[RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Stephen Smalley
sds at tycho.nsa.gov
Tue Jun 25 21:09:40 UTC 2019
On 6/21/19 5:22 PM, Xing, Cedric wrote:
>> From: Christopherson, Sean J
>> Sent: Wednesday, June 19, 2019 3:24 PM
>>
>> Intended use of each permission:
>>
>> - SGX_EXECDIRTY: dynamically load code within the enclave itself
>> - SGX_EXECUNMR: load unmeasured code into the enclave, e.g. Graphene
>
> Why does it matter whether a code page is measured or not?
It won't be incorporated into an attestation?
>
>> - SGX_EXECANON: load code from anonymous memory (likely Graphene)
>
> Graphene doesn't load code from anonymous memory. It loads code dynamically though, as in SGX_EXECDIRTY case.
So do we expect EXECANON to never be triggered at all?
>
>> - SGX_EXECUTE: load an enclave from a file, i.e. normal behavior
>
> Why is SGX_EXECUTE needed from security perspective? Or why isn't FILE__EXECUTE sufficient?
Splitting the SGX permissions from the regular ones allows distinctions
to be made between what can be executed in the host process and what can
be executed in the enclave. The host process may be allowed
FILE__EXECUTE to numerous files that do not contain any code ever
intended to be executed within the enclave.
More information about the Linux-security-module-archive
mailing list