On Wed, Dec 19, 2018 at 08:41:12AM +0000, Jethro Beekman wrote:
Good morning, I everyone is weathering the pre-holiday season well.
> On 2018-12-19 13:28, Jarkko Sakkinen wrote:
> > * @eclave_fd: file handle to the enclave address space
> > * @attribute_fd: file handle of the attribute file in the securityfs
> > */
> >struct sgx_enclave_set_attribute {
> > __u64 enclave_fd;
> > __u64 attribute_fd;
> >};
> What is this for?
I believe it is a silent response to the issues we were prosecuting
4-5 weeks ago, regarding the requirement for an SGX driver on an FLC
hardware platform to have some semblance of policy management to be
relevant from a security/privacy perspective. It would have certainly
been collegial to include a reference to our discussions and concerns
in the changelog.
See 364f68f5a3c in Jarkko's next/master.
The changeset addresses enclave access to the PROVISION key but is
still insufficient to deliver guarantees that are consistent with the
SGX security model. In order to achieve that, policy management needs
to embrace the use of MRSIGNER values, which is what our SFLC patchset
uses.
The noted changeset actually implements most of the 'kernel bloat'
that our SFLC patchset needs to bolt onto.
As of yesterday afternoon next/master still won't initialize a
non-trivial enclave. Since there now appears to be a wholesale change
in the driver architecture and UAPI we are sitting on the sidelines
waiting for an indication all of that has some hope of working before
we introduce our approach.
Part of SFLC won't be popular but it is driven by clients who are
actually paying for SGX security engineering and architectures.
> Jethro Beekman | Fortanix
Best wishes for a pleasant holiday season to everyone.
Dr. Greg
As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: greg@xxxxxxxxxxxx
------------------------------------------------------------------------------
"Politics is the business of getting power and privilege without possessing
merit."
-- P.J. O'Rourke
