Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1264372imm; Wed, 17 Oct 2018 16:46:20 -0700 (PDT) X-Google-Smtp-Source: ACcGV60vVmm+Y9bBldjTSosRTu9yFw3JihOdGD35uRQwrxCkKP4H+zYxk2LiiuvraaBBzdH8LOKI X-Received: by 2002:a63:7d43:: with SMTP id m3-v6mr26408697pgn.341.1539819979903; Wed, 17 Oct 2018 16:46:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539819979; cv=none; d=google.com; s=arc-20160816; b=QOidMRQLYr9OkrzYBkDgv1p0nmSJpANZ6hT/VhrWzWfpyU7j3OEvsJT3v23/oz3kN8 cumfYadJFSX2kRUKoqU3zePPvyZkkPRkHflU7IqF6VUGa9RxwTU3JVzJmkuKg185her9 HylU4mspGhb7ThQcdxhwJbwibFJI6Wil5wQJlEa7LjiDCOm6jqBm6sneYcmffqVdwOvE wTW+VN/ZVWYQfiriXPWgS7vMwbdxxGmdpILQdjXwu1pxN+cVQfL1hWGKT3sTD0cczROM sdtQyMLFQIQihZmv62lxSylZWvpmTAeKs80kqZUPbNUaS4mwH5kWRr5Gx+5RjBFPfimG JYVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=POB/KpidIbXrhA8+9f07SEOcqqiaaORmydHycUm64TU=; b=Uw2+zRTXlgZyT22qXyKkK35/4LeqL6e48RX6cAsEcrzomN6RnjnA/wfXVAgE4JPpTh FBCe70/Pqc9SmGNLMqMOwL8ATAPB6P3LokeYoijaxpKpPtQ0BIF5AzFFXEdMeswXqrUY TFWldNbpxoIkLP0hdAqyVIJZqTjeaDgkImnEZMX/OeOVq5RE/YtHAtQABYSSpweD84kk zPP3PmE+bgLpmSiZkTsFofUJ3zlt0TdupmTPFwP6m542YoYMQWzGbDXEtbuZm2nu7G/n 09lJ/YiSiyZ50j00vFVnBPb82CIsNvRQW8K4CK/j4gC1TDyUvqFPGfPp12GQhRyXoZy7 7A6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h184-v6si18338679pge.562.2018.10.17.16.46.04; Wed, 17 Oct 2018 16:46:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727410AbeJRHnp (ORCPT + 99 others); Thu, 18 Oct 2018 03:43:45 -0400 Received: from mga18.intel.com ([134.134.136.126]:18151 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727309AbeJRHno (ORCPT ); Thu, 18 Oct 2018 03:43:44 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2018 16:45:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,393,1534834800"; d="scan'208";a="82066623" Received: from unknown (HELO jsakkine-mobl1) ([10.249.254.40]) by orsmga007.jf.intel.com with ESMTP; 17 Oct 2018 16:45:28 -0700 Date: Thu, 18 Oct 2018 02:45:27 +0300 (EEST) From: Jarkko Sakkinen X-X-Sender: jsakkine@jsakkine-mobl1 To: Pavel Machek cc: Jarkko Sakkinen , x86@kernel.org, platform-driver-x86@vger.kernel.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, andriy.shevchenko@linux.intel.com, Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "open list:DOCUMENTATION" , open list Subject: Re: [PATCH v14 19/19] x86/sgx: Driver documentation In-Reply-To: <20181015205436.GA28500@amd> Message-ID: References: <20180925130845.9962-1-jarkko.sakkinen@linux.intel.com> <20180925130845.9962-20-jarkko.sakkinen@linux.intel.com> <20181015205436.GA28500@amd> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 15 Oct 2018, Pavel Machek wrote: > On Tue 2018-09-25 16:06:56, Jarkko Sakkinen wrote: >> +Intel(R) SGX is a set of CPU instructions that can be used by applications to >> +set aside private regions of code and data. The code outside the enclave is >> +disallowed to access the memory inside the enclave by the CPU access control. >> +In a way you can think that SGX provides inverted sandbox. It protects the >> +application from a malicious host. > > Well, recently hardware had some problems keeping its > promises. So... what about rowhammer, meltdown and spectre? Doesn't hardware always have this problem over time? > Which ones apply, which ones do not, and on what cpu generations? Definitely should be refined. Meltdowns approach AFAIK does not work because reads outside the enclave will always have a predefined value (-1) but only if the page is present, which was later exploited in the Foreshadow attack. > Encryption, that sounds nice, but it is hard to do right. If SGX > protected code changes single bit in its memory, how many bits will be > changed in physical RAM? 512-bit blocks and merkle tree based mac. It is pretty well documented in https://eprint.iacr.org/2016/204.pdf. I'll take not to myself to add this to the references. Thanks for the feedback. The ocumentation is hard to drive forward w/o it. /Jarkko