[RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation

Xing, Cedric cedric.xing at intel.com
Mon Jul 1 20:03:51 UTC 2019


> From: Andy Lutomirski [mailto:luto at kernel.org]
> Sent: Monday, July 01, 2019 12:33 PM
> 
> It does make sense, but I'm not sure it's correct to assume that any LSM
> policy will always allow execution on enclave source pages if it would
> allow execution inside the enclave.  As an example, here is a policy
> that seems reasonable:
> 
> Task A cannot execute dynamic non-enclave code (no execmod, no execmem,
> etc -- only approved unmodified file pages can be executed).
> But task A can execute an enclave with MRENCLAVE == such-and-such, and
> that enclave may be loaded from regular anonymous memory -- the
> MRENCLAVE is considered enough verification.

You are right. That's a reasonable policy. But I still can't see the need for SGX_EXECUNMR, as MRENCLAVE is considered enough verification.



More information about the Linux-security-module-archive mailing list