Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1737234pxb; Sat, 15 Jan 2022 22:45:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJxlKhj9fDePMqV1FHKbCoS+QdzVLX3DtB0G7na7oLMklxT92X/At5Chagy5MTD330zFZuoJ X-Received: by 2002:a62:6342:0:b0:4bc:c4f1:2abf with SMTP id x63-20020a626342000000b004bcc4f12abfmr15937205pfb.77.1642315520455; Sat, 15 Jan 2022 22:45:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642315520; cv=none; d=google.com; s=arc-20160816; b=OBZ8ifspVFFGJOoKDClD+VIFUJhIA4dpX6JlAsEATiwGn0Y3igrDhNr24HMQttIHB0 3eo6EhpaFu7s5PMyXHk4TSx/3kxg8tMPsv9RRK6nHEIcjQJi1J/m8A4M5bXDGuEIhsxQ K5d83xzGHmeZ9E2gRQPBrh2+jpWZUIaneUxcp6tBkcYmNg01CGeGStJpyjz4ldVCPuSE Sh9K4nC7WzYWGV7sxJqWae4fTF6efdYWCbVUsmMymJeHBf39sEljNf0on/HU5DWFrSkR vrF7xHevTqvVjOkmzQSJYUpRlKpU6vfnr76Z+WPqB66ja0x9GdnB6Q7sODMsYP67/cK1 Wcug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=9orLWl+sb17PY87/UnFDkQsDnywo3z96q32wIQjLduM=; b=Z3c7PJT+Kown5qNQSQLK/F/QxyqkyKtURwebpdNP6OX0PfaZ2dYSlm+H903eDyxtet yn/0Lgdq9OIMSBjA9G34rqppvv5PWQQEfrWl8OJz1EJUfjY4zaqs9Yky/bWo2rXrsDnC rviYfQHreQclF7jOmmd5HkaE8p8S9GbtH6H2ldWlYRC3pZzUgaKQ3a8aZxYZr1mPJIo3 n5mxoPW1n3ShH+KIKm4RNa7Jb1NcmBuq4gCnYFp9f5/oVahnXGeIvSLBMaViqlMACuxn OGYvFBDL3i7RbZvpAGVjWjRMmumgPToayex7Qb+FMyR5AlsKRokt26vMblPi06J1WQak aQ8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=I9QCfFfj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f10si7747681plg.125.2022.01.15.22.44.46; Sat, 15 Jan 2022 22:45:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=I9QCfFfj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230029AbiAOMAK (ORCPT + 99 others); Sat, 15 Jan 2022 07:00:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229486AbiAOMAJ (ORCPT ); Sat, 15 Jan 2022 07:00:09 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03C45C061574; Sat, 15 Jan 2022 04:00:08 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8FDCE60AFD; Sat, 15 Jan 2022 12:00:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 74173C36AE3; Sat, 15 Jan 2022 12:00:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642248008; bh=r9mCVdEqRE76DIUgmvsuL5KxAftGQ+FEDrAOiIvvDhE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=I9QCfFfjVVTaSZC0/ue3HBhFBkOfX8cBP5b7/iHL3HQxb+yq6McvxairD+ZF2f0kq oUcvcX3kO6F5IVZlXr20FD51piIXZWNtpfp9mdpfb4SiKMydTYvHyDP5GY5Z64ys6h WBClygFuRSPGrNBxWv5QgyGND8Lhk6tcItII+ggBVRzpuxBWlzO5bZuo8Lw/xDrNUh kUYQnRRjFJ/q/OlI5T3kDhyLYr6YG8JruFqwvvdsXWpauPCl2zgprsIuHsrNORdkVc PjDdhxEaRx5APminK2r8GR4zWcuOFtOhi9GSQqMWjczXYBQhmuh1OZyHAwSRyF66js 8xX1j/8OA/nyw== Date: Sat, 15 Jan 2022 13:59:55 +0200 From: Jarkko Sakkinen To: Reinette Chatre Cc: Nathaniel McCallum , Haitao Huang , Andy Lutomirski , dave.hansen@linux.intel.com, tglx@linutronix.de, bp@alien8.de, mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org, seanjc@google.com, kai.huang@intel.com, cathy.zhang@intel.com, cedric.xing@intel.com, haitao.huang@intel.com, mark.shanahan@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH 05/25] x86/sgx: Introduce runtime protection bits Message-ID: References: <168fb2c9-de3f-384a-bb17-ab84db2cf533@intel.com> <6e1cb295-b86e-ae09-2cf0-cfefd1a10e65@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 15, 2022 at 01:56:55PM +0200, Jarkko Sakkinen wrote: > On Sat, Jan 15, 2022 at 03:18:04AM +0200, Jarkko Sakkinen wrote: > > On Fri, Jan 14, 2022 at 04:41:59PM -0800, Reinette Chatre wrote: > > > Hi Jarkko, > > > > > > On 1/14/2022 4:27 PM, Jarkko Sakkinen wrote: > > > > On Fri, Jan 14, 2022 at 04:01:33PM -0800, Reinette Chatre wrote: > > > >> Hi Jarkko, > > > >> > > > >> On 1/14/2022 3:15 PM, Jarkko Sakkinen wrote: > > > >>> On Fri, Jan 14, 2022 at 03:05:21PM -0800, Reinette Chatre wrote: > > > >>>> Hi Jarkko, > > > >>> > > > >>> How enclave can check a page range that EPCM has the expected permissions? > > > >> > > > >> Only way to change EPCM permissions from outside enclave is to run ENCLS[EMODPR] > > > >> that needs to be accepted from within the enclave via ENCLU[EACCEPT]. At that > > > >> time the enclave provides the expected permissions and that will fail > > > >> if there is a mismatch with the EPCM permissions (SGX_PAGE_ATTRIBUTES_MISMATCH). > > > > > > > > This is a very valid point but that does make the introspection possible > > > > only at the time of EACCEPT. > > > > > > > > It does not give tools for enclave to make sure that EMODPR-ETRACK dance > > > > was ever exercised. > > > > > > Could you please elaborate? EACCEPT is available to the enclave as a tool > > > and it would fail if ETRACK was not completed (error SGX_NOT_TRACKED). > > > > > > Here is the relevant snippet from the SDM from the section where it > > > describes EACCEPT: > > > > > > IF (Tracking not correct) > > > THEN > > > RFLAGS.ZF := 1; > > > RAX := SGX_NOT_TRACKED; > > > GOTO DONE; > > > FI; > > > > > > Reinette > > > > Yes, if enclave calls EACCEPT it does the necessary introspection and makes > > sure that ETRACK is completed. I have trouble understanding how enclave > > makes sure that EACCEPT was called. > > I'm not concerned of anything going wrong once EMODPR has been started. > > The problem nails down to that the whole EMODPR process is spawned by > the entity that is not trusted so maybe that should further broke down > to three roles: > > 1. Build process B > 2. Runner process R. > 3. Enclave E. > > And to the costraint that we trust B *more* than R. Once B has done all the > needed EMODPR calls it would send the file descriptor to R. Even if R would > have full access to /dev/sgx_enclave, it would not matter, since B has done > EMODPR-EACCEPT dance with E. > > So what you can achieve with EMODPR is not protection against mistrusted > *OS*. There's absolutely no chance you could use it for that purpose > because mistrusted OS controls the whole process. > > EMODPR is to help to protect enclave against mistrusted *process*, i.e. > in the above scenario R. My suggestion for this is that let's make EMODPR either opt-in or opt-out with flags parameter, I don't care which way around. That way you can pick between performance or extra layer of hardening if you care about the above scenario. /Jarkko