SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)

Andy Lutomirski luto at amacapital.net
Fri May 24 17:51:02 UTC 2019


> On May 24, 2019, at 10:07 AM, Sean Christopherson <sean.j.christopherson at intel.com> wrote:
> 
>> On Fri, May 24, 2019 at 09:43:27AM -0700, Andy Lutomirski wrote:
>>> On Fri, May 24, 2019 at 12:24 AM Xing, Cedric <cedric.xing at intel.com> wrote:
>>> /**
>>> * Summary:
>>> * - The enclave file resembles a shared object that contains RO/RX/RW segments
>>> * - FILE__* are assigned to /dev/sgx/enclave, to determine acceptable permissions to mmap()/mprotect(), valid combinations are
>>> *   + FILE__READ - Allow SGX1 enclaves only
>>> *   + FILE__READ|FILE__WRITE - Allow SGX2 enclaves to expand data segments (e.g. heaps, stacks, etc.)
>> 
>> I think this is a non-starter :(  FILE__WRITE also means that you can
>> write to the file, and the admin / policy author will almost never
>> want to allow that.
> 
> Why would FILE__WRITE on /dev/sgx/enclave be a problem?  An actual
> write to /dev/sgx/enclave would yield -EINVAL, no?

Bah, read it wrong — FILE__WRITE on the enclave file on disk is no good.



More information about the Linux-security-module-archive mailing list