Test environment doesn't allow SGX enclaves to access PROVISION keys

[binxing]

3526 adds PROVISION key and EINIT key support, and its test cases require setting the PROVISION_KEY attribute bit for the test enclaves, which is however disallowed in the test environment by bors.

• On Linux, assuming the same SGX kernel module as in an ACC VM, a process requires RW access to /dev/sgx/provision to launch enclaves with PROVISION_KEY set.
• On Windows, I'm not sure what's needed. Could anyone familiar with Windows SGX driver please comment?

[CodeMonkeyLeet]

@MWShan Windows has an integrated support via setting of the regkey to enable admins to opt-in to enabling launch control and it seems like any additional functionality in this space would follow that model. Can you follow-up?

[MWShan]

In Windows, flexible launch control is currently supported in Windows Server 2016/2019, and is provided through a driver (see https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/driver/win ) and is must be enabled by setting the ulong value "SGX_Launch_Config_Optin" under the driver parameters registry key to "1".

If flexible launch control is supported in the HW and enabled via the registry key, then enclaves signed with a MRSIGNER from an allow-list provided in the driver will be permitted to load with the provision key (see https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/driver/win/PLE/whitelist.h ). A user must update this list in order to add new signers of enclaves using the provision key.

[radhikaj]

In SIG-Arch @MWShan - On the Windows side, this is backlogged. @MWShan - On Linux, there are customers that might want to do this This is not a priority for Intel. Other customers might want to do this though.

3526 is how this would be accomplished. #3526 cannot be tested without this.

[radhikaj]

@CodeMonkeyLeet in SIG-Arch- Integration of the 5.11 Linux driver would require us to do this work.