Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3809821imu; Sat, 24 Nov 2018 11:27:08 -0800 (PST) X-Google-Smtp-Source: AFSGD/XXsSP1eGdfeKH4RyAfn8tnn9Lnm1tBiWuvuquDMeLJzAs2mx92mUeGyh7P+4XqZjXaTk6v X-Received: by 2002:a63:2784:: with SMTP id n126mr19300689pgn.48.1543087628308; Sat, 24 Nov 2018 11:27:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543087628; cv=none; d=google.com; s=arc-20160816; b=wl/5d+vTxAc0cMs7ib3AdYlch36uERlD4O30mx9kSZpkba6eepvHiSborGP3Vu1r5M nrhhwQwHWNXwVyb9Q6ZnghUqpDuv2qoyxNZABorlrV9dLIg2nc9A4y1mh89NyM679Jcz +ksA3DYT/jz3QBASKA1XtcWDKLGERrEibgD4CyoNJHgm8H/9/3a8id5caZqifxEWHr+H SL+sMcwQFuET1DuaqNAeI7uWpDKOyejBWWhg8td+ZCEuYmDFSmOkkNJ8q4vmvK8ytlPN 6V8keamhJmI3JqykKgweSl+AnLMmHbPpBmCptdB+BKnlPtzXb0bZ7Pa5O2nk7COSPd6B VIaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date; bh=sXfx1DLd9NbTzk4cXh9k3mLPXDuC2p5br5KwOZ960ls=; b=gDddg8N+sMkCs27D2aemPLasz8NL5+RL6/AxyDSynKbNkIShrIIuWyPYzOf0ubNxm6 plhBbyG88/dCmGzlDi9vi4ZlLj2mU+O3ljcxdfWAiLW6iulCk6u5YIc2ZIv+NC8T8F4K d3XtIb9SRvLynpF4DLiT2HHzt9kNh+fZCnlRot37VUVKb2l0/ZVXHP0WfwJpjimcGqMJ adDo9n6BqfqzjUfIwfcHAJAiBXA1dy8oNbpDgc+Wq/usRV9OLFhq6C/YYK0BGJYMrstW fe11C/heXjeWT8Wi1M1gy05sLr+ONSDPC5z3s8Fp8WHrmEvxgtCDrRx5Ac0qI3/XBBXo cpvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d34si15208142pld.222.2018.11.24.11.26.41; Sat, 24 Nov 2018 11:27:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726200AbeKYGOq (ORCPT + 99 others); Sun, 25 Nov 2018 01:14:46 -0500 Received: from wind.enjellic.com ([76.10.64.91]:55086 "EHLO wind.enjellic.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725981AbeKYGOq (ORCPT ); Sun, 25 Nov 2018 01:14:46 -0500 Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id wAOJOuRT012273; Sat, 24 Nov 2018 13:24:56 -0600 Received: (from greg@localhost) by wind.enjellic.com (8.15.2/8.15.2/Submit) id wAOJOsKe012272; Sat, 24 Nov 2018 13:24:54 -0600 Date: Sat, 24 Nov 2018 13:24:54 -0600 From: "Dr. Greg" To: Jarkko Sakkinen Cc: Andy Lutomirski , X86 ML , Platform Driver , linux-sgx@vger.kernel.org, Dave Hansen , "Christopherson, Sean J" , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, haitao.huang@linux.intel.com, Andy Shevchenko , Thomas Gleixner , "Svahn, Kai" , mark.shanahan@intel.com, Suresh Siddha , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Darren Hart , andy@infradead.org, LKML Subject: Re: [PATCH v17 18/23] platform/x86: Intel SGX driver Message-ID: <20181124192454.GA12149@wind.enjellic.com> Reply-To: "Dr. Greg" References: <20181116010412.23967-1-jarkko.sakkinen@linux.intel.com> <20181116010412.23967-19-jarkko.sakkinen@linux.intel.com> <20181120111508.GA26127@wind.enjellic.com> <20181124161521.GB30310@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181124161521.GB30310@linux.intel.com> User-Agent: Mutt/1.4i X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Sat, 24 Nov 2018 13:24:56 -0600 (CST) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Nov 24, 2018 at 08:15:21AM -0800, Jarkko Sakkinen wrote: > On Tue, Nov 20, 2018 at 05:15:08AM -0600, Dr. Greg wrote: > > Malware would not necessarily need the Intel attestation service. > > Once access to the PROVISION bit is available, malware teams could > > simply build their own attestation service. > AFAIK not possible as they wouldn't have access to the root > provisioning key. Can be confirmed from the SDM's key derivation > table (41-56). What provisioning and attestation is all about is establishing an identity binding for a platform in question. The standard Intel service binds the identity of a platform to an EPID private key. With access to the SGX_FLAGS_PROVISION_BIT an enclave can generate a perpetual identity for a platform based on the identity modulus signature (MRSIGNER) of the key that signs the signature structure of the enclave. Without access to the root provisioning key a security quorum or group has to be implemented via a subscription or enrollment model but that is arguably not much of an obstacle. That is pretty much the way standard botware works now. Without provisions for cryptographically secure authorization and policy enforcement in the driver, we will be creating infrastructure for a new generation of botware/malware whose mothership will know that a participating platform is running with full confidentiality and integrity protections. > /Jarkko Dr. Greg As always, Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC. 4206 N. 19th Ave. Specializing in information infra-structure Fargo, ND 58102 development. PH: 701-281-1686 FAX: 701-281-3949 EMAIL: greg@enjellic.com ------------------------------------------------------------------------------ "Remember that when you take down the fishhouse you can't put the minnows back into the lake, so throw them out on the ice. Make sure you stomp on any of the live ones so they don't suffer." -- Fritz Wettstein At the lake