> On Apr 19, 2019, at 2:19 PM, Jethro Beekman <jethro@xxxxxxxxxxxx> wrote: > >> . >> >> If we start enforcing equivalent rules on SGX, then the current API will simply not allow enclaves to be loaded — no matter how you slice it, loading an enclave with the current API is indistinguishable from making arbitrary data executable. > > Yes this is exactly what I intended here: a very simple change that > stops SGX from confusing LSM. Just by enforcing that everything that > looks like a memory write (EADD, EAUG, EDBGWR, etc.) actually requires > write permissions, reality and LSM should be on the same page. > > If you want to go further and actually allow this behavior when your LSM > would otherwise prohibit it, presumably the same workarounds that exist > for JITs can be used for SGX. > > I do think we need to follow LSM rules. But my bigger point is that there are policies that don’t allow JIT at all. I think we should arrange the SGX API so it’s still usable when such a policy is in effect.
