enarx-archive / enarx-keepldr Goto Github PK
View Code? Open in Web Editor NEWEnarx Keep Loader
License: Apache License 2.0
enarx-keepldr's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
haraldh lkatalin mikecamel mbestavros greyspectrum matt-ross16 ambaxter frumioj xiaonan-intc cysec-sa ellenhp isgasho ant-nest gsanaer wgwoods rvolosatovsenarx-keepldr's Issues
Add CBOR mode to remote SEV attestation payloads
Depends on ciborium
My upcoming remote attestation PR supports binary blobs for convenience, but the enarx-keepldr will also support CBOR representations of payloads.
Furthermore, officially speaking, the enarx-keepldr will always encode its messages and its payloads in CBOR.
Don't require `SEV_CHAIN` for the `sev` backend
I think we should make the backends behave as similarly as possible. This means we should at least have a default for the SEV_CHAIN so that callers of enarx-keepldr don't have to special case on the backend where necessary.
Add enarx/bot status badge to README
As mentioned in enarx-archive/bot#50, implementing a status badge for the bot within the README
Require implementation of syscalls 213, 291 (epoll_create & epoll_create1)
Required to create a listening socket in a Keep.
Dec 15 16:40:55 raption enarx-keepldr[142419]: init_gdt
Dec 15 16:40:55 raption enarx-keepldr[142419]: mmap(0x0, 0x890, 0x3, 0x22, 0xffffffffffffffff, 0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> mmap(0, 2192, …) = 0x00007f2f2c0ae000
Dec 15 16:40:55 raption enarx-keepldr[142419]: arch_prctl(0x1002, 0x7f2f2c0ae7a0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> arch_prctl(ARCH_SET_FS, 0x7f2f2c0ae7a0) = 0
Dec 15 16:40:55 raption enarx-keepldr[142419]: set_tid_address(0x7f2f2c0ad0a0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: poll(0x7ff0b7177d00, 0x3, 0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xd, 0x7ff0b7177b40, 0x7ff0b7177b60, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xb, 0x0, 0x7ff0b7177ca0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x1, 0x7ff0b7177ca0, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xb, 0x7ff0b7177c80, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0x7, 0x0, 0x7ff0b7177ca0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0x7, 0x7ff0b7177c80, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: sigaltstack(0x0, 0x7ff0b7177cc0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: brk(0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> brk(0x0000000000000000) = 0x555522f4f000
Dec 15 16:40:55 raption enarx-keepldr[142419]: brk(0x555522f50000)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> brk(0x0000555522f50000) = 0x555522f50000
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x0, 0x7f2f2bbafac0, 0x7ff0b7177b00, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x2, 0x7ff0b7177b00, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 2
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 204
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 204
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 291
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 213
Write a test for the getatt() pseudo-syscall
This pseudo-syscall getatt() is from code layer to the shim layer for multiple technologies (see #31 ). At first, the test should pass if the return value is ENOSYS (because this syscall is not yet implemented). A return value of 0 when the backend is SGX will also allow the test to pass.
Replace 'serde_cbor' with 'ciborium' for AMD remote attestation
Implement geteuid, getgid, and getegid syscall test
Execution issue for the geteuid, getgid, and getegid portion of #9
Fix the sallyport block size
As a stopgap measure for hosting the wasmldr, we ended up increasing the size of the sallyport block by a large amount. This change must be effectively reverted immediately and implemented properly.
This PR merged the change: #22
Implement stub for getatt() pseudo-syscall (code => shim) in SGX
When successful, the technology ID output buffer should return 2 for SGX as described in #31 .
Use the `volatile` crate for `Cursor::alloc`
To prevent potential compiler optimizations after a host context switch, reading from and writing to the sallyport block should be declared volatile.
https://github.com/rust-osdev/volatile
volatile's copy_from_slice() and copy_into_slice() currently rely on the currently unstable intrinsics::volatile_copy_nonoverlapping_memory though.
With 1.47 VolatileArray and VolatileSlice might be possible according to rust-osdev/volatile#8
Edit: 1.47 only allowed const array generics in std ... it's still not accessible for stable.
Add internal crate for holding Enarx extensions to the syscall ABI
To avoid the pandemonium of having each shim track things like constants chosen for Enarx-only syscalls numbers.
Set the process name from the existing process in the nil backend
The nil backend does an exec() using the new binary. This currently replaces the process name with the new binary name. However, this is not how any of the other backends behave. I think the right behavior is to match the behavior of the other backends.
