On Wed, Sep 25, 2019 at 05:32:04PM +0300, Jarkko Sakkinen wrote:
> On Tue, Sep 24, 2019 at 10:20:09AM -0700, Andy Lutomirski wrote:
> > > I think either can be considered post-upstreaming.
> >
> > Indeed, as long as the overall API is actually compatible with these
> > types of restrictions.
>
>
On Tue, Sep 24, 2019 at 10:20:09AM -0700, Andy Lutomirski wrote:
> > I think either can be considered post-upstreaming.
>
> Indeed, as long as the overall API is actually compatible with these
> types of restrictions.
I include LSM changes to the follow up versions of the patch set. This
is
> On Sep 15, 2019, at 10:24 PM, Jarkko Sakkinen
> wrote:
>
> On Sat, Sep 14, 2019 at 08:32:38AM -0700, Dave Hansen wrote:
On 9/14/19 6:41 AM, Jarkko Sakkinen wrote:
The proposed LSM hooks give the granularity to make yes/no decision
based on the
* The origin of the source of
On Sat, Sep 14, 2019 at 08:32:38AM -0700, Dave Hansen wrote:
> On 9/14/19 6:41 AM, Jarkko Sakkinen wrote:
> >
> > The proposed LSM hooks give the granularity to make yes/no decision
> > based on the
> >
> > * The origin of the source of the source for the enclave.
> > * The requested permissions
On 9/14/19 6:41 AM, Jarkko Sakkinen wrote:
>
> The proposed LSM hooks give the granularity to make yes/no decision
> based on the
>
> * The origin of the source of the source for the enclave.
> * The requested permissions for the added or mapped peage.
>
> The hooks to do these checks are
On Fri, Sep 13, 2019 at 01:38:18PM -0700, Dave Hansen wrote:
> On 9/3/19 7:26 AM, Jarkko Sakkinen wrote:
> > Not having LSM hooks does not cause any risk to other parts of the
> > kernel as the device can still be controlled by using DAC permissions.
> > The hooks just provide more granularity
On 9/3/19 7:26 AM, Jarkko Sakkinen wrote:
> Not having LSM hooks does not cause any risk to other parts of the
> kernel as the device can still be controlled by using DAC permissions.
> The hooks just provide more granularity than DAC in access decisions.
Could we translate the security-speak to
Intel(R) SGX is a set of CPU instructions that can be used by applications
to set aside private regions of code and data. The code outside the enclave
is disallowed to access the memory inside the enclave by the CPU access
control.
There is a new hardware unit in the processor called Memory
8 matches
Mail list logo