Re: x86/sgx: uapi change proposal
From: Jarkko Sakkinen
Date: Thu Jan 10 2019 - 12:46:03 EST
On Tue, Jan 08, 2019 at 02:54:11PM -0800, Andy Lutomirski wrote:
> I do think it makes sense to have QEMU delegate the various ENCLS
> operations (especially EINIT) to the regular SGX interface, which will
> mean that VM guests will have exactly the same access controls applied
> as regular user programs, which is probably what we want. If so,
> there will need to be a way to get INITTOKEN privilege for the purpose
> of running non-Linux OSes in the VM, which isn't the end of the world.
> We might still want the actual ioctl to do EINIT using an actual
> explicit token to be somehow restricted in a way that strongly
> discourages its use by anything other than a hypervisor. Or I suppose
> we could just straight-up ignore the guest-provided init token.
Does it even matter if just leave EINITTOKENKEY attribute unprivileged
given that Linux requires that MSRs are writable? Maybe I'll just
whitelist that attribute to any enclave?
/Jarkko