Compute Quote size in SGX attestation
There is a proto request called Response_GetQuoteSizeExResponse with a method called get_quote_size() that may help.
Implement logic for sgxatt() pseudo-syscall in SGX
This syscall will:
- Call out to the host to retrieve a QE TargetInfo
- Call EREPORT with the TargetInfo and a nonce as parameters to obtain the enclave's Report
- Call out to the host to retrieve a Quote based on the Report
Also:
-
Logic should be included to build a suitable .proto file
-
When called with NULL input, the host should interpret this as an
initQuoteRequestto the AESM daemon and should pass the resulting QE TargetInfo back to the shim. -
When called with a Report as input, the host should interpret this as a
getQuoteRequestto the AESM daemon and should pass the resulting Quote back to the shim.
shim-sgx: simulated syscalls clobber `rdx`
Because rdx is not specified as a clobber or return register for the musl libc syscall macro, the original contents of rdx has to be returned in Handler instead of sallyport::Result::default().
So instead of:
Ok([FAKE_UID.into(), 0.into()]) it will have to be Ok([FAKE_UID.into(), self.aex.gpr.rdx.into()])
or instead of:
Ok(Default::default()) it will have to be Ok([0.into(), self.aex.gpr.rdx.into()])
Update Sallyport syscall test to be more widely applicable
This unit test currently expects certain fd's to not be in use, as it hard codes expected fd values. Consequently, the test fails in the SGX case when a connection is made to the Unix socket for the AESM daemon. A temporary fix is to not run this test for SGX, but there must be better ways.
Improve SEV certificate chain usage ergonomics
Per this comment.
Suggested alternative: common search paths for the chain
CBOR-encode SGX attestation values
Probably just the Quote.
Document memlock rlimit requirement for SEV-capable hosts
The default maximum number of pinnable pages is 16 (at least it was on our Fedora box). A system administrator must configure this setting to be larger on a host where enarx-keepldr will be used with the SEV backend.
We configured ours with an entry under /etc/security/limits.d/:
/etc/security/limits.d/sev.conf:
* - memlock 8388608$ man limits.confImplement stub for sgxatt() pseudo-syscall in SGX (shim => host)
The sgxatt() pseudo-syscall is the SGX-specific version of getatt() with the same syscall number (0xEA01) from the shim to the host layer. It should at first return a synthetic Quote of the proper length.
Implement close() syscall for SEV shim.
Implement close syscall test
Execution issue for the close portion of #9
Investigate deprecation warnings in Actions test workflows
Our Actions test workflows seem to be producing warnings about deprecated functions. We should figure out what's going wrong and if we can fix it, or if this is an issue with Github.
Implement stub for getatt() pseudo-syscall (code => shim) in SEV
When successful, the technology ID output buffer should return 1 for SEV as described in #31 .
Add integration tests for syscalls
The following syscalls need integration tests:
- pipe
- fcntl with F_GETFD, F_SETFD, F_GETFL, F_SETFL
- ioctl with FIONBIO
- getsockname
- sendto
- setsockopt
- epoll_create1
- epoll_ctl
- epoll_wait
- getpid
Update `kvm` backend to use the `mod.rs` format
Currently, the kvm backend uses ${modname}.rs instead of mod.rs for its module files. This should be updated to match the rest of our crates.
cc @connorkuehl
SEV shim should define/advertise where it wants private key ciphertext placed
Per the behavior specified in https://github.com/enarx/enarx-keepldr/issues/31
The Loader gets a private key (encrypted with the attestation) from the tenant and places the encrypted bytes
at the address given by the shim.
Add test to ensure shim-*/Cargo.lock is up2date
Although, this may require rebases just for satisfy this test, if an old PR wants to be merged.
Design a remote attestation protocol for the SEV backend
SEV backend reports different measurements across repeated invocations with same binaries
$ ENARX_BACKEND=sev ./target/debug/enarx-keepldr report $WASMLDR
{ "backend": "sev", "sha256": [136, 239, 163, 55, 213, 146, 79, 160, 137, 181, 165, 140, 132, 105, 224, 21, 181, 235, 88, 69, 118, 155, 74, 149, 184, 234, 5, 83, 75, 99, 201, 226] }
$ ENARX_BACKEND=sev ./target/debug/enarx-keepldr report $WASMLDR
{ "backend": "sev", "sha256": [240, 172, 207, 232, 1, 64, 242, 35, 41, 2, 168, 42, 20, 157, 13, 14, 228, 117, 72, 66, 24, 26, 2, 132, 190, 43, 216, 45, 177, 59, 156, 33] }
$ ENARX_BACKEND=sev ./target/debug/enarx-keepldr report $WASMLDR
{ "backend": "sev", "sha256": [200, 104, 166, 168, 202, 206, 159, 247, 146, 233, 187, 22, 54, 141, 225, 0, 244, 38, 59, 85, 117, 62, 49, 201, 62, 94, 206, 49, 188, 99, 3, 242] }SECURITY: Secure the epoll syscalls
epoll_ctl is leaking internal TEE data to the outside while proxying the syscall.
