Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp42603imm; Tue, 19 Jun 2018 15:32:45 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIIa1UO1RbnzdhA1JkX0BeQO6knKwb2ubgHlC0U148+pgwWmI0AEkKGuf0ter27YqAY3anX X-Received: by 2002:a63:7d4c:: with SMTP id m12-v6mr16209785pgn.201.1529447565167; Tue, 19 Jun 2018 15:32:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529447565; cv=none; d=google.com; s=arc-20160816; b=E8WS5IvevY02Nw5riX81tr+BGYq6auqn2Ka5tmUi9nWkWYHtXyLoH4/XKOEIzQIyAI 5VWFCHRf8W0jNhDsmdVOmjouNnHDzVZ5P8LFb5vAt7kUEd9I3v83tkdulwbjlMU4HviW GGtTUiCN3fvwwGvrydt1sKQzMH7B9NmSdCobHlSAc/stk1sdFdKgKrF90tlD9FmNBxNb Jg40YFO/jsR5EowwSQMQPaYuF9yBSZPxxMUAqPz8M3HvURVsjue3ZSYChDz57vyKdgvT 9IOIseIXS0HkhWlrPRBb2UqOiwNyk/Wrc6WF0jDoU3o6soeTW8ltA4mLnKWKyIS+NYZJ tkmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=s3tg3WkX0+OReNoeAh7uPlheBSZs0JMtSRfeZBPatB4=; b=WhEJTnByQuPFjHUanbvrLL9EIlLlmo3CcUPLfha0lsjC3syLxrmRQnCS+z0PTMR1vn jhL6IKXg8MPWp9HRrwjs/TCjt9ERCUEB4Nv2OLpXNYPM1OvCk1+k/3LBNopOO3l3UQdB d87v4CMpZdFLdf8MqSqC332lIXplkx/IRCWDLvc8hfknuzatoyYJMK97n7QzJZ0yZilr BX+k8lkYHxDBgVLtGCYenqSq3lO05aHmxA1ky43O/dEzxgRgksXZunIbjrLfn2aEmDgm jY7y4EbV+UozM6KlOvIQwuv7tmhE2QAOPCg3Vlw7B8IHLrrf+pnh9W8akD5zfjxQEZIw 3ZGQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g7-v6si846606plj.146.2018.06.19.15.32.30; Tue, 19 Jun 2018 15:32:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753862AbeFSWbm (ORCPT + 99 others); Tue, 19 Jun 2018 18:31:42 -0400 Received: from mslow2.mail.gandi.net ([217.70.178.242]:54262 "EHLO slow1-d.mail.gandi.net" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751032AbeFSWbj (ORCPT ); Tue, 19 Jun 2018 18:31:39 -0400 Received: from relay11.mail.gandi.net (unknown [217.70.178.231]) by slow1-d.mail.gandi.net (Postfix) with ESMTP id 4BC1A3A4F73; Tue, 19 Jun 2018 23:49:06 +0200 (CEST) Received: from localhost (jfdmzpr03-ext.jf.intel.com [134.134.139.72]) (Authenticated sender: josh@joshtriplett.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 335AA10000F; Tue, 19 Jun 2018 21:48:44 +0000 (UTC) Date: Tue, 19 Jun 2018 14:48:33 -0700 From: Josh Triplett To: Pavel Machek Cc: Jarkko Sakkinen , x86@kernel.org, platform-driver-x86@vger.kernel.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, Alexei Starovoitov , Andi Kleen , Andrew Morton , Andy Lutomirski , Borislav Petkov , "David S. Miller" , David Woodhouse , Greg Kroah-Hartman , "H. Peter Anvin" , Ingo Molnar , "open list:INTEL SGX" , Janakarajan Natarajan , "Kirill A. Shutemov" , Konrad Rzeszutek Wilk , "open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)" , Len Brown , Linus Walleij , "open list:CRYPTO API" , "open list:DOCUMENTATION" , open list , "open list:SPARSE CHECKER" , Mauro Carvalho Chehab , Peter Zijlstra , "Rafael J. Wysocki" , Randy Dunlap , Ricardo Neri , Thomas Gleixner , Tom Lendacky , Vikas Shivappa Subject: Re: [PATCH v11 00/13] Intel SGX1 support Message-ID: <20180619214833.GA5873@localhost> References: <20180608171216.26521-1-jarkko.sakkinen@linux.intel.com> <20180612105011.GA26931@amd> <20180619145943.GC8034@linux.intel.com> <20180619200414.GA3143@amd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180619200414.GA3143@amd> User-Agent: Mutt/1.10.0 (2018-05-17) X-Spam-Level: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 19, 2018 at 10:04:15PM +0200, Pavel Machek wrote: > On Tue 2018-06-19 17:59:43, Jarkko Sakkinen wrote: > > On Tue, Jun 12, 2018 at 12:50:12PM +0200, Pavel Machek wrote: > > > On Fri 2018-06-08 19:09:35, Jarkko Sakkinen wrote: > > > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > > > to set aside private regions of code and data. The code outside the enclave > > > > is disallowed to access the memory inside the enclave by the CPU access > > > > control. In a way you can think that SGX provides inverted sandbox. It > > > > protects the application from a malicious host. > > > > > > Do you intend to allow non-root applications to use SGX? > > > > > > What are non-evil uses for SGX? > > > > > > ...because it is quite useful for some kinds of evil: > > > > The default permissions for the device are 600. > > Good. This does not belong to non-root. There are entirely legitimate use cases for using this as an unprivileged user. However, that'll be up to system and distribution policy, which can evolve over time, and it makes sense for the *initial* kernel permission to start out root-only and then adjust permissions via udev. > What are some non-evil uses for SGX? Building a software certificate store. Hardening key-agent software like ssh-agent or gpg-agent. Building a challenge-response authentication system. Providing more assurance that your server infrastructure is uncompromised. Offloading computation to a system without having to fully trust that system. As one of many possibilities, imagine a distcc that didn't have to trust the compile nodes. The compile nodes could fail to return results at all, but they couldn't alter the results.