Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3421355ybz;
        Mon, 4 May 2020 02:39:29 -0700 (PDT)
X-Google-Smtp-Source: APiQypI9Dy7GV3XxfT9FGAgv4Rdj2RnavpmKNYyaPMZ7nChdV/Dx3XD/fqlUMUrLceYjMlnrC3kX
X-Received: by 2002:a17:906:4e46:: with SMTP id g6mr13781200ejw.36.1588585169255;
        Mon, 04 May 2020 02:39:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588585169; cv=none;
        d=google.com; s=arc-20160816;
        b=osM3gDVV+C+jebFJsdnZqUOpKKunDZcc0mUiFp7JZAB4orOlvQ3fXR9AFIfQCC7NKj
         07aZeEHrvJPNIGIgcvlAfW/f7Qq3cuNRLNuHn3lSlguDf3qxMYhHUc2h480Qv2szQOzY
         4ZYG24SuyDIuRUVBvVQDn8kaE2/SSfKGIjnxzvPwCI8Ci/PvKBHnJ+AgnaMVtrfj1g/d
         iU7E8tagCOG+oRDMmdu1DrSUkZWEUreNxh4oSUFcrug0OtZ2Js14MnawbACUiuJlwdlX
         o5+0MjJ4i+n/4sNXOAVXqpxWe9u17+y1bg14iT7uDGBKwOrag5KV71aTmyJJjMA6U7xs
         OqEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:reply-to:message-id
         :subject:cc:to:from:date;
        bh=cSxhFy11sA4am8++x8sEwBSC35/BKSBQ7atP0CcHa6Y=;
        b=gZ9S7Ckaqp2APSS7ckcfy+G0HkwmPuIPkphzbGgyV4d5AE9z652x4WIQHRk8liY/RR
         /IpeUAm0dE0mPdSNqk+G9LOMt77kenlo7RgbBRGls45k7f+ddC1NkTlP7mOsRpE30ios
         CgoPzKP8rlLv7Rj5cytyqBa4mF3SVX6Arm2ZcPMxL4mJuxpcCPpvPpofu+70lsUr37Xw
         zeQYT1rjBll4Ti8sw6LaeCpKFHG/Il7p+6JjTxMBu13pd/0FVgZKxSDwnois2m5aMVLP
         obPz7paCpNTsvKUI8V+V9jRepSoxuDUQ8akkKfTxGoEeEGb1/Ex6FMJeUbq7lUffygcs
         m4RA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k5si6100872edr.491.2020.05.04.02.39.04;
        Mon, 04 May 2020 02:39:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728339AbgEDJfD (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Mon, 4 May 2020 05:35:03 -0400
Received: from wind.enjellic.com ([76.10.64.91]:42948 "EHLO wind.enjellic.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726625AbgEDJfD (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 May 2020 05:35:03 -0400
Received: from wind.enjellic.com (localhost [127.0.0.1])
        by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id 0449YXRD005741;
        Mon, 4 May 2020 04:34:33 -0500
Received: (from greg@localhost)
        by wind.enjellic.com (8.15.2/8.15.2/Submit) id 0449YWfb005740;
        Mon, 4 May 2020 04:34:32 -0500
Date:   Mon, 4 May 2020 04:34:32 -0500
From:   "Dr. Greg" <greg@enjellic.com>
To:     Andy Lutomirski <luto@amacapital.net>
Cc:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
        x86@kernel.org, linux-sgx@vger.kernel.org,
        akpm@linux-foundation.org, dave.hansen@intel.com,
        nhorman@redhat.com, npmccallum@redhat.com, haitao.huang@intel.com,
        andriy.shevchenko@linux.intel.com, tglx@linutronix.de,
        kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org,
        luto@kernel.org, kai.huang@intel.com, rientjes@google.com,
        cedric.xing@intel.com, puiterwijk@redhat.com
Subject: Re: [PATCH v29 00/20] Intel SGX foundations
Message-ID: <20200504093432.GA5382@wind.enjellic.com>
Reply-To: "Dr. Greg" <greg@enjellic.com>
References: <20200502230510.GA28470@wind.enjellic.com> <BD424C59-0B02-451D-8DF0-74F92292A87C@amacapital.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BD424C59-0B02-451D-8DF0-74F92292A87C@amacapital.net>
User-Agent: Mutt/1.4i
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Mon, 04 May 2020 04:34:33 -0500 (CDT)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, May 02, 2020 at 05:48:30PM -0700, Andy Lutomirski wrote:

Good morning, I hope the week is starting well for everyone.

> > On May 2, 2020, at 4:05 PM, Dr. Greg <greg@enjellic.com> wrote:
> > In a nutshell, the driver needs our patch that implements
> > cryptographic policy management.
> > 
> > A patch that:
> > 
> > 1.) Does not change the default behavior of the driver.
> > 
> > 2.) Implements capabilities that are consistent with what the hardware
> > was designed to do, but only at the discretion of the platform owner.
> > 
> > 3.) Has no impact on the driver architecture.
> > 
> > The only consumer for this driver are SGX runtimes.  To our knowledge,
> > there exist only two complete runtime implementations, Intel's and
> > ours.  It us unclear why our approach to the use of the technology
> > should be discriminated against when it doesn't impact the other user
> > community.

> Can you clarify how exactly this patch set discriminates against
> your stack?

The driver has no provisions for implementing cryptographically based
SGX policy management of any type.

Our stack is extremely lightweight with no external dependencies and
is used in privacy and security sensitive applications, including
financial services of certain types.  There is a desire in this, and
other venues, to use cloud and edge resources with a strong guarantee
that the platforms have only had a known set of behaviors.  The
current DAC based controls in the driver are insufficient to provide
those guarantees.

I believe I have discussed our use of SGX previously.  In a nutshell,
we use SGX based modeling engines to supervise kernel based behavioral
namespaces, one enclave per namespace.  The closest equivalent work
that we have seen may be the IPE architecture advanced by Deven Bowers
at Microsoft but we address a number of issues that work does not,
including non-kernel based behavioral supervision.

We support the concern over hardware locked platforms and do not
disagree with the driver not supporting those platforms.  That being
said, there is no technical rationale for not providing cryptographic
policy management on FLC based platforms, as I believe our patch
demonstrates.

Best wishes for a productive week.

Dr. Greg

As always,
Dr. Greg Wettstein, Ph.D, Worker      Artisans in autonomously
Enjellic Systems Development, LLC     self-defensive platforms.
4206 N. 19th Ave.
Fargo, ND  58102
PH: 701-281-1686                      EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"Can't they?

 A 64bit number incremented every millisecond can grow for half a
 billion years.  As far as I'm concerned, that is forever."
                                -- Neil Brown
                                   linux-raid