Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5246060imu; Wed, 19 Dec 2018 07:59:23 -0800 (PST) X-Google-Smtp-Source: AFSGD/WuznlmCaLZRuBIjX1aR+f/b02ogteX4OzMc70qZL4rxBxkX/auyIPt7cc9omhWvdA2bbXI X-Received: by 2002:a17:902:50e3:: with SMTP id c32mr21028230plj.318.1545235163520; Wed, 19 Dec 2018 07:59:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545235163; cv=none; d=google.com; s=arc-20160816; b=i77Ln9X2VtOjZlzE8ztCosHWUzENzzx5XR8VMBtUA409fCUJmaAwtTSvj0QF0TZofp YKU7NQQcFCRWf7Y0u/JJXdYlbobqK+73ZZjlxGIfMqZmg7eeA9H7CrlpUoiPcR8AwnnI h9TPQJX2WEihU9+dZNBJrqi1bqPDYZurfopomEIUGgXMODmIwcB0M9QQsqr0dSa/HvX7 PNP8NRyl3x3PYbHCgWlh0SB66bVXhDSetuY5Rma04FrWm2unYqr7RmmVNnVuooneS/5v gjNAtAh8qqgHa/+jnsaflW8hyHJA7FIMQEKm3kmhGjQxbMFq2ucLF84Y0liD3u+NiiNQ Pobg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date; bh=PwnO0mqzqmhI7j6dHMadZM8Y8UilpVRrjRJ8r2Bsmi4=; b=IVH+3NmEVjqGM/46mrrsHtnQd7vFfH2HTV96hTpou4CVEoDqc4X9oM27lBXdgZwhds nHmQNGvJXw3OgciOaLOeTlG+4qvni1q298Fyl6goJK0geNa12y8deO8zh4zssn8yNGrn ohlZqBB34bPKvFfu0TlDM28QVHZ3XsHLRG6Ce+9OK2D2Q9YBPRn2XSYFdnqSq1ngy2cn FBZiYFm8JJygum33oMV3rB32sDcXNUf/ol2RjWccQAoPLeDbS8ATNF7A2pBUcHg5o9aF ZbDGWnSqymqdWwHtVbAmLwzF5p0tN9iTFa4VP+XKEDPPFR9Wfe2E3XMKNH1mefE28WmN 85PA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3si16522616pgc.232.2018.12.19.07.59.07; Wed, 19 Dec 2018 07:59:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729697AbeLSOqr (ORCPT + 99 others); Wed, 19 Dec 2018 09:46:47 -0500 Received: from wind.enjellic.com ([76.10.64.91]:57640 "EHLO wind.enjellic.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727943AbeLSOqr (ORCPT ); Wed, 19 Dec 2018 09:46:47 -0500 Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id wBJEhj5k031580; Wed, 19 Dec 2018 08:43:45 -0600 Received: (from greg@localhost) by wind.enjellic.com (8.15.2/8.15.2/Submit) id wBJEhhv3031579; Wed, 19 Dec 2018 08:43:43 -0600 Date: Wed, 19 Dec 2018 08:43:43 -0600 From: "Dr. Greg" To: Jethro Beekman Cc: Jarkko Sakkinen , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "sean.j.christopherson@intel.com" , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Andy Lutomirski , Josh Triplett , Haitao Huang Subject: Re: x86/sgx: uapi change proposal Message-ID: <20181219144343.GA31189@wind.enjellic.com> Reply-To: "Dr. Greg" References: <20181214215729.4221-1-sean.j.christopherson@intel.com> <7706b2aa71312e1f0009958bcab24e1e9d8d1237.camel@linux.intel.com> <598cd050-f0b5-d18c-96a0-915f02525e3e@fortanix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <598cd050-f0b5-d18c-96a0-915f02525e3e@fortanix.com> User-Agent: Mutt/1.4i X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Wed, 19 Dec 2018 08:43:45 -0600 (CST) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Dec 19, 2018 at 08:41:12AM +0000, Jethro Beekman wrote: Good morning, I everyone is weathering the pre-holiday season well. > On 2018-12-19 13:28, Jarkko Sakkinen wrote: > > * @eclave_fd: file handle to the enclave address space > > * @attribute_fd: file handle of the attribute file in the securityfs > > */ > >struct sgx_enclave_set_attribute { > > __u64 enclave_fd; > > __u64 attribute_fd; > >}; > What is this for? I believe it is a silent response to the issues we were prosecuting 4-5 weeks ago, regarding the requirement for an SGX driver on an FLC hardware platform to have some semblance of policy management to be relevant from a security/privacy perspective. It would have certainly been collegial to include a reference to our discussions and concerns in the changelog. See 364f68f5a3c in Jarkko's next/master. The changeset addresses enclave access to the PROVISION key but is still insufficient to deliver guarantees that are consistent with the SGX security model. In order to achieve that, policy management needs to embrace the use of MRSIGNER values, which is what our SFLC patchset uses. The noted changeset actually implements most of the 'kernel bloat' that our SFLC patchset needs to bolt onto. As of yesterday afternoon next/master still won't initialize a non-trivial enclave. Since there now appears to be a wholesale change in the driver architecture and UAPI we are sitting on the sidelines waiting for an indication all of that has some hope of working before we introduce our approach. Part of SFLC won't be popular but it is driven by clients who are actually paying for SGX security engineering and architectures. > Jethro Beekman | Fortanix Best wishes for a pleasant holiday season to everyone. Dr. Greg As always, Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC. 4206 N. 19th Ave. Specializing in information infra-structure Fargo, ND 58102 development. PH: 701-281-1686 FAX: 701-281-3949 EMAIL: greg@enjellic.com ------------------------------------------------------------------------------ "Politics is the business of getting power and privilege without possessing merit." -- P.J. O'Rourke