[Bug 2009502] [NEW] Enable /dev/sgx_vepc access for the group 'sgx'

Pedro Principeza 2009502 at bugs.launchpad.net
Mon Mar 6 14:41:40 UTC 2023 

Public bug reported:

[ Impact ]

On systems where Intel SGX is available, access to a specific devide
node (/dev/sgx_vepc) must be enforced, with a specific permission (0660)
and group (sgx).

This allows KVM-based virtual machines to use such feature (the SGX
"enclaves") in a proper fashion.  Without this, a manual udev rule needs
to be created.


[ Test Plan ]

As the patch itself only tailors the permissions/group to the device
node, in a system with Intel-SGX enabled, merely `ls -la` against the
device node should show if the permissions and group are seen as
expected.


[ Where problems could occur ]

N/A.  This seems to be a very straightforward inclusion, very specific
to access enablement to the SGX reserved memory used for hosting
enclaves.

[ Other Info ]
 
N/A.

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2009502

Title:
   Enable /dev/sgx_vepc access for the group 'sgx'

Status in systemd package in Ubuntu:
  New

Bug description:
  [ Impact ]

  On systems where Intel SGX is available, access to a specific devide
  node (/dev/sgx_vepc) must be enforced, with a specific permission
  (0660) and group (sgx).

  This allows KVM-based virtual machines to use such feature (the SGX
  "enclaves") in a proper fashion.  Without this, a manual udev rule
  needs to be created.

  
  [ Test Plan ]

  As the patch itself only tailors the permissions/group to the device
  node, in a system with Intel-SGX enabled, merely `ls -la` against the
  device node should show if the permissions and group are seen as
  expected.

  
  [ Where problems could occur ]

  N/A.  This seems to be a very straightforward inclusion, very specific
  to access enablement to the SGX reserved memory used for hosting
  enclaves.

  [ Other Info ]
   
  N/A.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2009502/+subscriptions

More information about the foundations-bugs mailing list