[Bug 2009502] Re: Enable /dev/sgx_vepc access for the group 'sgx'

William Wilson 2009502 at bugs.launchpad.net
Fri Mar 24 17:07:14 UTC 2023 

The verification passed for jammy:

william at william-Latitude-E7470  ~  apt-cache policy udev    
udev:
  Installed: 249.11-0ubuntu3.7
  Candidate: 249.11-0ubuntu3.9
  Version table:
     249.11-0ubuntu3.9 500 
        500 http://us.archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
 *** 249.11-0ubuntu3.7 500 
        500 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
        100 /var/lib/dpkg/status
     249.11-0ubuntu3 500 
        500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
 william at william-Latitude-E7470  ~  ls -l /dev/sgx_vepc    
crw------- 1 root root 10, 125 Mar 24 12:42 /dev/sgx_vepc
william at william-Latitude-E7470  ~  apt-cache policy udev
udev:
  Installed: 249.11-0ubuntu3.9
  Candidate: 249.11-0ubuntu3.9
  Version table:
 *** 249.11-0ubuntu3.9 500 
        500 http://us.archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     249.11-0ubuntu3.7 500 
        500 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
     249.11-0ubuntu3 500 
        500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
 william at william-Latitude-E7470  ~  ls -l /dev/sgx_vepc  
crw-rw---- 1 root sgx 10, 125 Mar 24 12:48 /dev/sgx_vepc
 william at william-Latitude-E7470  ~ 


** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2009502

Title:
   Enable /dev/sgx_vepc access for the group 'sgx'

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Jammy:
  Fix Committed

Bug description:
  [ Impact ]

  On systems where Intel SGX is available, access to a specific device
  node (/dev/sgx_vepc) must be enforced, with a specific permission
  (0660) and group (sgx).

  This allows KVM-based virtual machines to use such feature (the SGX
  "enclaves") in a proper fashion.  Without this, a manual udev rule
  needs to be created.

  [ Test Plan ]

  As the patch itself only tailors the permissions/group to the device
  node, in a system with Intel-SGX enabled, merely `ls -la` against the
  device node should show if the permissions and group are seen as
  expected.

  [ Where problems could occur ]

  N/A.  This seems to be a very straightforward inclusion, very specific
  to access enablement to the SGX reserved memory used for hosting
  enclaves.

  [ Other Info ]

  N/A.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2009502/+subscriptions

More information about the foundations-bugs mailing list