Now SM is embedded into the bbl, which basically provides a lot of SBI that can enable DoS against the OS as well as some potential attacks.
For example, the enclave can shut down the entire machine using an SBI, and also request IPIs (e.g., TLB flush).
Once we make the SM keep track of the CPU states, we should be able to put some gaskets in those interfaces that prevents enclave from doing these.
This should, imo, be part of our rework of enclave lifecycles into explicit fsms.
We can define the valid hart transitions along with the valid enclave state transitions and check it all at once on the SBI call.
Now SM is embedded into the bbl, which basically provides a lot of SBI that can enable DoS against the OS as well as some potential attacks. For example, the enclave can shut down the entire machine using an SBI, and also request IPIs (e.g., TLB flush). Once we make the SM keep track of the CPU states, we should be able to put some gaskets in those interfaces that prevents enclave from doing these.