On 9/23/20 7:33 AM, Jarkko Sakkinen wrote:
> The consequence is that enclaves are best created with an ioctl API and the
> access control can be based only to the origin of the source file for the
> enclave data, i.e. on VMA file pointer and page permissions. For example,
> this could be done with LSM hooks that are triggered in the appropriate
> ioctl's and they could make the access control decision based on this
> information.
>
> Unfortunately, there is ENCLS[EMODPE] that a running enclave can use to
> upgrade its permissions. If we do not limit mmap() and mprotect(), enclave
> could upgrade its permissions by using EMODPE followed by an appropriate
> mprotect() call. This would be completely hidden from the kernel.
>
> Add 'mprotect' hook to vm_ops, so that a callback can be implemeted for SGX
> that will ensure that {mmap, mprotect}() permissions do not surpass any of
> the original page permissions. This feature allows to maintain and refine
> sane access control for enclaves.
Maybe I'm just being dense, but I still don't have a clear idea what
function this hook serves.
I understand that SGX has an orthogonal set of page permissions to the
normal x86 page tables. It needs these so that the OS can't play nasty
tricks on the enclave, like removing read-only protections that provide
hardening.
But, I still don't get the connection to mprotect() and the x86 paging
permissions. If the enclave's permissions are orthogonal, then why
bother with this hook? Why does the OS view of the enclave's memory matter?
