On Tue, Jan 08, 2019 at 02:54:11PM -0800, Andy Lutomirski wrote: > I do think it makes sense to have QEMU delegate the various ENCLS > operations (especially EINIT) to the regular SGX interface, which will > mean that VM guests will have exactly the same access controls applied > as regular user programs, which is probably what we want. If so, > there will need to be a way to get INITTOKEN privilege for the purpose > of running non-Linux OSes in the VM, which isn't the end of the world. > We might still want the actual ioctl to do EINIT using an actual > explicit token to be somehow restricted in a way that strongly > discourages its use by anything other than a hypervisor. Or I suppose > we could just straight-up ignore the guest-provided init token. Does it even matter if just leave EINITTOKENKEY attribute unprivileged given that Linux requires that MSRs are writable? Maybe I'll just whitelist that attribute to any enclave? /Jarkko
