[RFC] Follow up the adaptation of HyperEnclave driver on Kylin OS

[1160300918]

• Feature Name: hyperenclave_driver_kylinOS（To be determined）
• Start Date: 2024-11-22

Summary

This RFC proposes the adaptation of the HyperEnclave driver to support the Kylin operating system. The feature will enable confidential computing capabilities on Kylin OS, leveraging the trusted execution environment provided by HyperEnclave.

Motivation

Kylin operating system is widely used in Chinese enterprises. HyperEnclave offers a trusted execution environment that ensures confidentiality, integrity, and isolation of sensitive workloads. By enabling HyperEnclave support on Kylin OS, we aim to:

1. Expand the adoption of HyperEnclave in trusted computing environments.
2. Enhance the Kylin OS ecosystem with advanced confidential computing capabilities.

Expected outcomes include a fully functional HyperEnclave driver on Kylin OS, optimized for performance and reliability.

Explanation

To adapt HyperEnclave to the Kylin OS, the following tasks will be undertaken:

1. Compatibility Analysis: Review the current HyperEnclave driver architecture and identify compatibility gaps with Kylin's kernel and libraries.
2. Driver Porting: Modify the HyperEnclave driver to align with the Kylin OS kernel (e.g., kernel versioning, syscall differences).
3. Testing: Validate the adapted driver in controlled environments using Hygon CSV hardware.
4. Optimization: Ensure performance metrics meet or exceed benchmarks for similar platforms.
5. Documentation: Provide detailed documentation for installation, configuration, and usage on Kylin OS.

Drawbacks

1. Development effort and resources are required to port and test the driver.
2. Potential challenges in maintaining compatibility with future updates of the Kylin OS.

Rationale and alternatives

The rationale for choosing this approach includes:

• Strategic Importance: Kylin OS is a critical platform for secure deployments in key industries.
• Hardware Support: HyperEnclave is already optimized for Hygon CSV, making this a logical next step.

Alternatives considered:

none

Unresolved questions

1. Specific work plan and time schedule for adaptation.

---

This RFC serves as a starting point for discussion and collaboration. Feedback and suggestions are welcome!

[Bonjourz]

Hi, @1160300918 , we have gotten the Kylin Kernel source code and Kylin OS image. We need to prepare the development environment and then start the adaptation work.

This work is expected to take one to two months.