[PATCH v26 10/22] x86/sgx: Linux Enclave Driver
Sean Christopherson
sean.j.christopherson at intel.com
Fri Feb 14 17:52:11 UTC 2020
On Fri, Feb 14, 2020 at 09:40:00AM -0800, Andy Lutomirski wrote:
>
>
> > On Feb 14, 2020, at 9:11 AM, Sean Christopherson <sean.j.christopherson at intel.com> wrote:
> >
> > On Fri, Feb 14, 2020 at 10:24:10AM +0100, Jethro Beekman wrote:
> >>> On 2020-02-13 19:07, Sean Christopherson wrote:
> >>> On Thu, Feb 13, 2020 at 02:59:52PM +0100, Jethro Beekman wrote:
> >>>> On 2020-02-09 22:25, Jarkko Sakkinen wrote:
> >>>>> +/**
> >>>>> + * struct sgx_enclave_add_pages - parameter structure for the
> >>>>> + * %SGX_IOC_ENCLAVE_ADD_PAGE ioctl
> >>>>> + * @src: start address for the page data
> >>>>> + * @offset: starting page offset
> >>>>> + * @length: length of the data (multiple of the page size)
> >>>>> + * @secinfo: address for the SECINFO data
> >>>>> + * @flags: page control flags
> >>>>> + * @count: number of bytes added (multiple of the page size)
> >>>>> + */
> >>>>> +struct sgx_enclave_add_pages {
> >>>>> + __u64 src;
> >>>>> + __u64 offset;
> >>>>> + __u64 length;
> >>>>> + __u64 secinfo;
> >>>>> + __u64 flags;
> >>>>> + __u64 count;
> >>>>> +};
> >>>>
> >>>> Compared to the last time I looked at the patch set, this API removes the
> >>>> ability to measure individual pages chunks. That is not acceptable.
> >>>
> >>> Why is it not acceptable? E.g. what specific use case do you have that
> >>> _requires_ on measuring partial 4k pages of an enclave?
> >>
> >> The use case is someone gives me an enclave and I want to load it. If I don't
> >> load it exactly as the enclave author specified, the enclave hash will be
> >> different, and it won't work.
> >
> > And if our ABI says "thou shall measure in 4k chunks", then it's an invalid
> > enclave if its author generated MRENCLAVE using a different granularity.
>
> ISTM, unless there’s a particularly compelling reason, if an enclave is
> valid, we should be able to load it.
That means we have to have a separate ioctl() for EEXTEND, otherwise we
can't handle EADD[0]->EADD[1]->EADD[2]->EEXTEND[0]->EEXTEND[1]->EEXTEND[2].
I think we'd still want to keep the MEASURE flag for SGX_IOC_ENCLAVE_ADD_PAGE
so that we can optimize EADD[0]->EEXTEND[0]->EADD[1]->EEXTEND[1].
More information about the Linux-security-module-archive
mailing list