Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Issue with enclave creation and host_satp #19
My understanding of the code is that there are no mechanisms for
If so, it would allow for an enclave to gain control over the OS
If it is not the design intention, then a simple fix is to keep
Please let me know if I've missed something or if my understanding
This is an interesting issue!
The current design won't actually let anything... THAT terrible happen from an enclave trying to create another enclave inside of the OS memory, since the parent enclave won't have any access rights to the child. We should either be explicitly allowing enclaves to create enclaves (and making sure they can't do anything bad with that), or we should be blocking them. I think for now we'll want to just disable enclaves creating child enclaves. I think the worst that happens here is the OS crashes (which is bad! just not that bad)
As for the
Hi, thank you for reporting these
(1) tracking CPU state.
(2) OS manipulating