Re: x86/sgx: uapi change proposal
From: Jarkko Sakkinen
Date: Thu Dec 20 2018 - 08:20:07 EST
On Thu, Dec 20, 2018 at 03:12:13PM +0200, Jarkko Sakkinen wrote:
> On Thu, Dec 20, 2018 at 12:32:04PM +0200, Jarkko Sakkinen wrote:
> > On Wed, Dec 19, 2018 at 06:58:48PM -0800, Andy Lutomirski wrote:
> > > Can one of you explain why SGX_ENCLAVE_CREATE is better than just
> > > opening a new instance of /dev/sgx for each encalve?
> >
> > I think that fits better to the SCM_RIGHTS scenario i.e. you could send
> > the enclav to a process that does not have necessarily have rights to
> > /dev/sgx. Gives more robust environment to configure SGX.
>
> My only open for the implementation is where to swap? If it is a VMA,
> whose VMA?
>
> Please share your views here. Not a blocker for me to work on the
> implementation, though. I'll use a private shmem file up until there
> is a better option.
>
> This ioctl API discussion is kind of meaningless for me ATM because it
> does not have that much effect to the internals even if it wouldn't be
> perfect in v19. Very trival to change.
Oops, and after sending I realized that I started this thread asking
comments about the API (I think I mentioned swapping though too) :-) The
feedback has been valuable and I gained the required understanding about
enclave_fd but I think that now the things have been saturated to minor
details.
Appreciate all the feedback so far. Sorry for a bit harsh statement.
/Jarkko