Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp991993imu; Fri, 11 Jan 2019 12:52:41 -0800 (PST) X-Google-Smtp-Source: ALg8bN7qJdf1auwbcfpz9+4R+K25zgxesA6tPPkD3KPOStoURqv9yf56OGuf7mYwc+RNGAfn6PQz X-Received: by 2002:a62:c613:: with SMTP id m19mr16200017pfg.207.1547239961094; Fri, 11 Jan 2019 12:52:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547239961; cv=none; d=google.com; s=arc-20160816; b=uU5U6aA7lNWv808QQxYPYd6ggivsyc4dIsD1VRWw5qQOpkwT7u+Fr1sWTLQGcPnXW6 x810Iq861xsGtK5EZnv0X/X0+Gqz+eOVfbDTdTJkkLwwl5/XWkLHoagFdR6NFKYIP8Wg rxdhh85CMOesFmTci/ylb/lTSgGb6sZRbN7UyjWYuqw1VLSkNQTNrn+brD5T77UlaZsr k2+joVJ0yNR3JFG9/BwA8Y9nNxT9xmW9jOl1Ao+mzyQYfoAm0+ArZrfTRlCOKZUyRuLj l0x1pUJ3meDoJkfUZXhtX9oRfUp7sZ07zHYH1ZZ58+xvOWwGPmFcCCfnaGmTmidkBXje hq9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=/NUIxlYuAXmaP/rYeaVJMujWpL6xqA/vuqDsLZbvEEU=; b=Gs4aDrAXa+DYWcTxageO37ByFAOdxrHZ0A1HT6t/8pUy7J/MqCZh/Uyo/tCJhjCbZY 8Rmga29nCvzsZ0UCkrlblBVXd1Rw2RzxJfuYI8yVUA+9gR4DaokOk8kwHm2ybebz+RB6 dSz6uwACXCY7PtQEn7UKRP3T074CB6IQ+DNmg6VV9xGgpSGLb6w4Bzyat1vagj4TaY3C 0CHQR+YFLxWdEH/0adYiAKtIrTy67NZcu3VW+CCEl0JcmfVYrIu/6Tx+trolF7CNwHOJ JHYrw4YQ5WliKUVPDm/ErSkRGFQfM3N70awR0+F3wxCdRysbrEBx+9CXXwdVVdladJ/Q FoRQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d3si24403911pll.161.2019.01.11.12.52.26; Fri, 11 Jan 2019 12:52:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731953AbfAKQII (ORCPT + 99 others); Fri, 11 Jan 2019 11:08:08 -0500 Received: from mga09.intel.com ([134.134.136.24]:11617 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728498AbfAKQII (ORCPT ); Fri, 11 Jan 2019 11:08:08 -0500 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jan 2019 08:08:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,466,1539673200"; d="scan'208";a="116039977" Received: from gandrejc-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.254.144]) by fmsmga008.fm.intel.com with ESMTP; 11 Jan 2019 08:07:59 -0800 Date: Fri, 11 Jan 2019 18:07:58 +0200 From: Jarkko Sakkinen To: Andy Lutomirski Cc: Sean Christopherson , "Huang, Kai" , Jethro Beekman , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra , "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , "linux-sgx@vger.kernel.org" , Josh Triplett , Haitao Huang , "Dr . Greg Wettstein" Subject: Re: x86/sgx: uapi change proposal Message-ID: <20190111160758.GC12093@linux.intel.com> References: <20181219091148.GA5121@linux.intel.com> <613c6814-4e71-38e5-444a-545f0e286df8@fortanix.com> <20181219144515.GA30909@linux.intel.com> <20181221162825.GB26865@linux.intel.com> <105F7BF4D0229846AF094488D65A0989355A45B6@PGSMSX112.gar.corp.intel.com> <20190108220946.GA30462@linux.intel.com> <20190110174550.GJ6589@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 10, 2019 at 01:36:15PM -0800, Andy Lutomirski wrote: > > Does it even matter if just leave EINITTOKENKEY attribute unprivileged > > given that Linux requires that MSRs are writable? Maybe I'll just > > whitelist that attribute to any enclave? > > > > I would at least make it work like the PROVISIONKEY bit (or whatever > it's called). Or just deny it at first. It's easy to start allowing > it if we need to down the road, but it's harder to start denying it. I think that would be a great idea to add another file to securityfs for this. Would fit perfectly to your "systemd privilege sharing" daemon example. Here consistency would be really nice. /Jarkko