Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp128273imu;
        Tue, 27 Nov 2018 09:58:35 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VboQm0h73u1jdXpJUmI8A9fs/jQdo9DcWrrShqoPRSxGEj4s1IVhA7G4c6SM66JAt1xctm
X-Received: by 2002:a17:902:f81:: with SMTP id 1mr25909046plz.174.1543341515317;
        Tue, 27 Nov 2018 09:58:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543341515; cv=none;
        d=google.com; s=arc-20160816;
        b=os/fZQqSKJt+0A+cszrhtwNoeCQmsursBRHWLggo4F1xCe8wua/LLjJn7OrYZi7WMH
         XuDt5xATZM5Wm8w8vv31LB31X3RTxgBuK7J9Z00y0QKdOjSY5BHNzx94oew7SV8vOg8w
         mwcXzWo5+KClNj60uYomVUL8VhwYrPW8nCYKBQyUAS75yH0MKLRoMarfK2Ckftpjrz1S
         UsUKpwQSpvUnaG4y/K3rCg8bCwLDJUOpNyFzysWPVOrGlWwTFeDExnlt7w+JSyF21mbd
         qjRMyOU03D5QT53fbGkCUAKqcA2wGyU92dHVJYT7px9i6eqzkPprwaLGlxz6PS0gB2Mv
         qp6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature;
        bh=FjEPeuDTsdYAOiyxauMSBTAn10p+ceWBu+lwCNn0SIM=;
        b=0Gui/4JqjbQUZT7su0F6lbExMbGb16UWFVJqxh5GeGOGr6bYFbZBSXhoJNIMzuXe1H
         nXWhQnWcARlBXCc2k1H6ZxahAj8ToVV8RkIP1xF/dMTYKdWB95UlbBjBdgy0ti+E+x7H
         ZS0dK3eJXgbhuhMo+FUAY62yc+GoW4E1YrNiLDLZRLmMCiWCbUxp4VOoG0Dhh7i1BAWY
         MauUUMV8o+KjpSOOKNMzrjM2Bv66BXPrJP/vgt9yqA3BD42DikB/IQqfxoejCVCzFMYH
         v+PfCcrbe66Qt9uoFKeERFkBYrup8t21Gmzi656DyCzi/j3OBOW98sWSgO5qbSvL/eAL
         AupQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=hW0i1vwU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w6si4302381plp.429.2018.11.27.09.58.02;
        Tue, 27 Nov 2018 09:58:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=hW0i1vwU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732150AbeK1Eyb (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Tue, 27 Nov 2018 23:54:31 -0500
Received: from mail-pg1-f195.google.com ([209.85.215.195]:36863 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732125AbeK1Eyb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Nov 2018 23:54:31 -0500
Received: by mail-pg1-f195.google.com with SMTP id n2so8211314pgm.3
        for <linux-kernel@vger.kernel.org>; Tue, 27 Nov 2018 09:55:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=FjEPeuDTsdYAOiyxauMSBTAn10p+ceWBu+lwCNn0SIM=;
        b=hW0i1vwUNt77K8T7jvjWIZMICrvFScql4kNtD32rMfygjfU/IJOimXFdveRqcEt5sl
         6N3rukKFtHprjpMr657n2HzokbZr8QaDMcdH+Npk6dMFHucIQsrKmnIw4UdfGH9LP6o2
         zX5OGraIBeEE/TNkL1Vw5bMVKS3d8og5qn5HQqbAL83vPwhNYSDSVIJZ1IIcoTASMw8R
         9sbnnV0bghCOr6HrY5xchAXaIQMazjQdQHkKRXWe9sSN25nEKRPEvgF8ahf3rzmGZAPG
         aQbS/UA24eHW70RvkemSb+1rFiaS51uWGHPYKOb+gNgFxLm53Ov2zLUBtlcfQ+iVTnX1
         K3uA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=FjEPeuDTsdYAOiyxauMSBTAn10p+ceWBu+lwCNn0SIM=;
        b=Cm+iyBhlLUCv2qU2H27G2xSaHQzUl3XK2oDyp6yGemDJAd7d8KL5m//Cbt7QoVwvjz
         /tUVg4tCFNpb+G9hnzL7FeYNTP8uyLUF3/LydqyjW7/n2ybt8nJxF2xjw216fZ7RfB/Z
         hSm6AyYapFb6t0AX1n4Wq3PU0UDnWfeBE8358Dg+qnpdA6LdTY4Gl9J6HeqgSZHOXLJZ
         5RjmUYbk5tgO085Neg/iV3Yu3v8VaSyvtF4xzWPM7Al5Psdl6pMf7GLlRH2HuHNSKV8A
         W10+lu59DkrJi725hft4YapRCkqemlRir9GhbPHGLVVCFXJcUYsI/bhOTzO9stq13dO9
         5kZA==
X-Gm-Message-State: AGRZ1gIgFopez3ZMuI8UWNM3SzeFBN9apvZEUPGFNG99x0wPDuerEsg0
        Kz9SHh9bMU3K9EDBwNIluJqWMQ==
X-Received: by 2002:a63:a112:: with SMTP id b18mr30258592pgf.440.1543341349908;
        Tue, 27 Nov 2018 09:55:49 -0800 (PST)
Received: from ?IPv6:2600:1010:b02c:1f41:9d9b:cc3f:d42b:6cdd? ([2600:1010:b02c:1f41:9d9b:cc3f:d42b:6cdd])
        by smtp.gmail.com with ESMTPSA id z14sm4913525pgv.47.2018.11.27.09.55.46
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 27 Nov 2018 09:55:47 -0800 (PST)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH v17 18/23] platform/x86: Intel SGX driver
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (16B92)
In-Reply-To: <20181127164129.GB4170@linux.intel.com>
Date:   Tue, 27 Nov 2018 09:55:45 -0800
Cc:     "Dr. Greg" <greg@enjellic.com>, Andy Lutomirski <luto@kernel.org>,
        X86 ML <x86@kernel.org>,
        Platform Driver <platform-driver-x86@vger.kernel.org>,
        linux-sgx@vger.kernel.org, Dave Hansen <dave.hansen@intel.com>,
        "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
        nhorman@redhat.com, npmccallum@redhat.com,
        "Ayoun, Serge" <serge.ayoun@intel.com>, shay.katz-zamir@intel.com,
        haitao.huang@linux.intel.com,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Svahn, Kai" <kai.svahn@intel.com>, mark.shanahan@intel.com,
        Suresh Siddha <suresh.b.siddha@intel.com>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Darren Hart <dvhart@infradead.org>,
        Andy Shevchenko <andy@infradead.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C11C9312-65BC-460A-8F9F-608E101AE5C1@amacapital.net>
References: <CALCETrX+A4XaEMq3fJqmHUeeDHr_BdWh-Wk3ikXfY=L77BbaGA@mail.gmail.com> <20181120120442.GA22172@linux.intel.com> <20181122111253.GA31150@wind.enjellic.com> <CALCETrWJr-C6yK8NBCp=NbapwHOaBFphiDU9VKEtQ0NMRrdC2g@mail.gmail.com> <20181124172114.GB32210@linux.intel.com> <20181125145329.GA5777@linux.intel.com> <0669C300-02CB-4EA6-BF88-5C4B4DDAD4C7@amacapital.net> <20181126215145.GC868@linux.intel.com> <20181126230436.GA6737@linux.intel.com> <20181127085533.GA12247@wind.enjellic.com> <20181127164129.GB4170@linux.intel.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Nov 27, 2018, at 8:41 AM, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.=
com> wrote:
>=20
>> On Tue, Nov 27, 2018 at 02:55:33AM -0600, Dr. Greg wrote:
>> Since the thread has become a bit divergent I wanted to note that we
>> have offered a proposal for a general policy management framework
>> based on MRSIGNER values.  This framework is consistent with the SGX
>> security model, ie. cryptographic rather then DAC based policy
>> controls.  This framework also allows a much more flexible policy
>> implementation that doesn't result in combinatoric issues.
>>=20
>> Our framework also allows the preservation of the current ABI which
>> allows an EINITTOKEN to be passed in from userspace.  The framework
>> also supports the ability to specify that only a kernel based launch
>> enclave (LE) should be available if the platform owner or distribution
>> should desire to implement such a model.
>>=20
>> The policy management framework is straight forward.  Three linked
>> lists or their equivalent which are populated through /sysfs
>> pseudo-files or equivalent plumbing.  Each list is populated with
>> MRSIGNER values for signing keys that are allowed to initialize
>> enclaves under three separate conditions.
>>=20
>> 1.) General enclaves without special attribute bits.
>>=20
>> 2.) Enclaves with the SGX_FLAGS_PROVISION_KEY attribute set. - i.e.,
>> 'Provisioning Enclaves'.
>>=20
>> 3.) Enclaves with the SGX_FLAGS_LICENSE_KEY attribute set - i.e., 'Launch=

