SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Mon Jun 3 21:08:25 UTC 2019
On Thu, May 30, 2019 at 02:36:01PM -0700, Sean Christopherson wrote:
> Assuming MRENCLAVE generated by Graphene or any other hosting scheme are
> stable[1], then avoiding EXEC<whatever> means the user can effectively
> whitelist what enclaves are runnable by Graphene, even if the kernel
> doesn't implement security_enclave_create/init().
>
> I agree that it probably isn't all that important, it's more of a "why
> not" argument, i.e. what is gained by not using sigstruct as a proxy?
>
> [1] What in the world is being attested if MRENCLAVE isn't stable?
If I've understood correctly, Graphene uses a single loader enclave
that loads the executable in.
/Jarkko
More information about the Linux-security-module-archive
mailing list