Re: [intel-sgx-kernel-dev] [PATCH v5 06/11] intel_sgx: driver for Intel Software Guard Extensions
From: Jarkko Sakkinen
Date: Wed Dec 20 2017 - 05:13:18 EST
On Tue, Dec 19, 2017 at 11:24:55PM +0000, Christopherson, Sean J wrote:
> Exposing the token generated by the in-kernel LE doesn't affect the
> kernel's power in the slightest, e.g. the kernel doesn't need a LE
> to refuse to run an enclave and a privileged user can always load
> an out-of-tree driver if they really want to circumvent the kernel's
> policies, which is probably easier than stealing the LE's private key.
If the MSRs are read-only, kernel does need an LE in order to launch
enclaves if it only has the SIGSTRUCT.
User with abilities to load out-of-tree driver or otherwise
modify the running kernel code does not really work as an argument
in to any direction.
/Jarkko