Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)

From: Jarkko Sakkinen
Date: Mon Jun 03 2019 - 18:34:11 EST


On Thu, May 30, 2019 at 02:36:01PM -0700, Sean Christopherson wrote:
> Assuming MRENCLAVE generated by Graphene or any other hosting scheme are
> stable[1], then avoiding EXEC<whatever> means the user can effectively
> whitelist what enclaves are runnable by Graphene, even if the kernel
> doesn't implement security_enclave_create/init().
>
> I agree that it probably isn't all that important, it's more of a "why
> not" argument, i.e. what is gained by not using sigstruct as a proxy?
>
> [1] What in the world is being attested if MRENCLAVE isn't stable?

If I've understood correctly, Graphene uses a single loader enclave
that loads the executable in.

/Jarkko