Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp991993imu;
        Fri, 11 Jan 2019 12:52:41 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7qJdf1auwbcfpz9+4R+K25zgxesA6tPPkD3KPOStoURqv9yf56OGuf7mYwc+RNGAfn6PQz
X-Received: by 2002:a62:c613:: with SMTP id m19mr16200017pfg.207.1547239961094;
        Fri, 11 Jan 2019 12:52:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547239961; cv=none;
        d=google.com; s=arc-20160816;
        b=uU5U6aA7lNWv808QQxYPYd6ggivsyc4dIsD1VRWw5qQOpkwT7u+Fr1sWTLQGcPnXW6
         x810Iq861xsGtK5EZnv0X/X0+Gqz+eOVfbDTdTJkkLwwl5/XWkLHoagFdR6NFKYIP8Wg
         rxdhh85CMOesFmTci/ylb/lTSgGb6sZRbN7UyjWYuqw1VLSkNQTNrn+brD5T77UlaZsr
         k2+joVJ0yNR3JFG9/BwA8Y9nNxT9xmW9jOl1Ao+mzyQYfoAm0+ArZrfTRlCOKZUyRuLj
         l0x1pUJ3meDoJkfUZXhtX9oRfUp7sZ07zHYH1ZZ58+xvOWwGPmFcCCfnaGmTmidkBXje
         hq9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:organization:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=/NUIxlYuAXmaP/rYeaVJMujWpL6xqA/vuqDsLZbvEEU=;
        b=Gs4aDrAXa+DYWcTxageO37ByFAOdxrHZ0A1HT6t/8pUy7J/MqCZh/Uyo/tCJhjCbZY
         8Rmga29nCvzsZ0UCkrlblBVXd1Rw2RzxJfuYI8yVUA+9gR4DaokOk8kwHm2ybebz+RB6
         dSz6uwACXCY7PtQEn7UKRP3T074CB6IQ+DNmg6VV9xGgpSGLb6w4Bzyat1vagj4TaY3C
         0CHQR+YFLxWdEH/0adYiAKtIrTy67NZcu3VW+CCEl0JcmfVYrIu/6Tx+trolF7CNwHOJ
         JHYrw4YQ5WliKUVPDm/ErSkRGFQfM3N70awR0+F3wxCdRysbrEBx+9CXXwdVVdladJ/Q
         FoRQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d3si24403911pll.161.2019.01.11.12.52.26;
        Fri, 11 Jan 2019 12:52:41 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731953AbfAKQII (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Fri, 11 Jan 2019 11:08:08 -0500
Received: from mga09.intel.com ([134.134.136.24]:11617 "EHLO mga09.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728498AbfAKQII (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Jan 2019 11:08:08 -0500
X-Amp-Result: UNSCANNABLE
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jan 2019 08:08:07 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,466,1539673200"; 
   d="scan'208";a="116039977"
Received: from gandrejc-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.254.144])
  by fmsmga008.fm.intel.com with ESMTP; 11 Jan 2019 08:07:59 -0800
Date:   Fri, 11 Jan 2019 18:07:58 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To:     Andy Lutomirski <luto@kernel.org>
Cc:     Sean Christopherson <sean.j.christopherson@intel.com>,
        "Huang, Kai" <kai.huang@intel.com>,
        Jethro Beekman <jethro@fortanix.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "x86@kernel.org" <x86@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        Josh Triplett <josh@joshtriplett.org>,
        Haitao Huang <haitao.huang@linux.intel.com>,
        "Dr . Greg Wettstein" <greg@enjellic.com>
Subject: Re: x86/sgx: uapi change proposal
Message-ID: <20190111160758.GC12093@linux.intel.com>
References: <20181219091148.GA5121@linux.intel.com>
 <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com>
 <20181219144515.GA30909@linux.intel.com>
 <CALCETrW_8LnitFamYUU7POHFOJFxLO7ESFUdS=aeG_SOvHVPkw@mail.gmail.com>
 <20181221162825.GB26865@linux.intel.com>
 <105F7BF4D0229846AF094488D65A0989355A45B6@PGSMSX112.gar.corp.intel.com>
 <20190108220946.GA30462@linux.intel.com>
 <CALCETrU7Zb8L8eTYZg3bAB1Gfw1orUfeQmXjVy1_R-kfBeweVA@mail.gmail.com>
 <20190110174550.GJ6589@linux.intel.com>
 <CALCETrXMW+tUyTaMmmdhGciqbktiqH6NCuLZbBqfhcnzCgMbnA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALCETrXMW+tUyTaMmmdhGciqbktiqH6NCuLZbBqfhcnzCgMbnA@mail.gmail.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jan 10, 2019 at 01:36:15PM -0800, Andy Lutomirski wrote:
> > Does it even matter if just leave EINITTOKENKEY attribute unprivileged
> > given that Linux requires that MSRs are writable? Maybe I'll just
> > whitelist that attribute to any enclave?
> >
> 
> I would at least make it work like the PROVISIONKEY bit (or whatever
> it's called).  Or just deny it at first.  It's easy to start allowing
> it if we need to down the road, but it's harder to start denying it.

I think that would be a great idea to add another file to securityfs
for this. Would fit perfectly to your "systemd privilege sharing"
daemon example. Here consistency would be really nice.

/Jarkko