Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2775789imu; Sun, 9 Dec 2018 09:03:50 -0800 (PST) X-Google-Smtp-Source: AFSGD/WjcFuSLjZ+7LuF4yV3G0g7dCbkHVAcFpVayPHTUOiZQTtl5Tp4m3AxbWn2iPtzrJevvdRW X-Received: by 2002:a63:1b1f:: with SMTP id b31mr8145042pgb.66.1544375030841; Sun, 09 Dec 2018 09:03:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544375030; cv=none; d=google.com; s=arc-20160816; b=pmfOPKnblLLLDSr29qMQl2bU1l8Ei+feHYzCbyVDv9gKfAszdMWAlV78tE/J0+dlZ1 pPE14mfriMDWqbiXW0t5LLl17n42kPryx/LjtosEHNXweyn7jHp6rMLp+5T6V10G9yDs GG1Mc1SYRdFvumy/Hqx12sI+N4f8vz8u3qgDxudHzuY6fAKN7+/H1s8tHaJTqFWqFJpf 0T5IXJFJVqz5L4BYeKyGL+tYJL5H96qOfTbAuCfDJlewb6+3FAaOQykbMMmxNelXBFSb N9cXN+dEabISDWKZVWFKGRBUsamn54RXp9pg/y2RwtqtvxDeMxtzpVztdd2WxHrgzyym l5sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=uqw1Vr2kIE6kR9JJtSDTgmMmkH+5gk+XBEanOXGkYCs=; b=Muf7Iu31jP8rdF4VR7zzYeGR/5Nh4lwErjHA2wX18cQJ1M2VzgnJs8LmLxPSxInl2b RvFvf5Hh4mUWh8BH6D3ZmA51ydJdfoD1DrCpE3U85UV4QyruFRofM8v1JaDo+buJV+OS xHKEABtxynPYr1HMPONCqjPr2Zo1BaLouEBEtKkOGqQS9hUcApG85MERvqI2auuocNJh j/ZM4KkRu5eL4yHJIsYyBUbVq95DQ7h3kmhM2AMhXy0y19XEyG0mJ+WmUMpoIdLg7CHN I8JQ6qfeJXjnNjgKHevQIFDTVhoTdMRGHzgSDEVPV7/7pDGivool/Mmyg2lLUuOoHxTk IvOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z20si5821283pgv.159.2018.12.09.09.03.34; Sun, 09 Dec 2018 09:03:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726219AbeLIRBl (ORCPT + 99 others); Sun, 9 Dec 2018 12:01:41 -0500 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:35119 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726078AbeLIRBk (ORCPT ); Sun, 9 Dec 2018 12:01:40 -0500 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 6D92F80734; Sun, 9 Dec 2018 18:01:34 +0100 (CET) Date: Sun, 9 Dec 2018 18:01:32 +0100 From: Pavel Machek To: Andy Lutomirski Cc: Jarkko Sakkinen , X86 ML , Platform Driver , linux-sgx@vger.kernel.org, Dave Hansen , "Christopherson, Sean J" , nhorman@redhat.com, npmccallum@redhat.com, "Ayoun, Serge" , shay.katz-zamir@intel.com, haitao.huang@linux.intel.com, Andy Shevchenko , Thomas Gleixner , "Svahn, Kai" , mark.shanahan@intel.com, Suresh Siddha , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Darren Hart , andy@infradead.org, LKML Subject: Re: [PATCH v17 18/23] platform/x86: Intel SGX driver Message-ID: <20181209170132.d4hhiic3dfoky4fr@devuan> References: <20181116010412.23967-1-jarkko.sakkinen@linux.intel.com> <20181116010412.23967-19-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! > On Thu, Nov 15, 2018 at 5:08 PM Jarkko Sakkinen > wrote: > > > > Intel Software Guard eXtensions (SGX) is a set of CPU instructions that > > can be used by applications to set aside private regions of code and > > data. The code outside the enclave is disallowed to access the memory > > inside the enclave by the CPU access control. > > > > SGX driver provides a ioctl API for loading and initializing enclaves. > > Address range for enclaves is reserved with mmap() and they are > > destroyed with munmap(). Enclave construction, measurement and > > initialization is done with the provided the ioctl API. > > > > I brought this up a while back, and I think I should re-ask it now > that this driver is getting close to ready: > > As it stands, there's just one SGX character device, and I imagine > that it'll be available to unprivileged applications. I'm concerned > that this isn't quite what we want. I certainly think that everyone, > or at least almost everyone, ought to be able to run normal > enclaves. I don't think nobody or postfix or guest should be running enclaves on my systems. First, I'd like to be able to debug my systems. Second, sgx quite complex and tricky. It may turn out to be secure in the end, but I'd not be surprised if we got few CVEs before we get there. Last, I'd hate to find out in few years that I can't switch to amd cpu because firefox now requires sgx. Just make it root-only or 660 by default. Users can get permission in similar way they get rights to audio.. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html