Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp674408imm; Fri, 31 Aug 2018 10:08:22 -0700 (PDT) X-Google-Smtp-Source: ANB0VdatLS9MNyr4KwLY3pWUUg0lDagvoyWjTqOiVV1F74jVrzEwTNXNMd/2ra0+UFXvC9qgPFFo X-Received: by 2002:a62:6eca:: with SMTP id j193-v6mr16989921pfc.256.1535735302644; Fri, 31 Aug 2018 10:08:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535735302; cv=none; d=google.com; s=arc-20160816; b=z9hrW4UnJKNTLLQbmMmcSLoEVjYM71vwJ9Fp2yBJqceNj7OcfYa5/RVG4LEdh+lPtC 9M3FcqO0WxlwpuGR8Exe4jmoVmSg70+qj2ZY8DBa0lWcTWmgMPo0KmLhv8F+/DqTeGXt q8XzAQJqJzdpgGJzisqzy02NVQ8c4phkmuYVTVLbrAkuEUH6rvYT0teESj2yrPHLzaCe iT7dXC8cIjGnbVa9bhPI7n+oeEUWsmspyi6JMOb+KlZ89M/ZisbhvwfMNhlvGiWFXiOM 5bmf4JIwYB9f7vnOvRQA8RVbvH3TNJfKqin3C4J5n8WB9bePULzKikHAH5+E5ivX2Zow //cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date:arc-authentication-results; bh=tblX2AlN2XicwPju9Q5Pntc6LSDyY1cA1Rfgohi5crU=; b=KfFyHWlqE/2lDMO4WugXPHjtMNJrsy8W3rsRbS4cFO8rEKBmzHmd9DB6i0ftbymahl E+sCC9CaZXhZE5NktvmyK9gfDT2yC8Ha6HP8ZQmwoxl56iXVx24O49QD3jkYbNMOKx/Q XYvccCt+gkWLontpWnwc4A0T0g690j6bnLh48wXUB67SmaYXeKyO3BGgNggjE2zgcWy6 ARyKbaUH2QPOsICj/gC+M/1vzCzugR2kNpENW9ZWVlMTrR2WxD8gV0D6xwkmpXT8HPmH E98WV2GGwVdIFb/tuh1UK7TkuAG7Z2wYtZY/Mbz2+iK9uYL+HjhVgMdgyStyAWye2ImP lEgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b1-v6si9654581plc.168.2018.08.31.10.08.07; Fri, 31 Aug 2018 10:08:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728922AbeHaUrm (ORCPT + 99 others); Fri, 31 Aug 2018 16:47:42 -0400 Received: from wind.enjellic.com ([76.10.64.91]:55333 "EHLO wind.enjellic.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727634AbeHaUrl (ORCPT ); Fri, 31 Aug 2018 16:47:41 -0400 X-Greylist: delayed 1261 seconds by postgrey-1.27 at vger.kernel.org; Fri, 31 Aug 2018 16:47:41 EDT Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.14.3/8.14.3) with ESMTP id w7VGI5u7002300; Fri, 31 Aug 2018 11:18:05 -0500 Received: (from greg@localhost) by wind.enjellic.com (8.14.3/8.14.3/Submit) id w7VGI4L0002299; Fri, 31 Aug 2018 11:18:04 -0500 Date: Fri, 31 Aug 2018 11:18:04 -0500 From: "Dr. Greg" To: Jarkko Sakkinen Cc: x86@kernel.org, platform-driver-x86@vger.kernel.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, linux-sgx@vger.kernel.org, Kai Huang , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Konrad Rzeszutek Wilk , David Woodhouse , "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" Subject: Re: [PATCH v13 02/13] x86/cpufeature: Add SGX and SGX_LC CPU features Message-ID: <20180831161804.GA1923@wind.enjellic.com> Reply-To: "Dr. Greg" References: <20180827185507.17087-1-jarkko.sakkinen@linux.intel.com> <20180827185507.17087-3-jarkko.sakkinen@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180827185507.17087-3-jarkko.sakkinen@linux.intel.com> User-Agent: Mutt/1.4i X-Operating-System: uname -s -r X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [0.0.0.0]); Fri, 31 Aug 2018 11:18:05 -0500 (CDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 27, 2018 at 09:53:23PM +0300, Jarkko Sakkinen wrote: Good morning, I hope the week has gone well for everyone. > From: Kai Huang > > Add X86_FEATURE_SGX and X86_FEATURE_SGX_LC that define the bits > determining whether the CPU supports SGX and user launch configuration > i.e. using a custom root key rather the Intel proprietary key for > enclave signing. First of all thanks to Jarkko, Sean et.al who have been working on Linux SGX eco-system support. Given the nature and apparent mystique surrounding this technology, we are assuming that Intel has you locked away in dungeons somewhere... :-) I direct engineering efforts for an SGX development company. We are a licensed Intel ISV, ie. we have a signing key on the launch enclave whitelist. Due to the nature of our products we designed an independent implementation of the PSW which includes enclave loading and execution, EPID provisioning and remote attestation infrastructure. We have also done initial engineering on the feasibility of developing an independent authentication and attestation service. So I think we understand this technology about as well as anyone. Our reflections on the patch series are not technical as much as operational. To wit; are you guys developing this driver 'blind', ie. simply based on guidance from the SDM or are you testing them on simulators or do you actually have real live hardware with these capabilities? If you boil these 'new' patches down they basically address three primary areas of functionality; Enclave Dynamic Memory Management (EDMM), Flexible Launch Control (Unlocked identity modulus signature registers) and NUMA support. You could also throw in virtualization as that is another whole can of worms given a VM may not end up on the same die, ie. TCB base. Other then a smattering of machines which advertise basic SGX2 instruction support for EDMM, there is virtually no hardware available to test any of this functionality on. Also of interest, there is virtually no guidance available as to when any of this functionality will become available. We don't see how the Linux/SGX community can effectively debug and support this driver without some kind of an idea as to what hardware to be acquiring to test this functionality. I'm assuming that Intel has 'preferred partners' which do have access to this knowledge, which is fine, but it would seem odd to expect general community support of a driver that uses this model. It would be a significant statement in support of the community if the documentation for the driver included a table of functionality and the chip and chipset versions needed to support the stated functionality. That would significantly increase the ability for this driver to be supported and tested. Once again, thanks for all the legwork on the driver, however you are managing to exercise its functionality. Dr. Greg As always, Dr. Greg Wettstein, Ph.D. Enjellic Systems Development, LLC. 4206 N. 19th Ave. Specializing in information infra-structure Fargo, ND 58102 development. PH: 701-281-1686 FAX: 701-281-3949 EMAIL: greg@enjellic.com ------------------------------------------------------------------------------ "The couple is registered at Herbergers, Target and Fleet Farm." -- Wedding invitation West Central Minnesota