Conversation

Jarkko Sakkinen

This is the gist how you would go on implementing TPM emulator, or vTPM inside confidential computing (SGX, SNP, TDX) enclave:

#linux #kernel #rust #tpm
1
2
1

Jarkko Sakkinen

Edited 7 days ago
Since GlobalAlloc is not required from the get go it's easy to get from nothing to something with enclaves as stack will do (and obviously data and rodata are cool too, they don't require alloc).

It also means that one can be light on run-time if wanted and compile-time decided memory pool is good enough (placed in .data). This relaxes the SDK requirements quite a lot as with enclaves (for any technology) allocating new pages from untrusted host is super complex and involved process. Static memory size generally tends to also improve both security, privacy and availability properties of ANY piece of software.
0
0
0