On 2018-12-22 04:41, Jarkko Sakkinen wrote:
In order to provide a mechanism for devilering provisoning rights:
1. Add a new file to the securityfs file called sgx/provision that works
as a token for allowing an enclave to have the provisioning privileges.
2. Add a new ioctl called SGX_IOC_ENCLAVE_SET_ATTRIBUTE that accepts the
following data structure:
struct sgx_enclave_set_attribute {
__u64 addr;
__u64 token_fd;
};
A daemon could sit on top of sgx/provision and send a file descriptor of
this file to a process that needs to be able to provision enclaves.
The way this API is used is more or less straight-forward. Lets assume that
dev_fd is a handle to /dev/sgx and prov_fd is a handle to sgx/provision.
You would allow SGX_IOC_ENCLAVE_CREATE to initialize an enclave with the
PROVISIONKEY attribute by
params.addr = <enclave address>;
params.token_fd = prov_fd;
ioctl(dev_fd, SGX_IOC_ENCLAVE_SET_ATTRIBUTE, ¶ms);
I think the attribute handling in this and the previous patch doesn't work. How am I supposed to call this ioctl between sgx_encl_alloc and sgx_encl_create in sgx_ioc_enclave_create? Even if I somehow manage to call this, how is secs->attributes getting set? How do I unset SGX_ATTR_DEBUG?
-- Jethro Beekman | Fortanix
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
