Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1483661ybi; Sat, 27 Jul 2019 10:41:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqxif6uzGNgJD7aOk01x5fce31Wj7vSldf6hL0pMvuKYicvyp6lPxB2lgWe7gfRRykruUYPy X-Received: by 2002:a63:9318:: with SMTP id b24mr85994841pge.31.1564249286971; Sat, 27 Jul 2019 10:41:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564249286; cv=none; d=google.com; s=arc-20160816; b=Dd9fpJAUQ0lDVOuQjry+xsqxKhOZZaKUgTKK1SuY/aJBVXLv4DG88WP1X8J1M07jce FLmeXeS3vAHjnKgGnXOgn6WzWIs+dr6ZLtSE59gpWLkJtZzXIAIuWF7zpTEocuTRvVHb l2QoYpdGWyji2VUOZJwSUl+/ld8lxARTEd4uL+Slv/xm+cYL72pIF953l+hyDmfy1P5I g9fr9RLpkTFNYH5hQXIvKJvhxqJxvWmbIjRIOD7n6oyEJqCW+Hn7FJFZjP8IVpFBUrJF 7k+I4QAd75QQmaeaz1G4DvRPdkoG/8dmwAq669rv67HR83EXcQRifbSFVJGMcqgy4fBO /4UQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Ep/bHJiwTJubKvCC+mCIkJn0WsJ1FO1eKm4QNltKuYQ=; b=uHYyodBXgb0MK+43sdPkd32y/5wGpQbi2guk2qX859IGNIspdAQl//kER7mfMeoU8R M+xkUAPcemis7t1d+aXGdJqHRQz887WQcksRzFGV+kTtqokqPZ787PTem4VMMzjAifaj vuJzvz0eqjo3zMQGsZAVeyv2ry+++H73oimmyPn+owceCo5IP3l37p0Xs7czGI8SemwU 1VSiTDV0e5591Of6uPDH/nNu47rmm+Vb0xYaF88JQZ8xKrB+WM1Gn7fdy3mmajyXNxAk vUlPjquZcIEubJ1ITf62kUerXuy1vGk2fhxD4n75/TZKyOT1n3MbCzM2Imfg/S/txvL8 lV5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=ChjuOA3q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s24si22901325pfh.227.2019.07.27.10.41.12; Sat, 27 Jul 2019 10:41:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=ChjuOA3q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387934AbfG0Rji (ORCPT + 99 others); Sat, 27 Jul 2019 13:39:38 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:39967 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387714AbfG0Rji (ORCPT ); Sat, 27 Jul 2019 13:39:38 -0400 Received: by mail-wm1-f66.google.com with SMTP id v19so50132167wmj.5 for ; Sat, 27 Jul 2019 10:39:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ep/bHJiwTJubKvCC+mCIkJn0WsJ1FO1eKm4QNltKuYQ=; b=ChjuOA3qi8hCRwOL9y99MT+7yo1t/bL0L6Ncsb3uWV71xRrRX6evagsWwnF98DFPzn ReISaGFh5kQyGICxbtfmuOI+gkr36ju6f2L+dBfv0rymGAWzj38ODeTccI4tatv/eqZn tdOPkjx1kA2nT3LVk/i54jbH4GmtHkszvZxc2kPpBwDfmtsA/g5tA1S5sWz5iIqF+neH hDfsbmVPkW8qxlfX819hqG4PGIiF4Us+/RLoov+UGKzyIwkhQv/+0HFbz3vWCFcdQtZK iC2FW1CYf/EJPns2g1kwR+89knj+P9DJ5Z36Hk2nEYfDWuasdkc+wHv5+VYihGBvR2E5 x+tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ep/bHJiwTJubKvCC+mCIkJn0WsJ1FO1eKm4QNltKuYQ=; b=VjzcHJUfvLebMJVvJeWXwRksZbVGPbWsqP14kplqAOiTMUitIJYoUysO4b3BKNxjiN Bp6GnSmG6nqw9usRLgfk54Kz3shB6/3v0smVcp8cJ5ztjCM48bSpWoqVpK3KaU0an5oW yIQnrnYpindfUq6023gvXor9brfG7mq6byiu+vqLW8WeHYNllpiB675T7N/0y3M1sH9Z KcBB0mmEdJ7XPnKDwDf06ONFIcNjKYMaPwDZGz5EWGn0Al5LMeisDZkPV7sgFVYpsmDf RHeRJCqvTDu+vG4k5H/4sCI65SpGpPp28hA6JaZpTDbpqFOk+VpYKSxoa1UDVq4ZoeUF NsPg== X-Gm-Message-State: APjAAAX6lavYJog82iqZVxnAnsqT0eQJnSpOeTXkS+Do8toJo3Fo+X3T OlRv8TECJsMBBgn21DMjPy1wvyxtZzhDrNVVZsC5Cw== X-Received: by 2002:a7b:c4d2:: with SMTP id g18mr91410809wmk.79.1564248742263; Sat, 27 Jul 2019 10:32:22 -0700 (PDT) MIME-Version: 1.0 References: <20190727055214.9282-1-sean.j.christopherson@intel.com> <20190727055214.9282-22-sean.j.christopherson@intel.com> In-Reply-To: <20190727055214.9282-22-sean.j.christopherson@intel.com> From: Andy Lutomirski Date: Sat, 27 Jul 2019 10:32:11 -0700 Message-ID: Subject: Re: [RFC PATCH 21/21] KVM: x86: Add capability to grant VM access to privileged SGX attribute To: Sean Christopherson Cc: Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Thomas Gleixner , Ingo Molnar , Borislav Petkov , X86 ML , Jarkko Sakkinen , Joerg Roedel , "H. Peter Anvin" , kvm list , LKML , linux-sgx@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 26, 2019 at 10:52 PM Sean Christopherson wrote: > > The SGX subsystem restricts access to a subset of enclave attributes to > provide additional security for an uncompromised kernel, e.g. to prevent > malware from using the PROVISIONKEY to ensure its nodes are running > inside a geniune SGX enclave and/or to obtain a stable fingerprint. > > To prevent userspace from circumventing such restrictions by running an > enclave in a VM, KVM restricts guest access to privileged attributes by > default. Add a capability, KVM_CAP_SGX_ATTRIBUTE, that can be used by > userspace to grant a VM access to a priveleged attribute, with args[0] > holding a file handle to a valid SGX attribute file corresponding to > an attribute that is restricted by KVM (currently only PROVISIONKEY). Looks good to me. Thanks! > +can use KVM_CAP_SGX_ATTRIBUTE to grant a VM access to a priveleged attribute. Spelling.