Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3618544ybt; Tue, 30 Jun 2020 07:24:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzLMTz2/FV3bnhR4cqR6xst5Ypblqh8DbscDY6AxtGQmcWIbuadu8HyII4lYoQr/rQk5U/2 X-Received: by 2002:a05:6402:1803:: with SMTP id g3mr22372971edy.377.1593527077487; Tue, 30 Jun 2020 07:24:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593527077; cv=none; d=google.com; s=arc-20160816; b=ksvrFB+rmAH+kJDWAoeaUdc0wLssys4qqX7kRLMUvGaDRugsQ6ygrTRLJdoIYviX9g 31EMHmduITtYmqmVasFV/ibMwLOUrz85nNnuc+vf1QC/406SQXMiJzup+31EGhVitWwn insBcOf/Sm8X7y1zKRTcOomHe4CS8mv0KbIqcfmOrIm7j6ahbqy2JtkD66FbpMOHVzKw D1/Dg9YGOGm2q3Dr4bbVzGC+jK41y/PpfrUWIR3oUspcb3HbXWifPvVi9MZvw0QHgcJw iCW79XkJhsqlFMr6BUGRKAlz/dpIizi6eemSC459t63nYMUfuiIEwTmAFL1RQ7f2mTy0 koLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=OlCR8TZNKiONiW8YMZNXeIzVT9pAjUi52rU96ppI9sk=; b=UROaSgwKpuhCO96UsudyLFPWFuL5SL3wsn6toWyt3nqxPJHIFZfQgJEACOjGBQxKUO 0Y4MDjMmQskoFzkPKXoW8JfO9tJIdxzofVkjIsrOycI9DMDMLH/Si2mS61du8TbAEgn7 LNwRXKcqkS1uU1hvPg631GJSwvuye5F/Z4De9l4ay9l//bOeMx8gdX6yDl3Wh9fLt697 39v55ivZ3pQHbagJ5CByw7w83kxMaXwyP5nZKgZICO22HoA4N4QNbVD+EeLO37Plc1Jt oUICRyfG/1LkWqqPPEpNhEPWysvzzU/74pnoXuAVuQqPW7PKAKcxwHdDsOpk6acBmNka Rwbw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r12si1584604edo.320.2020.06.30.07.24.14; Tue, 30 Jun 2020 07:24:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733277AbgF3OU3 (ORCPT + 99 others); Tue, 30 Jun 2020 10:20:29 -0400 Received: from mga02.intel.com ([134.134.136.20]:5925 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728909AbgF3OU3 (ORCPT ); Tue, 30 Jun 2020 10:20:29 -0400 IronPort-SDR: 5TZ9PARI6vG+GWgZTySC0Et54C4D45a6kehKp9tCz7Zx8Fep6lYXffXG7LuCz2/SM+YyYJo7bM 1mtKTbl5UREw== X-IronPort-AV: E=McAfee;i="6000,8403,9666"; a="134539839" X-IronPort-AV: E=Sophos;i="5.75,297,1589266800"; d="scan'208";a="134539839" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 07:20:28 -0700 IronPort-SDR: efg8NFLHdEGkXUz1Q7b/UefrYDvt7xyvu1AY0n6E6z0KV5aKd6d/pEDVM7jcCMBajo0ma20fla norTNhzCl/1A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,297,1589266800"; d="scan'208";a="277440490" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.152]) by orsmga003.jf.intel.com with ESMTP; 30 Jun 2020 07:20:28 -0700 Date: Tue, 30 Jun 2020 07:20:28 -0700 From: Sean Christopherson To: Borislav Petkov Cc: Jarkko Sakkinen , x86@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Jethro Beekman , Andy Lutomirski , akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com, asapek@google.com, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, dave.hansen@intel.com, haitao.huang@intel.com, josh@joshtriplett.org, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com Subject: Re: [PATCH v33 12/21] x86/sgx: Allow a limited use of ATTRIBUTE.PROVISIONKEY for attestation Message-ID: <20200630142027.GA7733@linux.intel.com> References: <20200617220844.57423-1-jarkko.sakkinen@linux.intel.com> <20200617220844.57423-13-jarkko.sakkinen@linux.intel.com> <20200629160242.GB32176@zn.tnic> <20200629220400.GI12312@linux.intel.com> <20200630084956.GB1093@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200630084956.GB1093@zn.tnic> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 30, 2020 at 10:49:56AM +0200, Borislav Petkov wrote: > On Mon, Jun 29, 2020 at 03:04:00PM -0700, Sean Christopherson wrote: > > /dev/sgx/provision is root-only by default, the expectation is that the admin > > will configure the system to grant only specific enclaves access to the > > PROVISION_KEY. > > Uuh, I don't like "the expectation is" - the reality happens to turn > differently, more often than not. Would it help if I worded it as "only root should ever be able to run an enclave with access to PROVISION_KEY"? We obviously can't control what admins actually do, hence my wording of it as the expected behavior. > > In this series, access is fairly binary, i.e. there's no additional kernel > > infrastructure to help userspace make per-enclave decisions. There have been > > more than a few proposals on how to extend the kernel to help provide better > > granularity, e.g. LSM hooks, but it was generally agreed to punt that stuff > > to post-upstreaming to keep things "simple" once we went far enough down > > various paths to ensure we weren't painting ourselves into a corner. > > So this all sounds to me like we should not upstream /dev/sgx/provision > now but delay it until the infrastructure for that has been made more > concrete. We can always add it then. Changing it after the fact - > if we have to and for whatever reason - would be a lot harder for a > user-visible interface which someone has started using already. The userspace and attestation infrastructure is very concrete, i.e. the need for userspace to be able to access PROVISION_KEY is there, as is the desire to be able to restrict access to PROVISION_KEY, e.g. I believe Andy Lutomirski originally requested the ability to restrict access. The additional infrastructure for per-enclave decisions is somewhat orthogonal to the PROVISION_KEY, e.g. they won't necessarily be employed by everyone running enclaves, and environments that do have per-enclave policies would still likely want the extra layer of restriction for PROVISION_KEY. I only brought the additional policy crud to call out that we've done enough path-finding on additional restrictions to have strong confidence that adding /dev/sgx/provision won't prevent us from adding more fine grained control in the future. > So I'd leave that out from the initial patchset.