On 5/10/19 10:37 AM, Jethro Beekman wrote: > It does assume a specific format, namely, that the memory layout > (including page types/permissions) of the enclave can be represented in > a "flat file" on disk, or at least that the enclave memory contents > consist of 4096-byte chunks in that file. I _think_ Cedric's point is that, to the kernel, /lib/x86_64-linux-gnu/libc.so.6 is a "flat file" because the kernel doesn't have any part in parsing the executable format of a shared library. I actually don't know how it works, though. Do we just just trust that the userspace parsing of the .so format is correct? Do we just assume that any part of a file passing IMA checks can be PROT_EXEC?
