Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2712769ybt; Tue, 16 Jun 2020 13:06:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyqa866Pq8vG3RGmhpIN2ChuBEEF8i0L4hZHmh0TDM2bbtg9PxHJfIZfmEdSG9au6djQeof X-Received: by 2002:a50:f985:: with SMTP id q5mr4085318edn.180.1592337983421; Tue, 16 Jun 2020 13:06:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592337983; cv=none; d=google.com; s=arc-20160816; b=cP5I5sqLrEtDPuX4Qui3IXQF3/dZqRgC1UkVjC/hi/YVfpIyUZXSxj1CAz3OASl4cU kowDOxIPjSyyCQRd8VPfUt85ugWrHHKYpWpZAxamGO9RLLU3tQ7z6H0eCY6++R/1oMll yTgsw6d5NKOAmyXrDrYiqctShMoK9PfHbE2juCzZHDZbt7D8SsX5w/JTqPPuYOv36Q/8 L19GLRvIDXqDj/E4BQHdxtpxAcmTJyRyYrXHhBluKm7WO8S/pLSmoqElELo5NH/rs3TN YX5MeMopTkgMzyj4796ew9mcrYZ3wcqheDl3oIm6P2WyBscHgAfL/hViR5Lyv8ENd+MU 66rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=dAVDZ1ELHWfjQJslhXNCuLFAnFTDskiXx/dLVKo4d7I=; b=X/roI9iWjpehEkzBHj5obDJz69TVdQqp0lABga5dRnSjMDPeG2zxc5bn1Kk5Rcmpsk POnF5NWL55fuYDaiq2HH77XIom0IO2VeEBIcQVrsUJiOF6pD9nQVYzxCrUCCrOtsFvZA 7b0gyvOVzT+RishB02xHfu4Bnxht+bhZqdTwjVOw8xUAeIqZBZnZeR4zshrNzHI9lzwZ cZs3pbd2BD8kgTSA8kKE0JuwVu//84M3Loy+MXYL3KYMSCqaDFbJUl9CUh5hRKG1kVY3 +yZJsSiioqfM7QTbbzi5TZ4heDWEQQUUaAFlENBOfcgQqkiS4CdlM8YK8MWc4Hsggj+h Io/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dn7si11167082edb.219.2020.06.16.13.06.00; Tue, 16 Jun 2020 13:06:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731446AbgFPUD4 (ORCPT + 99 others); Tue, 16 Jun 2020 16:03:56 -0400 Received: from mga06.intel.com ([134.134.136.31]:28515 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728144AbgFPUD4 (ORCPT ); Tue, 16 Jun 2020 16:03:56 -0400 IronPort-SDR: FNDARWTyEfe9LQrY4f16kwE8XFPquGxRNzX/xMJceO43+kZpxi/tR4lTDJUgOG526Ahx6lE4uL C9wI6QFDTkPA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2020 13:03:54 -0700 IronPort-SDR: DDtB3ILQ5D5ZvvAfB50H2JP1z3+T3wWqPrujAox/m+LPMKmm7vFSCo53PeQRrlkmsFxpxdW2xD 86yo9AaQSXDg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,519,1583222400"; d="scan'208";a="291183641" Received: from gosinald-mobl2.ger.corp.intel.com (HELO localhost) ([10.249.36.106]) by orsmga002.jf.intel.com with ESMTP; 16 Jun 2020 13:03:42 -0700 Date: Tue, 16 Jun 2020 23:03:40 +0300 From: Jarkko Sakkinen To: Darren Kenny Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org, linux-security-module@vger.kernel.org, Jethro Beekman , Andy Lutomirski , akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com, asapek@google.com, bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, dave.hansen@intel.com, haitao.huang@intel.com, josh@joshtriplett.org, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com, rientjes@google.com, sean.j.christopherson@intel.com, tglx@linutronix.de, yaozhangx@google.com Subject: Re: [PATCH v32 12/21] x86/sgx: Add provisioning Message-ID: <20200616200340.GB10412@linux.intel.com> References: <20200601075218.65618-1-jarkko.sakkinen@linux.intel.com> <20200601075218.65618-13-jarkko.sakkinen@linux.intel.com> <20200616195450.GA10412@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200616195450.GA10412@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 16, 2020 at 10:55:11PM +0300, Jarkko Sakkinen wrote: > On Fri, Jun 05, 2020 at 09:09:49PM +0100, Darren Kenny wrote: > > TYPO: s/devilering/delivering/? > > I decided to rewrite the whole thing: > > x86/sgx: Allow a limited use of ATTRIBUTE.PROVISIONKEY for attestation > > Provisioning Certification Enclave (PCE), the root of trust for other > enclaves, generates a signing key from a fused key called Provisioning > Certification Key. PCE can then use this key to certify an attestation key > of a QE, e.g. we get the chain of trust down to the hardware if the Intel > signed PCE is used. > > To use the needed keys, ATTRIBUTE.PROVISIONKEY is required but should be > only allowed for those who actually need it so that only the trusted > parties can certify QE's. > > Obviously the attestation service should know the public key of the used > PCE and that way detect illegit attestation, but whitelisting the legit > users still adds an additional layer of defence. > > Add new device file called /dev/sgx/provision. The sole purpose of this > file is to provide file descriptors that act as privilege tokens to allow > to build enclaves with ATTRIBUTE.PROVISIONKEY set. A new ioctl called > SGX_IOC_ENCLAVE_SET_ATTRIBUTE is used to assign this token to an enclave. I also refined Documentation/x86/sgx.rst based on this in my tree [*]. [*] https://github.com/jsakkine-intel/linux-sgx.git /Jarkko