On Mon, Dec 13, 2021 at 02:10:17PM -0800, Reinette Chatre wrote: > Hi Jarkko, > > On 12/10/2021 11:42 PM, Jarkko Sakkinen wrote: > > On Mon, 2021-12-06 at 13:20 -0800, Reinette Chatre wrote: > > > > This is a valid question. Since EMODPE exists why not just make things for > > > > EMODPE, and ignore EMODPR altogether? > > > > > > > > > > I believe that we should support the best practice of principle of least > > > privilege - once a page no longer needs a particular permission there > > > should be a way to remove it (the unneeded permission). > > > > What if EMODPR was not used at all, since EMODPE is there anyway? > > EMODPR and EMODPE are not equivalent. > > EMODPE can only be used to "extend"/relax permissions while EMODPR can only > be used to restrict permissions. > > Notice in the EMODPE instruction reference of the SDM: > > (* Update EPCM permissions *) > EPCM(DS:RCX).R := EPCM(DS:RCX).R | SCRATCH_SECINFO.FLAGS.R; > EPCM(DS:RCX).W := EPCM(DS:RCX).W | SCRATCH_SECINFO.FLAGS.W; > EPCM(DS:RCX).X := EPCM(DS:RCX).X | SCRATCH_SECINFO.FLAGS.X; > > So, when using EMODPE it is only possible to add permissions, not remove > permissions. > > If a user wants to remove permissions from an EPCM page it is only possible > when using EMODPR. Notice in its instruction reference found in the SDM how > it in turn can only be used to restrict permissions: > > (* Update EPCM permissions *) > EPCM(DS:RCX).R := EPCM(DS:RCX).R & SCRATCH_SECINFO.FLAGS.R; > EPCM(DS:RCX).W := EPCM(DS:RCX).W & SCRATCH_SECINFO.FLAGS.W; > EPCM(DS:RCX).X := EPCM(DS:RCX).X & SCRATCH_SECINFO.FLAGS.X; OK, so the question is: do we need both or would a mechanism just to extend permissions be sufficient? /Jarkko
