6 min read
Alistair Kressel, Pierre Olivier
Unikraft running bare metal on the Morello prototype board. Despite being a prototype, ARM’s implementation of the CHERI ISA, Morello, is rapidly gaining traction in the research community due to the high potential for isolation and additional security it brings without sacrificing performance.
5 min read
EPC Page management is the key point of the SGX driver. It includes the following features: Add an EPC page Block an EPC page Load an EPC page as blocked/unblocked Remove a page from EPC Write back/invalidate an EPC page These functions depend on suitable data structures.
4 min read
The previous post briefly describes the concepts behind TEE, Intel SGX, and the ongoing work that implements Intel SGX support in Unikraft. In this post, we will take an in-depth investigation of how SGX supported is implemented in Linux, and what we need to implement in Unikraft to achieve the same object.
4 min read
Trusted execution environment (TEE), especially Intel SGX, is a popular and powerful tool to provide hardware-based isolation for highly sensitive code and data. Today’s commercial clouds (Microsoft Azure DCsv2, DCsv3/DCdsv3 series, IBM Cloud Bare Metal z15 series, and Alibaba Cloud Bare Metal Instance) more or less have provided their support to Intel SGX.