Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regarding the issue of kernel version #20

Open
xiaoran33 opened this issue Nov 21, 2024 · 1 comment
Open

Regarding the issue of kernel version #20

xiaoran33 opened this issue Nov 21, 2024 · 1 comment
Assignees
@Bonjourz

Comments

@xiaoran33
Copy link

Yep, everything is well.
为啥你的是ok,奇怪,你的内核版本是5.4的哪个版本呢?cpu的型号和我这个型号是一致的吗?

If such problem still disturb you, suggest switch to Linux 5.10.
我看enable_rdfsbase的介绍,这个打开会增加漏洞风险,5.10默认就是打开的话,那5.10这个内核版本有这个风险吗?
@Bonjourz Bonjourz self-assigned this Nov 26, 2024
@Bonjourz
Copy link
Collaborator

Hi @xiaoran33 , "enable_rdfsgsbase" is a kernel module for the kernel on which fsgsbase is not enabled by kernel. So it may incur security issues, as stated in here:

This kernel module is intended for evaluation only, NOT in production! Enabling rdfsbase-family instructions in the way shown in this kernel module creates a full unpriviledged root hole in the Linux kernel.

But for newer Linux which enables fsgsbase in default, the security issues is solved. So we recommend users to use Linux 5.10 for HyperEnclave.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bonjourz Bonjourz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Bonjourz @xiaoran33