Re: [PATCH v21 00/28] Intel SGX foundations

2019-08-06 Thread Jethro Beekman
On 2019-07-14 07:36, Jarkko Sakkinen wrote: On Sat, Jul 13, 2019 at 08:07:36PM +0300, Jarkko Sakkinen wrote: v21: * Check on mmap() that the VMA does cover an area that does not have enclave pages. Only mapping with PROT_NONE can do that to reserve initial address space for an enclave. * C

Re: [PATCH v21 00/28] Intel SGX foundations

2019-07-14 Thread Jarkko Sakkinen
On Sat, Jul 13, 2019 at 08:07:36PM +0300, Jarkko Sakkinen wrote: > v21: > * Check on mmap() that the VMA does cover an area that does not have > enclave pages. Only mapping with PROT_NONE can do that to reserve > initial address space for an enclave. > * Check om mmap() and mprotect() that the

[PATCH v21 00/28] Intel SGX foundations

2019-07-13 Thread Jarkko Sakkinen
Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. In a way you can think that SGX provides inverted sandbox. It prot