Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)

(off-list ancestor, not in this archive)
SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · James Morris <jmorris@namei.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · James Morris <jmorris@namei.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-15
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-16
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-17
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Linus Torvalds <torvalds@linux-foundation.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Linus Torvalds <torvalds@linux-foundation.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · James Morris <jmorris@namei.org> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Dr. Greg <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Haitao Huang <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-16
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-21
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jethro Beekman <hidden> · 2019-05-21
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-21
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-25
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-26
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-26
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-28
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-28
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-28
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-29
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Dr. Greg <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-04
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Dr. Greg <hidden> · 2019-05-25
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-27
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-27
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-27
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20

From: Andy Lutomirski <luto@kernel.org>
Date: 2019-05-15 23:13:32
Also in: lkml, selinux

On Wed, May 15, 2019 at 3:46 PM James Morris [off-list ref] wrote:

On Wed, 15 May 2019, Andy Lutomirski wrote:

quoted

Why not just use an xattr, like security.sgx ?

Wouldn't this make it so that only someone with CAP_MAC_ADMIN could
install an enclave?  I think that this decision should be left up the
administrator, and it should be easy to set up a loose policy where
anyone can load whatever enclave they want.  That's what would happen
in my proposal if there was no LSM loaded or of the LSM policy didn't
restrict what .sigstruct files were acceptable.

You could try user.sigstruct, which does not require any privs.

I don't think I understand your proposal.  What file would this
attribute be on?  What would consume it?

I'm imagining that there's some enclave in a file
crypto_thingy.enclave.  There's also a file crypto_thingy.sigstruct.
crypto_thingy.enclave has type lib_t or similar so that it's
executable.  crypto_thingy.sigstruct has type sgx_sigstruct_t.  The
enclave loader does, in effect:

void *source_data = mmap(crypto_thingy.enclave, PROT_READ | PROT_EXEC, ...);
int sigstruct_fd = open("crypto_thingy.sigstruct", O_RDONLY);
int enclave_fd = open("/dev/sgx/enclave", O_RDWR);

ioctl(enclave_fd, SGX_IOC_ADD_SOME_DATA, source_data + source_offset,
enclave_offset, len, ...);
ioctl(enclave_fd, SGX_IOC_ADD_SOME_DATA, source_data + source_offset2,
enclave_offset2, len, ...);
etc.

/* Here's where LSMs get to check that the sigstruct is acceptable.
The CPU will check that the sigstruct matches the enclave. */
ioctl(enclave_fd, SGX_INIT_THE_ENCLAVE, sigstruct_fd);

/* Actually map the thing */
mmap(enclave_fd RO section, PROT_READ, ...);
mmap(enclave_fd RW section, PROT_READ | PROT_WRITE, ...);
mmap(enclave_fd RX section, PROT_READ | PROT_EXEC, ...);

/* This should fail unless EXECMOD is available, I think */
mmap(enclave_fd RWX section, PROT_READ | PROT_WRITE | PROT_EXEC);

And the idea here is that, if the .enclave file isn't mapped
PROT_EXEC, then mmapping the RX section will also require EXECMEM or
EXECMOD.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help