Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2162768yba; Fri, 19 Apr 2019 13:28:09 -0700 (PDT) X-Google-Smtp-Source: APXvYqwtPukve5mxoLkQv57hfbzxQoWKUNB/OxTs3UaSr8M6UJ8uQP9EWJvrjuCZssDCGV0OX1uk X-Received: by 2002:a17:902:9686:: with SMTP id n6mr5927074plp.282.1555705689184; Fri, 19 Apr 2019 13:28:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555705689; cv=none; d=google.com; s=arc-20160816; b=aDfmeHEIouiTgnikBHGkFmSfxQTUYNJn7MlxfW+3luR4JnKBbx5l5skUsENR2SIBKF SJrAaB4xS5seUCbXnQGqyPz0bYtA83/8t3Rc35QZgdPXETyvnmSE3tdnRkCEx727E81j RW1qz3qDeHj/0FjLRFQ4/ZcQMjlFGRxHVdljF6fYL2eNpBLn95ZwYT036vMBnD+EGhke FdViiti7ShnyKMIOny5hI1ReE9SUizXMWUfb18IMbJQTjnzVTate3icqw3RzzPe200HO TFQSY+rpzKvOgaq3lmae+vDk6/c3KpDiH3fzE0JUolfjawQGjnQSgbf12qCuGhS7hhxK ADVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date; bh=fs+VF0lRpKYKLj9tXnjX4rAOsD0zWVnglNjTHpM+eTw=; b=Q+R8mjsCTB8PDC8i2EtNQnTAAYi88VAFEmqlo5JxAlxJ7NbBDA+4L7tBunn/Eg7tN9 n8LGBJMEhBWlGlwKtYuy6GSutBopBK6g+kppVbN+vq3u72C3Av+RuQvXC4twgF1bJ6w+ VDOfn8nyIeIl+Os0i9A6QS6o5HY7iEnFVxSN7t01rzO5261yWwLvXLrPFNWrjL0UN38p J19Lvb45GuoyllkGsA9i9BWnwL475YkoUOYzrIquQPBw1akoUts04IIGTv40j4gTdaIW oa94Soj6IcESr9sZHIvw39ItAUeWcPmk2M22PbuJ6rGGi8Auoo/y8/Wzaa008EH6XM69 JXKQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 17si5863205pgk.72.2019.04.19.13.27.54; Fri, 19 Apr 2019 13:28:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725878AbfDSSec (ORCPT + 99 others); Fri, 19 Apr 2019 14:34:32 -0400 Received: from wind.enjellic.com ([76.10.64.91]:58564 "EHLO wind.enjellic.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728279AbfDSSeB (ORCPT ); Fri, 19 Apr 2019 14:34:01 -0400 Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id x3JGOqAw002718; Fri, 19 Apr 2019 11:24:52 -0500 Received: (from greg@localhost) by wind.enjellic.com (8.15.2/8.15.2/Submit) id x3JGOonq002717; Fri, 19 Apr 2019 11:24:50 -0500 Date: Fri, 19 Apr 2019 11:24:50 -0500 From: "Dr. Greg" To: Dave Hansen Cc: Jarkko Sakkinen , torvalds@linux-foundation.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org, akpm@linux-foundation.org, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com Subject: Re: [PATCH v20 00/28] Intel SGX1 support Message-ID: <20190419162450.GA2615@wind.enjellic.com> Reply-To: "Dr. Greg" References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Fri, 19 Apr 2019 11:24:52 -0500 (CDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 18, 2019 at 10:24:42AM -0700, Dave Hansen wrote: Good morning again. > On 4/18/19 10:10 AM, Dr. Greg wrote: > > In addition, the driver breaks all existing SGX software by breaking > > compatibility with what is a 3+ year ABI provided by the existing > > driver. This seems to contravene the well understood philosophy that > > Linux doesn't, if at all possible, break existing applications, > Sorry, that doesn't apply to out-of-tree modules. While we don't go > out of our way to intentionally break apps who are relying on > out-of-tree modules, we also don't go our of or way to keep them > working. Yes, there is no question that we understand this concept. The salient point is that when given an opportunity to preserve and transition an existing development community, provide an architecturally relevant driver and to impose no restrictions on how a new, as yet untested and undesigned security architecture can emerge, the decision is made to break all compatibility. > Please stop asking about this. I don't see any route where it's going > to change. Which goes to my first e-mail where I noted this was about idealogy rather then technology. Nothing wrong with that as long as we are intellectually honest. > Companies ideally shouldn't be getting their customers hooked on > out-of-tree ABIs and customers should consume out-of-tree ABIs > *expecting* them to break in the future. At the risk of being indelicate, it was your company that hooked the SGX development community on out-of-tree driver ABI's and software. We are just trying to find a mutually beneficial and productive path forward. On that note. One of the issues we have raised in multiple missives, that remains unaddressed, was the notion that the proposed driver may not work on all SGX hardware moving forward. Is there going to be an OEM mandated requirement, enforced by Intel licensing, that all SGX capable platforms will implement Flexible Launch Control? For those following along at home, here is a link to the Intel Security announcements made at RSA-2019 in February: https://newsroom.intel.com/news/rsa-2019-intel-partner-ecosystem-offer-new-silicon-enabled-security-solutions/ Of relevant note is the section 'Operational Control': "Intel is delivering a new capability called flexible launch control that enables a company's data center operations to set and manage their own unique security policies for launching enclaves as well as providing controlled access to sensitive platform identification information. This capability is currently available on Intel SGX-enabled Intel Xeon E Processors and some Intel NUC's". FLC is primarily about supporting Data-Center Attestation Services (DCAS) on XEON class servers. New technologies are released on NUC's since those are the platforms that Intel seems to target for developer experimentation. We have had some experience with legal and liability sensitivities surrounding security in general and SGX in particular. Absent an official policy statement, it is a really open question whether this driver will be universally useful, with the end result being a fair amount of chaos for the Linux SGX community. As opposed to Windows, which will have a known and stable ABI that works on any SGX capable hardware. As I noted in my first e-mail yesterday, we anticipated this and our architecture provides a path forward for resolving this issue as well. Have a good weekend. Dr. Greg As always, Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC. 4206 N. 19th Ave. Specializing in information infra-structure Fargo, ND 58102 development. PH: 701-281-1686 FAX: 701-281-3949 EMAIL: greg@enjellic.com ------------------------------------------------------------------------------ "If you get to thinkin' you're a person of some influence, try orderin' somebody else's dog around." -- Cowboy Wisdom