Re: [PATCH] x86/sgx: Always deregister /dev/sgx_provision on failure
From: Jarkko Sakkinen
Date: Tue Aug 10 2021 - 20:19:14 EST
On Wed, Aug 11, 2021 at 11:27:13AM +1200, Kai Huang wrote:
> On Wed, 11 Aug 2021 01:56:27 +0300 Jarkko Sakkinen wrote:
> > When /dev/sgx_vepc for KVM was added, the initialization was relaxed so
> > that this file can be accessed even when the driver is disabled.
> >
> > Deregister /dev/sgx_provision when the driver is disabled, because it is
> > only useful for the driver.
>
> Hi Jarkko,
>
> This is not true. KVM also uses /dev/sgx_provision to restrict enclave in guest
> from accessing provisoning key. Specifically, in order to allow guest enclave
> to be able to use provisioning key, when one VM is created, Qemu must have
> permission to open /dev/sgx_provision, and pass the fd as parameter to
> KVM_CAP_SGX_ATTRIBUTE.
>
> Please see below KVM API:
>
> 7.25 KVM_CAP_SGX_ATTRIBUTE
> --------------------------
>
> :Architectures: x86
> :Target: VM
> :Parameters: args[0] is a file handle of a SGX attribute file in securityfs
> :Returns: 0 on success, -EINVAL if the file handle is invalid or if a requested
> attribute is not supported by KVM.
>
> KVM_CAP_SGX_ATTRIBUTE enables a userspace VMM to grant a VM access to one or
> more priveleged enclave attributes. args[0] must hold a file handle to a valid
> SGX attribute file corresponding to an attribute that is supported/restricted
> by KVM (currently only PROVISIONKEY).
>
> The SGX subsystem restricts access to a subset of enclave attributes to provide
> additional security for an uncompromised kernel, e.g. use of the PROVISIONKEY
> is restricted to deter malware from using the PROVISIONKEY to obtain a stable
> system fingerprint. To prevent userspace from circumventing such restrictions
> by running an enclave in a VM, KVM prevents access to privileged attributes by
> default.
OK, I was not aware of this.
/Jarkko