To fix this, clear the provided data in epoll_ctl while proxying and fill in the correct data in epoll_wait.
This needs book keeping of opened and closed epoll fds as well as the events registered to it.
Fix SGX bug with get_att unit tests
They were failing.
shim-sev: Implement munmap and deallocate pages
The allocator needs deallocate/free for munmap to be useful. Better free the memory, if we don't want to run out of it.
Require implementation of syscall 2 (sys_open)
Required to allow listening socket within a Keep.
Dec 15 16:40:55 raption enarx-keepldr[142419]: init_gdt
Dec 15 16:40:55 raption enarx-keepldr[142419]: mmap(0x0, 0x890, 0x3, 0x22, 0xffffffffffffffff, 0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> mmap(0, 2192, …) = 0x00007f2f2c0ae000
Dec 15 16:40:55 raption enarx-keepldr[142419]: arch_prctl(0x1002, 0x7f2f2c0ae7a0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> arch_prctl(ARCH_SET_FS, 0x7f2f2c0ae7a0) = 0
Dec 15 16:40:55 raption enarx-keepldr[142419]: set_tid_address(0x7f2f2c0ad0a0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: poll(0x7ff0b7177d00, 0x3, 0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xd, 0x7ff0b7177b40, 0x7ff0b7177b60, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xb, 0x0, 0x7ff0b7177ca0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x1, 0x7ff0b7177ca0, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xb, 0x7ff0b7177c80, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0x7, 0x0, 0x7ff0b7177ca0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0x7, 0x7ff0b7177c80, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: sigaltstack(0x0, 0x7ff0b7177cc0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: brk(0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> brk(0x0000000000000000) = 0x555522f4f000
Dec 15 16:40:55 raption enarx-keepldr[142419]: brk(0x555522f50000)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> brk(0x0000555522f50000) = 0x555522f50000
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x0, 0x7f2f2bbafac0, 0x7ff0b7177b00, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x2, 0x7ff0b7177b00, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 2
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 204
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 204
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 291
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 213
Require implementation of syscall 204 (sched_getaffinity)
Required to create listening socket in a Keep.
Dec 15 16:40:55 raption enarx-keepldr[142419]: init_gdt
Dec 15 16:40:55 raption enarx-keepldr[142419]: mmap(0x0, 0x890, 0x3, 0x22, 0xffffffffffffffff, 0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> mmap(0, 2192, …) = 0x00007f2f2c0ae000
Dec 15 16:40:55 raption enarx-keepldr[142419]: arch_prctl(0x1002, 0x7f2f2c0ae7a0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> arch_prctl(ARCH_SET_FS, 0x7f2f2c0ae7a0) = 0
Dec 15 16:40:55 raption enarx-keepldr[142419]: set_tid_address(0x7f2f2c0ad0a0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: poll(0x7ff0b7177d00, 0x3, 0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xd, 0x7ff0b7177b40, 0x7ff0b7177b60, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xb, 0x0, 0x7ff0b7177ca0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x1, 0x7ff0b7177ca0, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0xb, 0x7ff0b7177c80, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0x7, 0x0, 0x7ff0b7177ca0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigaction(0x7, 0x7ff0b7177c80, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: sigaltstack(0x0, 0x7ff0b7177cc0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: brk(0x0)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> brk(0x0000000000000000) = 0x555522f4f000
Dec 15 16:40:55 raption enarx-keepldr[142419]: brk(0x555522f50000)
Dec 15 16:40:55 raption enarx-keepldr[142419]: SC> brk(0x0000555522f50000) = 0x555522f50000
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x0, 0x7f2f2bbafac0, 0x7ff0b7177b00, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: rt_sigprocmask(0x2, 0x7ff0b7177b00, 0x0, 0x8)
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 2
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 204
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 204
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 291
Dec 15 16:40:55 raption enarx-keepldr[142419]: unsupported syscall: 213
Update README to better reflect minimum gcc version
According to #102 , a minimum of gcc-9 with the backported mtune=znver2 switch for musl-gcc is required on the system in order to run this code. It may be a good idea to include this in the README.
