SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Andy Lutomirski
luto at kernel.org
Fri May 24 19:30:44 UTC 2019
On Fri, May 24, 2019 at 12:13 PM Sean Christopherson
<sean.j.christopherson at intel.com> wrote:
>
> On Fri, May 24, 2019 at 11:34:32AM -0700, Xing, Cedric wrote:
> > > From: linux-sgx-owner at vger.kernel.org [mailto:linux-sgx-
> > > owner at vger.kernel.org] On Behalf Of Sean Christopherson
> > > Sent: Friday, May 24, 2019 10:55 AM
> I don't see a fundamental difference between having RWX in an enclave and
> RWX in normal memory, either way the process can execute arbitrary code,
> i.e. PROCESS__EXECMEM is appropriate. Yes, an enclave will #UD on certain
> instructions, but that's easily sidestepped by having a trampoline in the
> host (marked RX) and piping arbitrary code into the enclave. Or using
> EEXIT to do a bit of ROP.
There's a difference, albeit a somewhat weak one, if sigstructs are
whitelisted. FILE__EXECMOD on
either /dev/sgx/enclave or on the sigstruct is not an entirely crazy
way to express this.
More information about the Linux-security-module-archive
mailing list