Re: [PATCH v20 00/28] Intel SGX1 support

[Andy Lutomirski]

> On Apr 19, 2019, at 2:19 PM, Jethro Beekman <jet...@fortanix.com> wrote:
> 
>> .
>> 
>> If we start enforcing equivalent rules on SGX, then the current API will 
>> simply not allow enclaves to be loaded — no matter how you slice it, loading 
>> an enclave with the current API is indistinguishable from making arbitrary 
>> data executable.
> 
> Yes this is exactly what I intended here: a very simple change that
> stops SGX from confusing LSM. Just by enforcing that everything that
> looks like a memory write (EADD, EAUG, EDBGWR, etc.) actually requires
> write permissions, reality and LSM should be on the same page.
> 
> If you want to go further and actually allow this behavior when your LSM
> would otherwise prohibit it, presumably the same workarounds that exist
> for JITs can be used for SGX.
> 
> 

I do think we need to follow LSM rules.  But my bigger point is that there are 
policies that don’t allow JIT at all. I think we should arrange the SGX API so 
it’s still usable when such a policy is in effect.