On 2019-05-10 10:54, Dave Hansen wrote:
> On 5/10/19 10:37 AM, Jethro Beekman wrote:
>> It does assume a specific format, namely, that the memory layout
>> (including page types/permissions) of the enclave can be represented in
>> a "flat file" on disk, or at least that the enclave memory contents
>> consist of 4096-byte chunks in that file.
> 
> I _think_ Cedric's point is that, to the kernel,
> /lib/x86_64-linux-gnu/libc.so.6 is a "flat file" because the kernel
> doesn't have any part in parsing the executable format of a shared library.
> 
> I actually don't know how it works, though.  Do we just just trust that
> the userspace parsing of the .so format is correct?  Do we just assume
> that any part of a file passing IMA checks can be PROT_EXEC?
> 

ELF files are explicitly designed such that you can map them (with mmap) 
in 4096-byte chunks. However, sometimes there's overlap and you will 
sometimes see that a particular offset is mapped twice because the first 
half of the page in the file belongs to an RX range and the second half 
to an R-only range. Also, ELF files don't (normally) describe stack, 
heap, etc. which you do need for enclaves.

--
Jethro Beekman | Fortanix