[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrVJ1vMAA-7qtiZ8tg-3qyckSwbzNC2kbbHsojm+W46PWg@mail.gmail.com>
Date: Sat, 27 Jul 2019 10:32:11 -0700
From: Andy Lutomirski <luto@...capital.net>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
X86 ML <x86@...nel.org>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Joerg Roedel <joro@...tes.org>,
"H. Peter Anvin" <hpa@...or.com>, kvm list <kvm@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>, linux-sgx@...r.kernel.org
Subject: Re: [RFC PATCH 21/21] KVM: x86: Add capability to grant VM access to
privileged SGX attribute
On Fri, Jul 26, 2019 at 10:52 PM Sean Christopherson
<sean.j.christopherson@...el.com> wrote:
>
> The SGX subsystem restricts access to a subset of enclave attributes to
> provide additional security for an uncompromised kernel, e.g. to prevent
> malware from using the PROVISIONKEY to ensure its nodes are running
> inside a geniune SGX enclave and/or to obtain a stable fingerprint.
>
> To prevent userspace from circumventing such restrictions by running an
> enclave in a VM, KVM restricts guest access to privileged attributes by
> default. Add a capability, KVM_CAP_SGX_ATTRIBUTE, that can be used by
> userspace to grant a VM access to a priveleged attribute, with args[0]
> holding a file handle to a valid SGX attribute file corresponding to
> an attribute that is restricted by KVM (currently only PROVISIONKEY).
Looks good to me. Thanks!
> +can use KVM_CAP_SGX_ATTRIBUTE to grant a VM access to a priveleged attribute.
Spelling.
Powered by blists - more mailing lists