Re: x86/sgx: uapi change proposal

From: Jarkko Sakkinen
Date: Fri Jan 11 2019 - 11:08:10 EST

Next message: guoren: "[PATCH] csky: fixup _PAGE_GLOBAL bit for 610 tlb entry"
Previous message: Noralf TrÃnnes: "Re: [PATCH] drm/mediatek: Add MTK Framebuffer-Device (mt7623)"
In reply to: Andy Lutomirski: "Re: x86/sgx: uapi change proposal"
Next in thread: Huang, Kai: "RE: x86/sgx: uapi change proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 10, 2019 at 01:36:15PM -0800, Andy Lutomirski wrote:
> > Does it even matter if just leave EINITTOKENKEY attribute unprivileged
> > given that Linux requires that MSRs are writable? Maybe I'll just
> > whitelist that attribute to any enclave?
> >
>
> I would at least make it work like the PROVISIONKEY bit (or whatever
> it's called). Or just deny it at first. It's easy to start allowing
> it if we need to down the road, but it's harder to start denying it.

I think that would be a great idea to add another file to securityfs
for this. Would fit perfectly to your "systemd privilege sharing"
daemon example. Here consistency would be really nice.

/Jarkko

Next message: guoren: "[PATCH] csky: fixup _PAGE_GLOBAL bit for 610 tlb entry"
Previous message: Noralf TrÃnnes: "Re: [PATCH] drm/mediatek: Add MTK Framebuffer-Device (mt7623)"
In reply to: Andy Lutomirski: "Re: x86/sgx: uapi change proposal"
Next in thread: Huang, Kai: "RE: x86/sgx: uapi change proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]