1 .. SPDX-License-Identifier: GPL-2.0
2
3 ==============
4 Nitro Enclaves
5 ==============
6
7 Overview
8 ========
9
10 Nitro Enclaves (NE) is a new Amazon Elastic Co
11 that allows customers to carve out isolated co
12 instances [1].
13
14 For example, an application that processes sen
15 can be separated from other applications runni
16 application then runs in a separate VM than th
17 It runs alongside the VM that spawned it. This
18 applications needs.
19
20 The current supported architectures for the NE
21 upstream Linux kernel, are x86 and ARM64.
22
23 The resources that are allocated for the encla
24 carved out of the primary VM. Each enclave is
25 primary VM, that communicates with the NE kern
26
27 In this sense, there are two components:
28
29 1. An enclave abstraction process - a user spa
30 VM guest that uses the provided ioctl interfac
31 enclave VM (that's 2 below).
32
33 There is a NE emulated PCI device exposed to t
34 new PCI device is included in the NE driver.
35
36 The ioctl logic is mapped to PCI device comman
37 maps to an enclave start PCI command. The PCI
38 translated into actions taken on the hypervis
39 hypervisor running on the host where the prima
40 hypervisor is based on core KVM technology.
41
42 2. The enclave itself - a VM running on the sa
43 spawned it. Memory and CPUs are carved out of
44 for the enclave VM. An enclave does not have p
45
46 The memory regions carved out of the primary V
47 be aligned 2 MiB / 1 GiB physically contiguous
48 this size e.g. 8 MiB). The memory can be alloc
49 user space [2][3][7]. The memory size for an e
50 64 MiB. The enclave memory and CPUs need to be
51
52 An enclave runs on dedicated cores. CPU 0 and
53 available for the primary VM. A CPU pool has t
54 user with admin capability. See the cpu list s
55 documentation [4] for how a CPU pool format lo
56
57 An enclave communicates with the primary VM vi
58 using virtio-vsock [5]. The primary VM has vir
59 while the enclave VM has a virtio-mmio vsock e
60 uses eventfd for signaling. The enclave VM see
61 APIC and IOAPIC - to get interrupts from virti
62 device is placed in memory below the typical 4
63
64 The application that runs in the enclave needs
65 image together with the OS ( e.g. kernel, ramd
66 enclave VM. The enclave VM has its own kernel
67 boot protocol [6][8].
68
69 The kernel bzImage, the kernel command line, t
70 Enclave Image Format (EIF); plus an EIF header
71 number, eif version, image size and CRC.
72
73 Hash values are computed for the entire enclav
74 ramdisk(s). That's used, for example, to check
75 loaded in the enclave VM is the one that was i
76
77 These crypto measurements are included in a si
78 generated by the Nitro Hypervisor and further
79 enclave; KMS is an example of service that NE
80 the attestation doc.
81
82 The enclave image (EIF) is loaded in the encla
83 init process in the enclave connects to the vs
84 predefined port - 9000 - to send a heartbeat v
85 used to check in the primary VM that the encla
86 primary VM is 3.
87
88 If the enclave VM crashes or gracefully exits,
89 the NE driver. This event is sent further to t
90 running in the primary VM via a poll notificat
91 enclave process can exit.
92
93 [1] https://aws.amazon.com/ec2/nitro/nitro-enc
94 [2] https://www.kernel.org/doc/html/latest/adm
95 [3] https://lwn.net/Articles/807108/
96 [4] https://www.kernel.org/doc/html/latest/adm
97 [5] https://man7.org/linux/man-pages/man7/vsoc
98 [6] https://www.kernel.org/doc/html/latest/x86
99 [7] https://www.kernel.org/doc/html/latest/arm
100 [8] https://www.kernel.org/doc/html/latest/arm
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.