On 6/21/19 5:22 PM, Xing, Cedric wrote:
From: Christopherson, Sean J
Sent: Wednesday, June 19, 2019 3:24 PM
Intended use of each permission:
- SGX_EXECDIRTY: dynamically load code within the enclave itself
- SGX_EXECUNMR: load unmeasured code into the enclave, e.g. Graphene
Why does it matter whether a code page is measured or not?
It won't be incorporated into an attestation?
- SGX_EXECANON: load code from anonymous memory (likely Graphene)
Graphene doesn't load code from anonymous memory. It loads code dynamically though, as in SGX_EXECDIRTY case.
So do we expect EXECANON to never be triggered at all?
- SGX_EXECUTE: load an enclave from a file, i.e. normal behavior
Why is SGX_EXECUTE needed from security perspective? Or why isn't FILE__EXECUTE sufficient?
Splitting the SGX permissions from the regular ones allows distinctions
to be made between what can be executed in the host process and what can
be executed in the enclave. The host process may be allowed
FILE__EXECUTE to numerous files that do not contain any code ever
intended to be executed within the enclave.