Re: x86/sgx: uapi change proposal

From: Jarkko Sakkinen
Date: Sat Dec 22 2018 - 12:38:50 EST

Next message: kbuild test robot: "Re: [PATCH] x86/cpu: sort cpuinfo flags"
Previous message: Jonathan Cameron: "Re: [PATCH] Staging: iio: adis16240: fixed a SPDX identifier tag mistake"
In reply to: Jarkko Sakkinen: "Re: x86/sgx: uapi change proposal"
Next in thread: Jarkko Sakkinen: "Re: x86/sgx: uapi change proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 20, 2018 at 12:32:04PM +0200, Jarkko Sakkinen wrote:
> On Wed, Dec 19, 2018 at 06:58:48PM -0800, Andy Lutomirski wrote:
> > Can one of you explain why SGX_ENCLAVE_CREATE is better than just
> > opening a new instance of /dev/sgx for each encalve?
>
> I think that fits better to the SCM_RIGHTS scenario i.e. you could send
> the enclav to a process that does not have necessarily have rights to
> /dev/sgx. Gives more robust environment to configure SGX.

Sean, is this why you wanted enclave fd and anon inode and not just use
the address space of /dev/sgx? Just taking notes of all observations.
I'm not sure what your rationale was (maybe it was somewhere). This was
something I made up, and this one is wrong deduction. You can easily
get the same benefit with /dev/sgx associated fd representing the
enclave.

This all means that for v19 I'm going without enclave fd involved with
fd to /dev/sgx representing the enclave. No anon inodes will be
involved.

/Jarkko

Next message: kbuild test robot: "Re: [PATCH] x86/cpu: sort cpuinfo flags"
Previous message: Jonathan Cameron: "Re: [PATCH] Staging: iio: adis16240: fixed a SPDX identifier tag mistake"
In reply to: Jarkko Sakkinen: "Re: x86/sgx: uapi change proposal"
Next in thread: Jarkko Sakkinen: "Re: x86/sgx: uapi change proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]