[PATCH v19 17/27] x86/sgx: Add provisioning
Andy Lutomirski
luto at kernel.org
Thu Mar 21 16:50:41 UTC 2019
On Sun, Mar 17, 2019 at 2:18 PM Jarkko Sakkinen
<jarkko.sakkinen at linux.intel.com> wrote:
>
> In order to provide a mechanism for devilering provisoning rights:
>
> 1. Add a new file to the securityfs file called sgx/provision that works
> as a token for allowing an enclave to have the provisioning privileges.
> 2. Add a new ioctl called SGX_IOC_ENCLAVE_SET_ATTRIBUTE that accepts the
> following data structure:
>
> struct sgx_enclave_set_attribute {
> __u64 addr;
> __u64 token_fd;
> };
Here's a potential issue:
For container use, is it reasonable for a container manager to
bind-mount a file into securityfs? Or would something in /dev make
this easier?
More information about the Linux-security-module-archive
mailing list