>> Enclaves'.
>>=20
>> An all-null MRSIGNER value serves as a 'sealing' value that locks a
>> list from any further modifications.
>>=20
>> This architecture allows platform policies to be specified and then
>> sealed at early boot by the root user.  At that point cryptographic
>> policy controls are in place rather then DAC based controls, the
>> latter of which have perpetual security liabilities in addition to the
>> useability constraints inherent in a DAC or device node model.
>>=20
>> We have developed an independent implementation of the PSW and
>> arguably have as much experience with issues surrounding how to
>> interact with the device driver as anyone.  We have spent a lot of
>> time thinking about these issues and the above framework provides the
>> most flexible architecture available.
>=20
> Sounds like a lot bloat and policy added to the kernel whereas with
> Andy's proposal you can implement logic to a daemon and provide only
> mechanism to do it.
>=20
>=20

Well, almost. We=E2=80=99d need SGX_IOC_FREEZE_MR{ENCLAVE,SIGNER} or similar=
.  Or maybe the daemon could handle the entire loading process.  But this ca=
n wait until after the main driver is upstream.

This does lead to a question: enclaves are kind-of-sort-of mapped into a giv=
en address space. What happens if you issue the various ioctls in the contex=
t of a different mm?  For that matter, can two processes mmap the same encla=
ve?=