graphene icon indicating copy to clipboard operation
graphene copied to clipboard
verified publisher icon gramineproject

MbedTLS uses small internal buffers for encryption

Open boryspoplawski opened this issue 4 years ago • 1 comments

Description of the problem

When using encrypted pipes (e.g. to send checkpoint) MbedTLS has to encrypt the data and uses 4 pages buffer for that. This might drastically reduce fork performance in case of big enclaves.

Proposed solution (needs performance improvement verification): set MbedTLS buffer size (hopefully possible) to some grater value, probably tied to enclave size (e.g. we would have 3 different sizes depending on the enclave size).

boryspoplawski avatar Jun 22 '21 13:06 boryspoplawski

Looks like a simple performance optimization, but someone will need to do thorough performance analysis of this change. Doesn't seem too important at the moment, so assigning low priority.

dimakuv avatar Jul 22 '21 07:07 dimakuv