SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Mon May 20 11:33:13 UTC 2019
On Thu, May 16, 2019 at 02:02:58PM -0700, Andy Lutomirski wrote:
> That certainly *could* be done, and I guess the decision could be left
> to the LSMs, but I'm not convinced this adds value. What security use
> case does this cover that isn't already covered by requiring EXECUTE
> (e.g. lib_t) on the enclave file and some new SIGSTRUCT right on the
> .sigstruct?
I guess you are right as SIGSTRUCT completely shields the memory layout
and contents of an enclave.
/Jarkko
More information about the Linux-security-module-archive
mailing list