Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4693455imu; Sun, 25 Nov 2018 08:23:32 -0800 (PST) X-Google-Smtp-Source: AJdET5fxrukxCP4L26VJkHLeTnlyT2M18q2WaIAyOLyGpkY9VBt0X0/O39JupPm49waKYT5DuqJa X-Received: by 2002:a62:3948:: with SMTP id g69mr24529347pfa.114.1543163012018; Sun, 25 Nov 2018 08:23:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543163011; cv=none; d=google.com; s=arc-20160816; b=u6yD08bEJm2TS9lpgYkVS3Pr3oCExlw1JzWZkz1VIUfqX0gD712ODk+QVAmLBBqQaU BFznV9SzhIyNCYMDR80ZoPKE2WlEvTkOvtkb9ifWRqBXG5AGCXU3qEqv3c+Xa1JA0YpY e4iJl9sELL/VuZybz+OpRnxl83IulY+EQvELi0e6jCfW7agNcWShuKvvqjBzftrU5zO3 PujmivDZdAVJpyZFQRj675UsKZoTKNlyc4hW40xw/9fm/+Og4JqwXceE+yWsz3qceQJL AzFEPc4eaOleay0eUhEvhZWHkVqvLycDC3mR6BKHjfb9GZKSJaKZh79oUvz3xTsAcwL7 26qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=m0PVqkjcw+12u0+KUpFGsrTYmf3DdzTqCQWVqScVdZ8=; b=H0m5eyXNzXbIuhT4UFqT/G6XEeYkE4ZsIY4rMLYXXSgKPrDLPXaN+EPzxCXDnQs0ae SAw8JEustPi9kOOdm4gq6Qm81H6GcRCt6RCSaJBS+ChqME6Cm0LRzZm5SrK5ID28ynDw /OeFKzpErMQLKSTSSNjcCfrcfV9qRDhzFdWUy0RBZZB+XfOe4Ct6JMO9y7CWw7mD4kH3 vdAOuCj57nn6CYY3rQqZDtoAwIWbHxz6tpmXRJ3fyL/XJnCd62HTuvNBuMVyjq5wl0mV b4gujc70evJtucDwrHGbSEI5jKi46JPdLZ97+pLcyu5b08faP2EBFUImNNH6B2w5KU8y bTIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=DxNiQADu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a5-v6si61978700plp.132.2018.11.25.08.23.16; Sun, 25 Nov 2018 08:23:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=DxNiQADu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726620AbeKZDOC (ORCPT + 99 others); Sun, 25 Nov 2018 22:14:02 -0500 Received: from mail-pf1-f193.google.com ([209.85.210.193]:36972 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726395AbeKZDOC (ORCPT ); Sun, 25 Nov 2018 22:14:02 -0500 Received: by mail-pf1-f193.google.com with SMTP id u3-v6so5377898pfm.4 for ; Sun, 25 Nov 2018 08:22:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=m0PVqkjcw+12u0+KUpFGsrTYmf3DdzTqCQWVqScVdZ8=; b=DxNiQADuf2HNQWqalXSE0mcE9H0HM+fIkUChnNmyIDBS9oV75M2b5hsJ4yjhZvKxuV ihRRte0gMRWjvYtsTn3u86K1CM6ivHJhTdhMxR8lL0nt2HEnDT+e/3RSrqT0yygv9LlM s8CfmwRBj4m48/pWBWZ+7/madFdLU0GfajBmExXRL6C6dnd7v13bc59jsd4T7+MZOA5R HBHbMF/k0QewuoNy03Svo+MnAcPfi0YDnoCwiImsYYEOOYrzUkOy7/Xpcqt15m47jJWq +SAaZ2wfPXwoGDREm9LTWROEMmwAQp93Y2/IuWUhBIqx7nKd4wx8kHhb7w+lIy1wAjD6 l+qQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=m0PVqkjcw+12u0+KUpFGsrTYmf3DdzTqCQWVqScVdZ8=; b=X4W1q0BBvOt8FeqMIGELG8Jv+lqu2fqmukD8c0ptFNidR9cTfK8/3gJY8rMFXJkPbp 6L7xa3n+FzYE+MnvMNVFKjy+dXp59k9D0Or84Hf2JxKWJ3JDn7X8qvGapsXYMSAwXqRT 8g5ORHs79DLbd5pYVlK1UkrsRg94TKC49DGpd+CWu1OfV/TuijRlyO4nQy4cJJKhmjF1 Ke2sphP3rs5v/7AmLOHJ4EcWvpIXCw/lFP8jFhnv6f23BqGHTbsSUgO9e6Ey4FhOyXh4 AESAYPFzJk3ZRzo2lYH59jy0xdGvsouRDheAL6JWyYMs3IqX7qdFtXTWlvyTx1N2ZXCA lLCA== X-Gm-Message-State: AA+aEWa1KTk487ucgV2asnM/ZZObbRuaoFpzP0wTpMw3HwTAzJkRz3tr n97tGhUlkmQFYmPzf/dgcJGdGg== X-Received: by 2002:a65:610d:: with SMTP id z13mr21763674pgu.427.1543162957002; Sun, 25 Nov 2018 08:22:37 -0800 (PST) Received: from ?IPv6:2601:646:c200:7429:8ca1:5464:4cf7:ce39? ([2601:646:c200:7429:8ca1:5464:4cf7:ce39]) by smtp.gmail.com with ESMTPSA id w80-v6sm93123672pfk.11.2018.11.25.08.22.