[PATCH v19 17/27] x86/sgx: Add provisioning

Andy Lutomirski luto at kernel.org
Thu Mar 21 16:50:41 UTC 2019

On Sun, Mar 17, 2019 at 2:18 PM Jarkko Sakkinen
<jarkko.sakkinen at linux.intel.com> wrote:
> In order to provide a mechanism for devilering provisoning rights:
> 1. Add a new file to the securityfs file called sgx/provision that works
>    as a token for allowing an enclave to have the provisioning privileges.
> 2. Add a new ioctl called SGX_IOC_ENCLAVE_SET_ATTRIBUTE that accepts the
>    following data structure:
>    struct sgx_enclave_set_attribute {
>            __u64 addr;
>            __u64 token_fd;
>    };

Here's a potential issue:

For container use, is it reasonable for a container manager to
bind-mount a file into securityfs?  Or would something in /dev make
this easier?

More information about the Linux-security-module-archive mailing list