Intel(R) SGX Reference Launch Enclave with DCAP driver

intel / linux-sgx

Intel SGX for Linux*

https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html

Other

1.33k stars 544 forks source link

Intel(R) SGX Reference Launch Enclave with DCAP driver #721

Open yanzhichao opened 3 years ago

yanzhichao commented 3 years ago

Now the DCAP driver allows to load all enclaves pass over launch enclaves's policy. Is there still a solution to use Intel(R) SGX Reference Launch Enclave

lzha101 commented 3 years ago

Yes, now DCAP driver takes a permissive way for launch token. Not sure what your usage is. If you use OOT driver, reference launch Enclave + whitelist solution should be still workable. Of course, your platform must support FLC. There is an implementation for reference LE in the repo. See https://github.com/intel/linux-sgx/blob/master/psw/ae/ref_le/ref_le.md

yanzhichao commented 3 years ago

Thanks for replay

Our application depend on DCAP driver , but we still want to enforce ourselves launch control policy to only allow to launch limited enclaves . Now DCAP driver takes a permissive way for launch token, it seems that we can't make it ,becase any user could launch any enclave in the platfrom . Is my understanding correct ?

lzha101 commented 3 years ago

@yanzhichao I think so. The design has been changed for a long time to align with in kernel driver. You can refer to the related DCAP driver's code. https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/e420ca703fb96330d6e03d5a138aea424b2e8bd1/driver/linux/ioctl.c#L572-L573

@haitaohuang could correct me if my answer is not true.

haitaohuang commented 3 years ago

The DCAP driver is following the main line kernel implementation. In SGX kernel upstreaming discussions, it was concluded that kernel would not support launch control thru signed LE. Rather, admin can use standard Linux permissions or other policy rules for /dev/sgx_enclave node to control which user id can have access to the node and launch enclaves.

If you need launch control policy enforced by your own LE, you need build custom kernel or driver. Or please follow up discussions with the kernel community in LKML.

Please also note the DCAP driver was created to support usages before SGX is supported in mainline kernel. With the mainline kernel now supports SGX, it is strongly recommended for all solutions based on DCAP move to use kernel support directly to avoid future incompatibilities.