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Nov 2018 08:22:36 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v17 18/23] platform/x86: Intel SGX driver From: Andy Lutomirski X-Mailer: iPhone Mail (16A404) In-Reply-To: <20181125145329.GA5777@linux.intel.com> Date: Sun, 25 Nov 2018 08:22:35 -0800 Cc: Andy Lutomirski , "Dr. Greg Wettstein" , X86 ML , Platform Driver , linux-sgx@vger.kernel.org, Dave Hansen , "Christopherson, Sean J" , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, haitao.huang@linux.intel.com, Andy Shevchenko , Thomas Gleixner , "Svahn, Kai" , mark.shanahan@intel.com, Suresh Siddha , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Darren Hart , Andy Shevchenko , LKML Content-Transfer-Encoding: quoted-printable Message-Id: <0669C300-02CB-4EA6-BF88-5C4B4DDAD4C7@amacapital.net> References: <20181116010412.23967-1-jarkko.sakkinen@linux.intel.com> <20181116010412.23967-19-jarkko.sakkinen@linux.intel.com> <20181119161917.GF13298@linux.intel.com> <20181120120442.GA22172@linux.intel.com> <20181122111253.GA31150@wind.enjellic.com> <20181124172114.GB32210@linux.intel.com> <20181125145329.GA5777@linux.intel.com> To: Jarkko Sakkinen Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >> On Nov 25, 2018, at 6:53 AM, Jarkko Sakkinen wrote: >>=20 >> On Sat, Nov 24, 2018 at 09:21:14AM -0800, Jarkko Sakkinen wrote: >> On Thu, Nov 22, 2018 at 07:21:08AM -0800, Andy Lutomirski wrote: >>>> At a high level, addressing these issues is straight forward. First, >>>> the driver needs to support authorization equivalent to that which is >>>> implemented in the current Intel Launch Enclave, ie. control over the >>>> SGX_FLAGS_PROVISION_KEY attribute. >>>=20 >>> I agree, hence my email :) >>=20 >> Started to scratch my head that is it really an issue that any enclave >> can provision in the end? >>=20 >> Direct quote from your first response: >>=20 >> "In particular, the ability to run enclaves with the provisioning bit set= >> is somewhat sensitive, since it effectively allows access to a stable >> fingerprint of the system." >>=20 >> As can be seen from the key derivation table this does not exactly hold >> so you should refine your original argument before we can consider any >> type of change. >>=20 >> I just don't see what it is so wrong for any enclave to be able to tell >> that it really is an enclave. >=20 > I mean I can understand why Greg wants LE although I don't understand > what benefit does it bring to anyone to lock in for enclave to allow > to identify itself. >=20 > What you are proposing does not really bring any additional security if > we consider a threat model where the kernel is an adversary but it makes > the software stack more clanky to use. Agreed. What I=E2=80=99m proposing adds additional security if the kernel is= *not* compromised. There are other ways to accomplish it that might be better in some respects.= For example, there could be /dev/sgx and /dev/sgx_rights/provision. The f= ormer exposes the whole sgx API, except that it doesn=E2=80=99t allow provis= ioning by default. The latter does nothing by itself. To run a provisioning e= nclave, you open both nodes, then do something like: ioctl(sgx, SGX_IOC_ADD_RIGHT, sgx_provisioning); This requires extra syscalls, but it doesn=E2=80=99t have the combinatorial e= xplosion problem.=