On Mon, Aug 05, 2019 at 02:30:22PM -0700, Andy Lutomirski wrote: > On Mon, Aug 5, 2019 at 1:51 PM Jarkko Sakkinen > <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > > > On Sun, Aug 04, 2019 at 03:20:24PM -0700, Andy Lutomirski wrote: > > > On Thu, Aug 1, 2019 at 9:38 AM Jarkko Sakkinen > > > <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > > > > > > > On Mon, Jul 15, 2019 at 03:29:23PM -0700, Andy Lutomirski wrote: > > > > > I would say it differently: regardless of exactly how /dev/sgx/enclave > > > > > is wired up under the hood, we want a way that a process can be > > > > > granted permission to usefully run enclaves without being granted > > > > > permission to execute whatever bytes of code it wants. Preferably > > > > > without requiring LSMs to maintain some form of enclave signature > > > > > whitelist. > > > > > > > > Would it be better to have a signer whitelist instead or some > > > > combination? E.g. you could whiteliste either by signer or > > > > enclave signature. > > > > > > > > > > I'm not sure, and also don't really think we need to commit to an > > > answer right now. I do think that the eventual solution should be > > > more flexible than just whitelisting the signers. In particular, it > > > should be possible to make secure enclaves, open-source or otherwise, > > > that are reproducibly buildable. This more or less requires that the > > > signing private key not be a secret, which means that no one would > > > want to whitelist the signing key. The enclave would be trusted, and > > > would seal data, on the basis of its MRENCLAVE, and the policy, if > > > any, would want to whitelist the MRENCLAVE or perhaps the whole > > > SIGSTRUCT. > > > > > > But my overall point is that it should be possible to have a conherent > > > policy that allows any enclave whatsoever to run but that still > > > respects EXECMEM and such. > > > > So could kernel embed a fixed signing key that would be made available > > through sysfs for signing? Already have one for my selftest. > > > > Do you mean a public and private key? I was imagining that someone > would just create a key pair and publish it for the case of SGX > programs that don't depend on MRSIGNER. There doesn't have to be just > one. > > But I may be misunderstanding you. Aa, OK, got you. I actually misunderstood you. /Jarkko
