Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp4652083ybi;
        Mon, 3 Jun 2019 14:49:58 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwYgxiyYRcrzubOm4znSC7uS6mEzwfbYZEhuyoUOpRgc6ttB+ZeP8cUU5znXb7AxiUJset9
X-Received: by 2002:a17:902:6ac6:: with SMTP id i6mr18687691plt.233.1559598598257;
        Mon, 03 Jun 2019 14:49:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559598598; cv=none;
        d=google.com; s=arc-20160816;
        b=OV0he+GClE7DJO9xHri5kAx5ggjVIic2w+3Vj92fSBUPbNIA6gsFzoUG18hU6bk9Va
         k3Lh2eHCUNJBzWTlfjHoykBrUH3FGTsNFzf91/Uvl1yNPakxS0yykgzwS0d+oiMZ6SdT
         DtGWlCFSgIkTeAX6Zb4K0hpZAz5sqxsFui6TVh8+3DIYlv4qZfWVy/KeottdxpCoD4YH
         ROIKEJZq+Z0pa4s7zKwacywUZebvXh1SbjY8CWZEkj+MOOPKV8AjWv9unjVHPpTWI8uV
         BwEz1ZoX8G9gExQeouYtipIhl2fvomIpdl1Wr4p3mKsXOPWTftnZzf56QMtseB+HUPzN
         AvuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=qa+z4EnDy+u57FDm0kUd1ThkdOCpBBfR+hvfEDBO1nI=;
        b=sROrZJkmf+fP6E9RpuB+Bw/BWI3EPYr1FqZMNZ/aoNbWAA+SkSjc3jCKpnCmBLQ//1
         pmT47N7GRHixV2S1jPnOUaFMNXXfI37qUYAoQmI5wBsnnr3AKYQEcRVTDth+JKOB7TPD
         3FIC1cXuBB91nkjLnOOJPRDZ2GzTbnPZUoo90QM3nmqzW4s5Q1zqPo1m7eHwB73TVq76
         HOUWYCAzPDAHJa5yJvi0pzWwUv00tctu3hNPWh6POjORa+v6PJLYHUT9ZFyGxJPPDC47
         2u3uOoJ6bXFjc0sJhBDnOlSdEjbmm+NJWRizHpS4s1I6W5H/GpbkowuqOqMbzzOmRt76
         YIaw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Wl+zxf1z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f20si18768273pgv.448.2019.06.03.14.49.41;
        Mon, 03 Jun 2019 14:49:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Wl+zxf1z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726502AbfFCVrZ (ORCPT <rfc822;crosarcplusplustest@gmail.com>
        + 99 others); Mon, 3 Jun 2019 17:47:25 -0400
Received: from mail.kernel.org ([198.145.29.99]:36696 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726162AbfFCVrY (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Jun 2019 17:47:24 -0400
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 102C6246A4
        for <linux-kernel@vger.kernel.org>; Mon,  3 Jun 2019 21:37:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1559597851;
        bh=n9SyFEz1scq0F+hulkDOofWavK0RVDUzt5KbFhVJxXU=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=Wl+zxf1zXrXTscPd69no8f3com+w7DM1Ij9JSl6nzJEwn21nR1/vkX/KVRgO+NKi5
         HqAYbd2/RvghdNstiyg9ha1DYR41NNpT/hot0tEZcFGgwBDLilwmu/lIQ6aGvQ7kRp
         XYe9TujRyGiqLtBNWH6Yz4U1SacrGQimo6MS5eD0=
Received: by mail-wm1-f41.google.com with SMTP id v22so12599955wml.1
        for <linux-kernel@vger.kernel.org>; Mon, 03 Jun 2019 14:37:30 -0700 (PDT)
X-Gm-Message-State: APjAAAVktJ/6edtXh9X95D9egohorJL/DNTkZkrWnOOryzCJncXijwrT
        oXEW//KN5pHQGFP9BIqyS9H0m3zcU4hFIaKiiJ+ZKw==
X-Received: by 2002:a1c:9a53:: with SMTP id c80mr9098862wme.173.1559597849219;
 Mon, 03 Jun 2019 14:37:29 -0700 (PDT)
MIME-Version: 1.0
References: <960B34DE67B9E140824F1DCDEC400C0F654E965F@ORSMSX116.amr.corp.intel.com>
 <CALCETrXXVMutX8eZk6nnkOAeS+Tj0sQd0FkW+wk6Rx8hQxCe6w@mail.gmail.com>
 <960B34DE67B9E140824F1DCDEC400C0F654E9824@ORSMSX116.amr.corp.intel.com>
 <20190528202407.GB13158@linux.intel.com> <285f279f-b500-27f0-ab42-fb1dbcc5ab18@tycho.nsa.gov>
 <960B34DE67B9E140824F1DCDEC400C0F654EB487@ORSMSX116.amr.corp.intel.com>
 <678a37af-797d-7bd5-a406-32548a270e3d@tycho.nsa.gov> <CALCETrWXB9fNNDH7gZxPTx05F78Og6K=ZtAr2aA++BDwY09Wbg@mail.gmail.com>
 <c1135352-0b5e-4694-b1a9-105876095877@tycho.nsa.gov> <CALCETrWsEXzUC33eJpGCpdMCBO4aYVviZLRD-CLMNaG5Jv-TCA@mail.gmail.com>
 <20190603205405.GE4894@linux.intel.com>
In-Reply-To: <20190603205405.GE4894@linux.intel.com>
From:   Andy Lutomirski <luto@kernel.org>
Date:   Mon, 3 Jun 2019 14:37:17 -0700
X-Gmail-Original-Message-ID: <CALCETrVS15kAsD9mko9sreyZ8uciiOfOpnMabcQr4_3jE-npNA@mail.gmail.com>
Message-ID: <CALCETrVS15kAsD9mko9sreyZ8uciiOfOpnMabcQr4_3jE-npNA@mail.gmail.com>
Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
To:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        "Xing, Cedric" <cedric.xing@intel.com>,
        "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
        William Roberts <bill.c.roberts@gmail.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Paul Moore <paul@paul-moore.com>,
        Eric Paris <eparis@parisplace.org>,
        "selinux@vger.kernel.org" <selinux@vger.kernel.org>,
        Jethro Beekman <jethro@fortanix.com>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Dr. Greg" <greg@enjellic.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "Ayoun, Serge" <serge.ayoun@intel.com>,
        "Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
        "Huang, Haitao" <haitao.huang@intel.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        "Svahn, Kai" <kai.svahn@intel.com>, Borislav Petkov <bp@alien8.de>,
        Josh Triplett <josh@joshtriplett.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        David Rientjes <rientjes@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jun 3, 2019 at 1:54 PM Jarkko Sakkinen
<jarkko.sakkinen@linux.intel.com> wrote:
>
> On Thu, May 30, 2019 at 09:14:10AM -0700, Andy Lutomirski wrote:
> > > What is the "source file" i.e. the target of the check?  Enclave file,
> > > sigstruct file, or /dev/sgx/enclave?
> >
> > Enclave file -- that is, the file backing the vma from which the data
> > is loaded.
>
> Wonder why KVM gets away without having this given that enclaves are
> lot alike VMs.
>

I would argue it's because access to /dev/kvm means you can execute
whatever you code you want in a VM.  I don't see how this is
avoidable. On the other hand, it would be nice for SGX to not imply
this same sort of "execute anything" right, especially since, unlike
KVM, SGX is not a sandbox.