On Thu, Jun 25, 2020 at 08:53:34PM +0200, Borislav Petkov wrote: > On Thu, Jun 18, 2020 at 01:08:33AM +0300, Jarkko Sakkinen wrote: > > > Subject: Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver > ^ > Add I'll change it to "Add SGX enclave driver". > > > Intel Software Guard eXtensions (SGX) is a set of CPU instructions that > > can be used by applications to set aside private regions of code and > > data. The code outside the SGX hosted software entity is disallowed to > > access the memory inside the enclave enforced by the CPU. We call these > > entities as enclaves. > > s/as // > > > This commit implements a driver that provides an ioctl API to construct > > s/This commit implements/Implement/ > > > and run enclaves. Enclaves are constructed from pages residing in > > reserved physical memory areas. The contents of these pages can only be > > accessed when they are mapped as part of an enclave, by a hardware > > thread running inside the enclave. > > > > The starting state of an enclave consists of a fixed measured set of > > pages that are copied to the EPC during the construction process by > > using ENCLS leaf functions and Software Enclave Control Structure (SECS) > > that defines the enclave properties. > > > > Enclave are constructed by using ENCLS leaf functions ECREATE, EADD and > > Enclaves > > > EINIT. ECREATE initializes SECS, EADD copies pages from system memory to > > the EPC and EINIT check a given signed measurement and moves the enclave > > checks > > > into a state ready for execution. > > > > An initialized enclave can only be accessed through special Thread Control > > Structure (TCS) pages by using ENCLU (ring-3 only) leaf EENTER. This leaf > > function converts a thread into enclave mode and continues the execution in > > the offset defined by the TCS provided to EENTER. An enclave is exited > > through syscall, exception, interrupts or by explicitly calling another > > ENCLU leaf EEXIT. > > > > The permissions, which enclave page is added will set the limit for maximum > > permissions that can be set for mmap() and mprotect(). > > I can't parse that sentence. Neither can I. > > This will > > effectively allow to build different security schemes between producers and > > consumers of enclaves. Later on we can increase granularity with LSM hooks > > for page addition (i.e. for producers) and mapping of the enclave (i.e. for > > consumers) I rephrased the whole paragraph: " The mmap() permissions are capped by the contained enclave page permissions. The mapped areas must also be opaque, i.e. each page address must contain a page. This logic is implemented in sgx_encl_may_map(). " > Other than that, nice explanation. I like that in a commit message. > > Thx. Thank you. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette /Jarkko
