Avalilação PREreview de Ringmaster: How to juggle high-throughput host OS system calls from TrustZone TEEs
- Publicado
- DOI
- 10.5281/zenodo.18730416
- Licença
- CC BY 4.0
I like the core idea here — using io_uring as a decoupled communication channel between a TrustZone enclave and an untrusted Linux is novel. The drone demo is makes the motivation concrete. That said, I have some concerns.
As you mention in the footnote - Pi 4B doesn't have a TZASC. Are there other TrustZone-capable boards with full bus security? Were they not available for this study? Can you mention the reasoning behind selecting the prototype hardware because my understanding is that nested page tables can be bypassed - See https://doi.org/10.1007/s11416-021-00413-y
Some operations are unavailable as of now (threads, fork etc.). Is it possible to have a table about what works and what is possible in future. On that same note - I followed the discussion on IORING_OP_CLONE/EXEC some time back and think there is some resistance doing it. https://lore.kernel.org/all/Z1iuQmXYNxmaAA6f@localhost/T/
Minor issue - Ringmaster's availability guarantee is real but little narrow - because the fallback is to be taken care of by the application.
Despite the concerns above, I want to emphasize that the core insight here is genuinely good. The observation that io_uring's lock-free, polling-based queues naturally decouple enclave execution from OS responsiveness is elegant.
Competing interests
The author declares that they have no competing interests.
Use of Artificial Intelligence (AI)
The author declares that they did not use generative AI to come up with new ideas for their review.