Received: by 2002:a17:90a:c8b:0:0:0:0 with SMTP id v11csp2303422pja;
        Fri, 19 Apr 2019 11:37:17 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzF+ojQdij7rMxIQH7JI7k5p2YIR0+dMAspXGsAErkv5DykXvQ5s1cVTX9UtxL3ednkLG7B
X-Received: by 2002:aa7:83d1:: with SMTP id j17mr5543522pfn.78.1555699037376;
        Fri, 19 Apr 2019 11:37:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1555699037; cv=none;
        d=google.com; s=arc-20160816;
        b=OUrzsqxmPu6VROo4uCgso0LRG3wZD0NgUQ1qUW1eg4b3vJRScJQxuBPYYgqbq2mH65
         ll2eAvmtecSD5kEt05b2RdFQWT6pfYu8M24FlmJdtvxhdueReGDfNV1cSFdds8iOvDSc
         gLWneXB9lQ9Q66+vMsEMSwwMGNgp4R48ajZ29ci+ooi8lff93rIo7SmA59LMqyLUM9oS
         XRIK45MhXR/2xku9LU5tpS8KxqxFXNoPuErr/fxRi34uh1ffEX2bBSQmP+rDG/HPUJU5
         8VQgb/u8ScoAA4aCSMxT9cv/PQxGyXg0eim6gAfTEdgxLo2VLvB/LOyTPJAPtQxo2hiY
         FXZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:reply-to:message-id
         :subject:cc:to:from:date;
        bh=Xg5WNW71STEHm9drrBkxZSC7POddoK508lq6FcxX+bw=;
        b=siX+Ax2dBKHo6VtYezM0z/PHOGjRdJhh9jkFV0HTGEDLMW1ymMfk5GlP+9OhCAxJEM
         uaG/EGZrBFgAXuwf1ozTdrzacjCW7DL+M2J+WintxAmKnGxrapti3CasUJE15JSw+pnD
         NbetBZJB8IAoj+hbtWWxeIB/YIXdASne7UjMOwLNpFF2p4add2arHNkq6xjZevwFi90r
         VE50vLsl+ghFaZK7ySYqW4Ev98ULfqf8vvGtRjc6D6FKstWDmk1IV3TQCIr56JpqmDgg
         nH4ILDBBLNhmL7mre3jD0i1S2cOiaaCVbsyxdOW8IEniqWzFh28mJsqHGdBmEOlEGZld
         C18w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w22si5677492plp.318.2019.04.19.11.37.01;
        Fri, 19 Apr 2019 11:37:17 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728309AbfDSSeF (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Fri, 19 Apr 2019 14:34:05 -0400
Received: from wind.enjellic.com ([76.10.64.91]:58564 "EHLO wind.enjellic.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728285AbfDSSeD (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Apr 2019 14:34:03 -0400
Received: from wind.enjellic.com (localhost [127.0.0.1])
        by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id x3JEHZjQ002435;
        Fri, 19 Apr 2019 09:17:35 -0500
Received: (from greg@localhost)
        by wind.enjellic.com (8.15.2/8.15.2/Submit) id x3JEHWMW002434;
        Fri, 19 Apr 2019 09:17:32 -0500
Date:   Fri, 19 Apr 2019 09:17:32 -0500
From:   "Dr. Greg" <greg@enjellic.com>
To:     Dave Hansen <dave.hansen@intel.com>
Cc:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
        x86@kernel.org, linux-sgx@vger.kernel.org,
        akpm@linux-foundation.org, sean.j.christopherson@intel.com,
        nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com,
        shay.katz-zamir@intel.com, haitao.huang@intel.com,
        andriy.shevchenko@linux.intel.com, tglx@linutronix.de,
        kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org,
        luto@kernel.org, kai.huang@intel.com, rientjes@google.com
Subject: Re: [PATCH v20 00/28] Intel SGX1 support
Message-ID: <20190419141732.GA2269@wind.enjellic.com>
Reply-To: "Dr. Greg" <greg@enjellic.com>
References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com>
User-Agent: Mutt/1.4i
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Fri, 19 Apr 2019 09:17:35 -0500 (CDT)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 18, 2019 at 11:01:00AM -0700, Dave Hansen wrote:

Good morning to everyone.

> On 4/18/19 10:10 AM, Dr. Greg wrote:
> > Both the current controls for enclave access to the PROVISION
> > attribute and the security controls that are being proposed to emerge
> > for the driver, sometime in the future, suffer from being dependent on
> > discretionary access controls, ie. file privileges, that can be
> > defeated by a privilege escalation attack.  Those of us building
> > architectures on top of this technology have a need to certify that an
> > application will provide security contracts robust in the face of a
> > privilege escalation event or platform compromise.

> I'm not following.
>
> Are you saying that the implementation here is too permissive with
> the enclaves that are allowed to run?  Because it's too permissive,
> this leaves us vulnerable to SGX being used to conceal a cache
> attack?

I believe that would be the conclusion of a dispassionate observer who
has followed this conversation and read the paper that I provided a
link to.

For the benefit of those with a disinclination to read, particularly
16 page research papers, the following link provides a summary of the
issues at hand.

https://www.securityweek.com/intel-sgx-can-be-abused-hide-advanced-malware-researchers

Of relevance to this conversation is Intel Security's official
response to the paper, which is as follows:

"The value of Intel SGX is to execute code in a protected enclave;
however, Intel SGX does not guarantee that the code executed in the
enclave is from a trusted source.  In all cases, we recommend
utilizing programs, files, apps and plugins from trusted sources,"
Intel said.

The issue is not as much the ABI break but the following facts that
are at hand:

1.) The proposed mainline driver offers no cryptographic or
architecturally relevant security controls for ensuring that enclaves
are from a trusted source.

2.) Based on Andy's comments there may be a disinclination to ever
provide those controls.

3.) The approach we propose addresses these issues while imposing no
functional limitations on how Linux platform owners can use enclave
technology.

Seems like a win.

There you go, one sentence replies.

Dr. Greg

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"Laugh now but you won't be laughing when we find you laying on the
 side of the road dead."
                                -- Betty Wettstein
                                   At the Lake