Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1194936imu; Fri, 21 Dec 2018 14:31:15 -0800 (PST) X-Google-Smtp-Source: ALg8bN7VfOtIxmZoQovrcpEtpvGXSzgA6wdvPK++F+UUf+vk7RtDqyy546arjs4oyc8TzmiivnZ9 X-Received: by 2002:a63:4611:: with SMTP id t17mr4076448pga.119.1545431475863; Fri, 21 Dec 2018 14:31:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545431475; cv=none; d=google.com; s=arc-20160816; b=B4oEVBtBLpDjKeywzAZwGNKnINlUPNGDT9GbnhWOAFyUSm0hH4PFaJP/BZEjG9M2hG R65VoR9cgF6MvXYz5+Vz0ChrbKiM0LY3d1o8KNYmRvAe57VxAHJw2Y6QxUPp9Iu8wEvl MfQkJc6mCEkXSpJSOj5C4pE8DcVGsZbJwtfVhMMafc+S2s7RsRr7DEowP13m8vUb8XKE tL7kFsIqHDncpJX3nNvqAWaps89IXGukqaj1dTqTkNP6PbJ50Z2vZrJfbsxICLDekJHf qfklfqha0zGEl4ZXg8954Z14ETwUBykqIFZ+53gusu0uVdUXHUph9dwZtQGkqOBUN96J PilQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=/rlJ+AcJ3mAXoPtq3S+12jSpMItGdcGd/HPxATI5kBM=; b=ul+Ajgm5Bgp1oJZ5JJ0l2w8QGXbaxk08rlfsx6sEs/0OIvgLb0tDY7C7uj6VPVvYQt FHv6bEgzf4pCul2FnAiXsKJo2nKkkO7xDohYxwtnkBC8mGFLG0TqW5SCOPfs+GAEsZ3G RN22RS/ZvxG/BhyVaG0J3mgqT6UC00+rhbM7Aa181TkWQxPH+W9mtVdJq20hNICwdraV 6cDsuWvVKVXvQ1A6hMBbaMxXuKjDmgwu5vZLeNzPYOwOUMn0z/zcxD6H9bQArV78gyE5 ewtAjSVEFt5W8Zk+Bl27NBSVd73npIIoOttlkL/DlRfx4G23y5q8sIvgVPa9BpuAu+CG e45Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 123si5096569pfx.109.2018.12.21.14.30.59; Fri, 21 Dec 2018 14:31:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731277AbeLUNsi (ORCPT + 99 others); Fri, 21 Dec 2018 08:48:38 -0500 Received: from mga17.intel.com ([192.55.52.151]:31678 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725807AbeLUNsh (ORCPT ); Fri, 21 Dec 2018 08:48:37 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Dec 2018 05:48:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,381,1539673200"; d="scan'208";a="129753180" Received: from kaczmarx-mobl.ger.corp.intel.com (HELO localhost) ([10.249.254.231]) by fmsmga004.fm.intel.com with ESMTP; 21 Dec 2018 05:48:31 -0800 Date: Fri, 21 Dec 2018 15:48:30 +0200 From: Jarkko Sakkinen To: "Dr. Greg" Cc: Jethro Beekman , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "sean.j.christopherson@intel.com" , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Andy Lutomirski , Josh Triplett , Haitao Huang Subject: Re: x86/sgx: uapi change proposal Message-ID: <20181221134830.GA5799@linux.intel.com> References: <20181214215729.4221-1-sean.j.christopherson@intel.com> <7706b2aa71312e1f0009958bcab24e1e9d8d1237.camel@linux.intel.com> <598cd050-f0b5-d18c-96a0-915f02525e3e@fortanix.com> <20181219144343.GA31189@wind.enjellic.com> <20181220103400.GC26410@linux.intel.com> <20181220220638.GA25110@wind.enjellic.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181220220638.GA25110@wind.enjellic.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 20, 2018 at 04:06:38PM -0600, Dr. Greg wrote: > On Thu, Dec 20, 2018 at 12:34:00PM +0200, Jarkko Sakkinen wrote: > > Good afternoon to everyone. > > > On Wed, Dec 19, 2018 at 08:43:43AM -0600, Dr. Greg wrote: > > > I believe it is a silent response to the issues we were > > > prosecuting 4-5 weeks ago, regarding the requirement for an SGX > > > driver on an FLC hardware platform to have some semblance of > > > policy management to be relevant from a security/privacy > > > perspective. It would have certainly been collegial to include a > > > reference to our discussions and concerns in the changelog. > > > > > > See 364f68f5a3c in Jarkko's next/master. > > > > > > The changeset addresses enclave access to the PROVISION key but is > > > still insufficient to deliver guarantees that are consistent with > > > the SGX security model. In order to achieve that, policy > > > management needs to embrace the use of MRSIGNER values, which is > > > what our SFLC patchset uses. > > > > > > The noted changeset actually implements most of the 'kernel bloat' > > > that our SFLC patchset needs to bolt onto. > > > > > > As of yesterday afternoon next/master still won't initialize a > > > non-trivial enclave. Since there now appears to be a wholesale > > > change in the driver architecture and UAPI we are sitting on the > > > sidelines waiting for an indication all of that has some hope of > > > working before we introduce our approach. > > > > > > Part of SFLC won't be popular but it is driven by clients who are > > > actually paying for SGX security engineering and architectures. > > > How many of these people are actually posting here? > > None that I know of. > > The individuals I was referring to are CISO's and security risk > managers of multi-billion dollar corporations and/or 3-letter > entities. It has been my own personal observation that they don't > have time to post to the Linux Kernel Mailing List. > > The time they do spend on this technology seems to involve sitting in > meetings and making decisions on whether or not to authorize capital > expenditure budgets for Intel processors and chipsets, based on > whether or not an SGX security stack can definably implement the > security controls that are being imposed on their organizations by the > government and/or their liability carriers. > > Such issues may be out of mainstream kernel concerns but hopefully not > conceptually elusive with respect to their implications. Well, the process is anyway what it is. I'm sending v18 and you are free to comment the code change associated with the provision. /Jarkko