Re: [PATCH v22 00/24] Intel SGX foundations
From: Jarkko Sakkinen
Date: Wed Oct 02 2019 - 19:43:01 EST
On Wed, Sep 25, 2019 at 05:32:04PM +0300, Jarkko Sakkinen wrote:
> On Tue, Sep 24, 2019 at 10:20:09AM -0700, Andy Lutomirski wrote:
> > > I think either can be considered post-upstreaming.
> >
> > Indeed, as long as the overall API is actually compatible with these
> > types of restrictions.
>
> I include LSM changes to the follow up versions of the patch set. This
> is done to help verify that the API is compatible (or make it easy to
> review).
>
> I think they should be merged only after SGX is in the upstream beause
> this will make testing and reviewing smaller details of the changes less
> edgy the for LSM maintainers when one can just grab the LSM changes and
> try them out with the mainline.
I added the following to the driver commit message:
"The permissions, which enclave page is added will set the limit for maximum
permissions that can be set for mmap() and mprotect(). This will
effectively allow to build different security schemes between producers and
consumers of enclaves. Later on we can increase granularity with LSM hooks
for page addition (i.e. for producers) and mapping of the enclave (i.e. for
consumers)"
Is this sufficient? I do not want to fuzz already large patch set with
LSM patches, which anyway could not be merged before other stuff is in
the mainline. I think my description nails how we make the overall API
to be "LSM ready", doesn't it? Or at minimum gives enough information to
argue whether or not the API is "LSM ready"...
I also added CC to linux-security-module to the driver commit.
/Jarkko