Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1830651pxu; Tue, 24 Nov 2020 09:54:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJyHg7cKsIvYitrmgOrj8By8JStUZROovNV+B7nNg+mOtjn1rWPyxE/OVAn70Xc5nZtIQQkn X-Received: by 2002:a17:906:4104:: with SMTP id j4mr5406387ejk.439.1606240441728; Tue, 24 Nov 2020 09:54:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606240441; cv=none; d=google.com; s=arc-20160816; b=KJg+/2TVGYNUuZ48KnpEUhtGGJJugVzfrPP7vrAKZDn4tqFOXfuZj9efeuws09jZig aL2/l45wXfpdbZAunV7ALtR8yAieafhY869FAPKdXJ6VaOl5ke/HrPmUJ5MSIVLLi5mv 9vPwMWSrsSTzBfp3LecUKtQsORllURDsCjBZMQHNclwxzpFva5QT8mZA8wXKBGBq5aO9 wDPP+qMt+GTR2/xdOLnnCnj/oP5dY0P9d9Ptb0F5dWEVEhiERU/JElK0odmtFCUdzvRH dkq1KG3sg1lT+JPq3kRQuX4tn8gVBhdVXi8e0BZSitx9h2NwXIYO4AST8YrkWqR/bUN7 0Rqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=p07VKhH6EpHYw0JMKu6wpOxYuEHcrhoWlnHehOhgDDk=; b=LB4M+1+aKpsE3XGao3f/13LsMWM/WTLixXd+MsuUPoejrnag2t2Wf8crV5KTgGhY5L 30uhv8Q32fAHkRzmpo+LNxVSAo/41jI4vGHmQm8SuXz0sFsFwDtAyLnY99c/fV+xgdjG 9F6pZ+jGwzNnE8mh5a3enivTbFklFdRWqMLkUp+tnj8g/qNpb3A/fd8AjtPh3p9yVUAI 2TKqeBA23TwRD2hHaGmFZBDRJDeU341RfagOIw36VAmMuIoW8zA9H78Pn2DhsEXJ+X9I SrUFBgp31mTnqVtKnvww0PGzn7FIh9oRaU3eOBjt3nUjmp3R4ZZCelvdOv2sJG0MFWYy FY2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uJq0NQNd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a15si10565833eju.388.2020.11.24.09.53.38; Tue, 24 Nov 2020 09:54:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uJq0NQNd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404040AbgKXRuQ (ORCPT + 99 others); Tue, 24 Nov 2020 12:50:16 -0500 Received: from mail.kernel.org ([198.145.29.99]:53716 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403994AbgKXRuP (ORCPT ); Tue, 24 Nov 2020 12:50:15 -0500 Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6362D208CA for ; Tue, 24 Nov 2020 17:50:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1606240214; bh=Zs6EQHNJCYjsDUBvn/aU7NkdPNq8mmBy6u3ZYrgbcdw=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=uJq0NQNdWOoPdjsdOd+82dA0M5WwPUd916W+d2js6jxu3ycgv4SJZFMww2yPF9tyQ t8yDhNVyxuIlvR3y5BhlL00Wxo91Uw//1ZM8Av5+ZXeux5egUV7Z9MrnmTUj+1XXZM OZmujRMlLxxjw+b5FNTq/XDg3m7C2ask7Rrud83s= Received: by mail-wm1-f47.google.com with SMTP id 1so3768298wme.3 for ; Tue, 24 Nov 2020 09:50:14 -0800 (PST) X-Gm-Message-State: AOAM532Spc4EdVwnyksStovDyXUPWLsCrnBHmZAqHQIbQZeAIAg5owBl hfTrLIx9BZqHDSxekjjh57z7AXs1xAv0q9GDpdKpxw== X-Received: by 2002:a7b:c92a:: with SMTP id h10mr5811407wml.138.1606240212832; Tue, 24 Nov 2020 09:50:12 -0800 (PST) MIME-Version: 1.0 References: <20201104145430.300542-1-jarkko.sakkinen@linux.intel.com> <20201121151259.GA3948@wind.enjellic.com> <5ac4eccb-fcf9-eed3-fcec-b8b6bf56bb39@intel.com> <20201124105547.GA19930@wind.enjellic.com> In-Reply-To: <20201124105547.GA19930@wind.enjellic.com> From: Andy Lutomirski Date: Tue, 24 Nov 2020 09:49:59 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v40 00/24] Intel SGX foundations To: "Dr. Greg" Cc: Dave Hansen , Jarkko Sakkinen , X86 ML , linux-sgx@vger.kernel.org, LKML , Andrew Morton , Andy Shevchenko , asapek@google.com, Borislav Petkov , "Xing, Cedric" , chenalexchen@google.com, Conrad Parker , cyhanish@google.com, "Huang, Haitao" , "Huang, Kai" , "Svahn, Kai" , Keith Moyer , Christian Ludloff , Andrew Lutomirski , Neil Horman , Nathaniel McCallum , Patrick Uiterwijk , David Rientjes , "Christopherson, Sean J" , Thomas Gleixner , yaozhangx@google.com, Mikko Ylinen Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 24, 2020 at 2:56 AM Dr. Greg wrote: > > On Sat, Nov 21, 2020 at 08:25:23AM -0800, Dave Hansen wrote: > > You will get a fully 'git am' compliant patch, including a changelog. > > The changelog was written in a parlance consistent with someone who > would have a basic understanding of the technology under review. If > this entire review and vetting process is being done absent that kind > of understanding, then the case can be made that the kernel > development process has larger issues on its hands. No, it wasn't. I have a fairly good understanding of SGX, and I told you quite explicitly what was wrong with your changelog. Understanding the sentences you wrote and having the background is not at all the same thing as extracting meaning from your writing. Your patch conveyed no information. This email you just sent also conveys no information. > > Lets be honest though, that is not the case here, we have been talking > about this issue for over a year, everyone involved with this > technology knows what the problem is. > > Since LKML is copied, the basic issue is as follows: > > 1.) SGX as a technology is designed to execute code and operate on > data in a manner that is confidential to inspection and impervious to > modification and control by the kernel. > > 2.) The mindset of the driver developers is that the kernel should be > the ultimate authority on what SGX is allowed to do. > > The two world views are inherently and technically incompatible and > lead to a potential security dilemma for the kernel. We simply > advocate for an additional level of cryptographic security that > supplements, not replaces, kernel controls to address this issue. No, they are not. The kernel can and will enforce policy on what SGX may do. Your own NAKked patch, in fact, does exactly this. At the same time, SGX provides security to the contents of enclaves. These are not mutually exclusive. > Our patch has two external functions of around 30 lines (~1 screen) > each that impact the driver. The bulk of the 700 lines, all in one > file, is boilerplate code, largely replicated for each instance, > needed to read/write sysfs files and maintain four, nearly identical, > linked lists. If this is an insurmountable review burden then the > kernel development process has larger problems on its hands. Frankly, the largest problem in the kernel development process with regards to SGX is the distraction created by your emails. Please just stop. If you have something useful to say, distill it down to the smallest amount of text that actually says what you're trying to say. And don't forget the part about "something useful to say". If you do not have something useful to say, please don't say it.