[PATCH v26 10/22] x86/sgx: Linux Enclave Driver

Andy Lutomirski luto at amacapital.net
Sat Feb 15 16:56:54 UTC 2020


> On Feb 14, 2020, at 9:52 AM, Sean Christopherson <sean.j.christopherson at intel.com> wrote:
> 
> On Fri, Feb 14, 2020 at 09:40:00AM -0800, Andy Lutomirski wrote:
>> 
>> 
>>>> On Feb 14, 2020, at 9:11 AM, Sean Christopherson <sean.j.christopherson at intel.com> wrote:
>>> 
>>> On Fri, Feb 14, 2020 at 10:24:10AM +0100, Jethro Beekman wrote:
>>>>> On 2020-02-13 19:07, Sean Christopherson wrote:
>>>>> On Thu, Feb 13, 2020 at 02:59:52PM +0100, Jethro Beekman wrote:
>>>>>> On 2020-02-09 22:25, Jarkko Sakkinen wrote:
>>>>>>> +/**
>>>>>>> + * struct sgx_enclave_add_pages - parameter structure for the
>>>>>>> + *                                %SGX_IOC_ENCLAVE_ADD_PAGE ioctl
>>>>>>> + * @src:    start address for the page data
>>>>>>> + * @offset:    starting page offset
>>>>>>> + * @length:    length of the data (multiple of the page size)
>>>>>>> + * @secinfo:    address for the SECINFO data
>>>>>>> + * @flags:    page control flags
>>>>>>> + * @count:    number of bytes added (multiple of the page size)
>>>>>>> + */
>>>>>>> +struct sgx_enclave_add_pages {
>>>>>>> +    __u64    src;
>>>>>>> +    __u64    offset;
>>>>>>> +    __u64    length;
>>>>>>> +    __u64    secinfo;
>>>>>>> +    __u64    flags;
>>>>>>> +    __u64    count;
>>>>>>> +};
>>>>>> 
>>>>>> Compared to the last time I looked at the patch set, this API removes the
>>>>>> ability to measure individual pages chunks. That is not acceptable.
>>>>> 
>>>>> Why is it not acceptable?  E.g. what specific use case do you have that
>>>>> _requires_ on measuring partial 4k pages of an enclave?
>>>> 
>>>> The use case is someone gives me an enclave and I want to load it. If I don't
>>>> load it exactly as the enclave author specified, the enclave hash will be
>>>> different, and it won't work.
>>> 
>>> And if our ABI says "thou shall measure in 4k chunks", then it's an invalid
>>> enclave if its author generated MRENCLAVE using a different granularity.
>> 
>> ISTM, unless there’s a particularly compelling reason, if an enclave is
>> valid, we should be able to load it.
> 
> That means we have to have a separate ioctl() for EEXTEND, otherwise we
> can't handle EADD[0]->EADD[1]->EADD[2]->EEXTEND[0]->EEXTEND[1]->EEXTEND[2].
> 
> I think we'd still want to keep the MEASURE flag for SGX_IOC_ENCLAVE_ADD_PAGE
> so that we can optimize EADD[0]->EEXTEND[0]->EADD[1]->EEXTEND[1].

Seems reasonable to me. I suppose such as ioctl could also be added later if there’s a need.



More information about the Linux-security-module-archive mailing list