxPermissions(addr, length)

SEQUENCES

mprotect() guest handler:

  1. Update heap.
  2. ResetSgxPermissions()
  3. self.accept_mprotect()

munmap() guest handler:

  1. Update heap.
  2. TrimSgxPages()
  3. self.accept_munmap()
  4. RemoveSgxPages()

More information:

https://github.com/enarx/enarx/issues/1531

Acceptance Criteria

No response

Suggestions for a technical implementation

No response

jarkkojs commented 2 years ago

@rvolosatovs these will also need probably that fallible passthrough.

jarkkojs commented 2 years ago

Because there are so many, should the calls be prefixed with Sgx instead, and perhaps also existing ones?

rvolosatovs commented 2 years ago

Because there are so many, should the calls be prefixed with Sgx instead, and perhaps also existing ones?

I think it's fine as-is, but it probably does not matter much. What do we gain by using the prefix?

platten commented 2 years ago

To be scheduled for the 0.5 release.

jarkkojs commented 2 years ago

Because there are so many, should the calls be prefixed with Sgx instead, and perhaps also existing ones?

I think it's fine as-is, but it probably does not matter much. What do we gain by using the prefix?

Prefixes are a bit easier to grep from logs.