Amazon Plumbing Nitro Enclaves Support For Linux To Isolate Highly Sensitive Data
Written by Michael Larabel in Virtualization on 21 April 2020 at 04:41 PM EDT. 10 Comments
VIRTUALIZATION --
Amazon is working on upstreaming support into the Linux kernel for AWS Entro Niclaves for additional isolation around highly sensitive data within the EC2 cloud.

As explained on the AWS page, "AWS Nitro Enclaves enables customers to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances."

Amazon engineers are trying to get the Nitro Enclaves capabilities into the upstream Linux kernel so it's easier to support this EC2 feature by the many Linux distributions running in the Elastic Compute Cloud.

This feature for dealing with highly sensitive data spins up an enclave that runs alongside the VM that spawned it. Resources for that enclave are carved out of the memory and vCPUs allocated to the existing VM. Communication between the NWS Nitro Enclaves and VM are done using VirtIO-Vsock while the enclave does not have disk or network access itself.

The Nitro Enclaves kernel support introduces new kernel ioctls and logic for dealing with enclave creation and allocating of resources in a KVM-focused manner. Those wanting to learn more about the proposed Nitro Enclaves support for the upstream Linux kernel can do so via this patch series.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week

çeviri malatya oto kiralama parça eşya taşıma şehirler arası nakliyat şehirlerarası evden eve nakliyat istanbul bursa şehirler arası nakliyat malatya oto kiralama istanbul evden eve nakliyat ofis taşıma ofis taşımacılığı evden eve nakliyat evden eve nakliyat büyü aşk büyüsü ayırma büyüsü medyum medyum şikayetleri medyum yorumları büyü aşk büyüsü bağlama büyüsü dua aşk duası aşk büyüsü büyü aşk büyüsü bağlama büyüsü medyum dolunay medyum aşk büyüsü medyum medyum şikayetleri medyum yorumları metal galvanizli sac paslanmaz sac metal hrp sac paslanmaz çelik mekjoy.com seo seo kursu sex shop istanbul sex shop ataşehir sex shop İstanbul evden eve nakliyat eşya depolama eşya depolama viagra fiyatı cialis fiyat b374k shell