On Thu, Feb 20, 2020 at 09:57:11PM +0200, Jarkko Sakkinen wrote:
Good evening to everyone.
> On Wed, Feb 19, 2020 at 10:26:40AM -0600, Dr. Greg wrote:
> > On Tue, Feb 18, 2020 at 05:52:47PM +0200, Jarkko Sakkinen wrote:
> >
> > Good morning, I hope the day is going well for everyone.
> >
> > > On Tue, Feb 18, 2020 at 04:42:43AM -0600, Dr. Greg Wettstein wrote:
> > > > I believe an accurate summary of Dr. Beekman's concerns are as
> > > > follows:
> > > >
> > > > 1.) He envisions a need for an enclave orchestrator that uses root
> > > > privileges to open the SGX driver device and then drop privileges,
> > > > presumably in a permanent fashion. The orchestrator would then use
> > > > the filehandle to load and initialize multiple enclaves on request.
> > > >
> > > > 2.) The enclave orchestrator may be run in an environment that has
> > > > SECCOMP limitations on the ability to conduct filesystem operations.
> >
> > > Also UDS sockets with SCM_RIGHTS should work.
> >
> > The first clarification, I'm assuming you mean passing SCM_RIGHTS over
> > AF_UNIX/UNIX-domain sockets, not UDP sockets?
> UNIX domain sockets.
That is what I thought, I wanted to make sure that UDS wasn't a typo.
> > It appears that the sgx_open() function, that is installed as the
> > ->open method for the /dev/sgx/enclave device node, allocates the
> > master enclave definition structure, that is installed, and
> > subsequently released, as private data for the file instance object.
> > This master enclave structure has the reference to the virtual memory
> > definition for the enclave that is opened.
> You can have multiple references to an enclave by using formentioned
> tools.
Yes, I understand multiple references to a file descriptor/enclave,
but see below.
> > This would seem to imply that the driver is rather firmly architected
> > on the notion of one open() per enclave, a concept that Jethro seems
> > to have issues with.
> I don't understand what concept you are talking about.
If memory serves me correctly, Jethro envisioned a model where a
single open of the SGX driver node would return a file descriptor that
could then be used to create/load/initialize multiple enclaves. Your
clarifications indicate that a separate open will be needed for each
and every enclave instance that will be orchestrated.
Jethro, if I'm mistating your position on this, please jump in and
clarify.
> /Jarkko
Have a good end of the week.
Dr. Greg
As always,
Dr. Greg Wettstein, Ph.D, Worker
IDfusion, LLC SGX secured infrastructure and
4206 N. 19th Ave. autonomously self-defensive platforms.
Fargo, ND 58102
PH: 701-281-1686 EMAIL: greg@xxxxxxxxxxxx
------------------------------------------------------------------------------
"Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real
Programmer wants a "you asked for it, you got it" text editor --
complicated, cryptic, powerful, unforgiving, dangerous."
-- Matthias Schniedermeyer
