in src/enclave_proc/resource_manager.rs [473:547]
fn new(
enclave_cid: Option<u64>,
memory_mib: u64,
cpu_config: EnclaveCpuConfig,
eif_file: File,
debug_mode: bool,
) -> NitroCliResult<Self> {
let requested_mem = memory_mib << 20;
let eif_size = eif_file
.metadata()
.map_err(|e| {
new_nitro_cli_failure!(
&format!("Failed to get enclave image file metadata: {:?}", e),
NitroCliErrorEnum::FileOperationFailure
)
})?
.len();
if ENCLAVE_MEMORY_EIF_SIZE_RATIO * eif_size > requested_mem {
return Err(new_nitro_cli_failure!(
&format!(
"At least {} MB must be allocated (which is {} times the EIF file size)",
ceil_div(ceil_div(eif_size, 1024), 1024) * ENCLAVE_MEMORY_EIF_SIZE_RATIO,
ENCLAVE_MEMORY_EIF_SIZE_RATIO
),
NitroCliErrorEnum::InsufficientMemoryRequested
)
.add_info(vec![
"memory",
&memory_mib.to_string(),
&(ceil_div(ceil_div(eif_size, 1024), 1024) * ENCLAVE_MEMORY_EIF_SIZE_RATIO)
.to_string(),
]));
}
// Open the device file.
let dev_file = OpenOptions::new()
.read(true)
.write(true)
.open(NE_DEV_FILEPATH)
.map_err(|e| {
new_nitro_cli_failure!(
&format!("Failed to open device file: {:?}", e),
NitroCliErrorEnum::FileOperationFailure
)
.add_info(vec![NE_DEV_FILEPATH, "Open"])
})?;
let mut slot_uid: u64 = 0;
let enc_fd = EnclaveHandle::do_ioctl(dev_file.as_raw_fd(), NE_CREATE_VM, &mut slot_uid)
.map_err(|e| e.add_subaction("Create VM ioctl failed".to_string()))?;
let flags: u64 = if debug_mode { NE_ENCLAVE_DEBUG_MODE } else { 0 };
if enc_fd < 0 {
return Err(new_nitro_cli_failure!(
&format!("Invalid enclave file descriptor ({})", enc_fd),
NitroCliErrorEnum::InvalidEnclaveFd
));
}
Ok(EnclaveHandle {
cpu_config,
cpu_ids: vec![],
allocated_memory_mib: 0,
slot_uid,
enclave_cid,
flags,
enc_fd,
resource_allocator: ResourceAllocator::new(requested_mem)
.map_err(|e| e.add_subaction("Create resource allocator".to_string()))?,
eif_file: Some(eif_file),
state: EnclaveState::default(),
build_info: EnclaveBuildInfo::new(BTreeMap::new()),
metadata: None,
})
}