Implement getuid syscall test
Execution issue for the getuid portion of https://github.com/enarx/enarx-keepldr/issues/9
Implement networking syscalls for SGX
This is at least sys_socket. See #9 for the full list. This issue is separate from the meta issue, as it is specifically to unblock enarx/enarx#824.
Enable Dependabot
While we have Dependabot enabled, it is not configured, so it's not doing anything for us. We should add a configuration file to allow it to do its thing.
Return SGX key length to code layer
Currently this is handed internally during get_attestation().
Gate backends behind cargo features
Don't require setting `SEV_CHAIN` for the `sev` backend
I think we should make the backends behave as similarly as possible. This means we should at least have a default for the SEV_CHAIN so that callers of enarx-keepldr don't have to special case on the backend where necessary.
vdso failed to compile when building enarx-keepldr
HW: NUC7JY
SW: Fedora 32
Patch: https://download.copr.fedorainfracloud.org/results/npmccallum/enarx/fedora-32-x86_64/01632008-kernel/
Following https://github.com/enarx/enarx-keepldr
When $cargo +nightly build, error occurred as below:
warning: spurious network error (2 tries remaining): [28] Timeout was reached (failed to download any data for x86_64 v0.11.5 within 30s)
warning: spurious network error (1 tries remaining): [28] Timeout was reached (failed to download any data for x86_64 v0.11.5 within 30s)
error: failed to download from https://crates.io/api/v1/crates/x86_64/0.11.5/download
Caused by:
[28] Timeout was reached (failed to download any data for x86_64 v0.11.5 within 30s)
error: failed to run custom build command for enarx-keepldr v0.1.0 (/home/sgx/enarx-keepldr)
Caused by:
process didn't exit successfully: /home/sgx/enarx-keepldr/target/debug/build/enarx-keepldr-0f502a033f9ca075/build-script-build (exit code: 1)
--- stdout
cargo:rerun-if-env-changed=OUT_DIR
cargo:rerun-if-env-changed=PROFILE
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
OPT_LEVEL = Some("0")
TARGET = Some("x86_64-unknown-linux-gnu")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
Info: default compiler flags are disabled
cargo:rerun-if-changed=internal/shim-sev/Cargo.tml
cargo:rerun-if-changed=internal/shim-sev/Cargo.toml
cargo:rerun-if-changed=internal/shim-sev/Cargo.lock
cargo:rerun-if-changed=internal/shim-sev/link.json
cargo:rerun-if-changed=internal/shim-sev/.cargo/config
cargo:rerun-if-changed=internal/shim-sev/build.rs
cargo:rerun-if-changed=internal/shim-sev/src/payload.rs
cargo:rerun-if-changed=internal/shim-sev/src/addr.rs
cargo:rerun-if-changed=internal/shim-sev/src/asm.rs
cargo:rerun-if-changed=internal/shim-sev/src/main.rs
cargo:rerun-if-changed=internal/shim-sev/src/no_std.rs
cargo:rerun-if-changed=internal/shim-sev/src/paging.rs
cargo:rerun-if-changed=internal/shim-sev/src/hostlib.rs
cargo:rerun-if-changed=internal/shim-sev/src/syscall.rs
cargo:rerun-if-changed=internal/shim-sev/src/hostcall.rs
cargo:rerun-if-changed=internal/shim-sev/src/gdt.rs
cargo:rerun-if-changed=internal/shim-sev/src/usermode.rs
cargo:rerun-if-changed=internal/shim-sev/src/start.S
cargo:rerun-if-changed=internal/shim-sev/src/random.rs
cargo:rerun-if-changed=internal/shim-sev/src/frame_allocator.rs
cargo:rerun-if-changed=internal/shim-sev/src/shim_stack.rs
cargo:rerun-if-changed=internal/shim-sev/src/print.rs
--- stderr
Failed to build shim internal/shim-sev
shim-sev: use multiple blocks for host <-> shim communication
When multi-threading is implemented multiple buffers need to be
available for concurrent syscalls.
SEV: Pin ballooned pages if necessary
The guest kernel might yield to the VMM for memory ballooning and if it does, those pages may need to be pinned since the page frame is significant for SEV encryption operations.
Implement uname() syscall test
Execution issue for the uname() portion of #9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.