You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Now SM is embedded into the bbl, which basically provides a lot of SBI that can enable DoS against the OS as well as some potential attacks.
For example, the enclave can shut down the entire machine using an SBI, and also request IPIs (e.g., TLB flush).
Once we make the SM keep track of the CPU states, we should be able to put some gaskets in those interfaces that prevents enclave from doing these.
The text was updated successfully, but these errors were encountered:
This should, imo, be part of our rework of enclave lifecycles into explicit fsms.
We can define the valid hart transitions along with the valid enclave state transitions and check it all at once on the SBI call.
Now SM is embedded into the bbl, which basically provides a lot of SBI that can enable DoS against the OS as well as some potential attacks.
For example, the enclave can shut down the entire machine using an SBI, and also request IPIs (e.g., TLB flush).
Once we make the SM keep track of the CPU states, we should be able to put some gaskets in those interfaces that prevents enclave from doing these.
The text was updated successfully, but these errors were encountered: