[svsm-devel] Questions about crypto support
Jörg Rödel
joro at 8bytes.org
Tue Sep 26 20:44:51 CEST 2023
Hi Dionna,
On Fri, Sep 22, 2023 at 09:57:52PM -0700, Dionna Amalie Glaze wrote:
> Is there a plan for dynamic linking support for shared libraries to be
> possible in SVSM? I would think everything is going to be statically
> linked, loaded as part of the boot image, and not even
> position-independent.
So yes, everything is part of the boot image, as it contains the archive
for the RamFS, with all module binaries in it. But from a conceptual
level we can support shared linking. The requirement came from the fact
that FIPS certification is done on binaries, not source code. So we like
to get to a situation where we can ship crypto support for all modules
in a single binary, be it a RPC based module or a shared library.
> I don't expect a full VFS system to make shared memory a thing to
> implement IPC.
Well, we are almost there already. The RamFS implementation builds on
reference-counted page allocations which allow easy sharing of pages.
And the upcoming VMM support also has the idea of shared mappings built
in.
> I would imagine that you would send messages to different modules by
> handing a buffer and a module identifier to CPL0 to go deliver to that
> module's mailbox and return success, mailbox full & try again later,
> or message too large.
I would appreciate something more clever than copying data around for
IPC. Since the SVSM is very modularized there will protentially be a lot
IPC and that should not be too big of a bottleneck. Doing IPC using
shared memory is certainly a good start thinking about this.
Regards,
Joerg
More information about the Svsm-devel
mailing list