On Mon, Apr 22, 2019 at 09:55:47AM -0700, Linus Torvalds wrote: > On Mon, Apr 22, 2019 at 9:48 AM Sean Christopherson > <sean.j.christopherson@xxxxxxxxx> wrote: > > > > Right, and loading a malicious enclave doesn't change those guarantees > > (for other enclaves). Ergo, restricting which enclaves can execute is > > orthogonal to the security provided by SGX. > > But it is absolutely worth noting that TSX made a lot of attacks both > easier to _do_, and also easier to _hide_. > > All while being basically completely worthless technology to everybody > except for some silly SAP benchmark. > > So it is definitely worth at least discussing the downsides of SGX. If > it ends up being another technology that makes it easier to create > malware, without actually having a lot of _good_ software use it, the > patches to enable it should make damn sure that the upsides actually > outweigh the downsides. > > And if the current setup basically is "you have to disable reasonable > SElinux protections that lots of distros use today", I think it's > entirely reasonable saying "the downsides are bigger than the > upsides". I'm not arguing against SGX playing nice with SELinux/LSMs, actually the opposite. I completely agree that enclaves should be subject to LSM restrictions. AIUI, Dr. Greg is proposing a framework that uses SGX's launch control mechanism to restrict what enclaves can run. My point is that restricting what enclaves can run is about protecting the kernel and/or platform, not the enclaves themselves, i.e. using launch control instead of, or in addition to, LSMs doesn't change the security guarantees of SGX.
