On Sun, Nov 25, 2018 at 08:22:35AM -0800, Andy Lutomirski wrote: > Agreed. What I’m proposing adds additional security if the kernel is > *not* compromised. And even if the kernel is compromised evil use will detected quicker i.e. compromissed kernel is "better" than a kernel that allows to use provisioning freely. > There are other ways to accomplish it that might be better in some > respects. For example, there could be /dev/sgx and > /dev/sgx_rights/provision. The former exposes the whole sgx API, > except that it doesn’t allow provisioning by default. The latter does > nothing by itself. To run a provisioning enclave, you open both nodes, > then do something like: > > ioctl(sgx, SGX_IOC_ADD_RIGHT, sgx_provisioning); > > This requires extra syscalls, but it doesn’t have the combinatorial > explosion problem. I like this design because it is extendable. I'm now also in the same page why we need to protect provisioning in the first place. I would slight restructure this as /dev/sgx/control /dev/sgx/attributes/provision Looks cleaner and the root /dev directory is less polluted. BTW, off-topic from this but should we remove ENCLAVE from IOC names as they all concern enclaves anyway? Seems kind of redundant. I.e. SGX_IOC_ENCLAVE_CREATE -> SGX_IOC_CREATE SGX_IOC_ENCLAVE_ADD_PAGE -> SGX_IOC_ADD_PAGE SGX_IOC_ENCLAVE_INIT -> SGX_IOC_INIT /Jarkko
