Received: by 10.223.164.202 with SMTP id h10csp1386674wrb; Mon, 27 Nov 2017 01:59:36 -0800 (PST) X-Google-Smtp-Source: AGs4zMZm7y5R8GiBlnJuxEsrsSe+F+L7isAZEpCUoE1T9uH/nBIXOSab4K2AgfnD51pfnaZsSJO0 X-Received: by 10.99.172.25 with SMTP id v25mr35246701pge.182.1511776776128; Mon, 27 Nov 2017 01:59:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511776776; cv=none; d=google.com; s=arc-20160816; b=DlZa/Lagm5IaLXxPxrDLhlW8qVsdq8kXf+Xh9ChC9d5mjKbdLY2fzshcfnimsg9E/C CUUjGQ3FoPFoijTd/UHA0hNMgMeFPMsiQQn9sPK949gIzP783/hvvK2FkshvmEo3SlXj dcO0lCVQt4aXGq1QvIF1/18sUeJ4bYbQXKQZtoXASEKahxWK5Gpln1ByDMyTyuQ5n5Wu xo2DrpB5c1j2avnczWX3JMbvjgCuaXB0uq+yxd6E789Rvcz0aklHroNS2yd2ikIsSC7I TS9ZyW46hSY/8EGAT5qR+DJ8PrigN+4HB8ostfXnYZ8SdXGZImSNF4DKSsdtV/C5WTPP TLPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:mail-followup-to:message-id :subject:cc:to:date:from:dkim-signature:arc-authentication-results; bh=7Ix9zUI/bQLe0zX9EL46MSPA4aVu6DrT1t7KVlKH7FE=; b=WEa7jvusp3udB3Nclw3ejpeOwtdH8EbV2bpDBj7CkhT7b9ChIgg1AtQFKzc80H8IOi K/nCU0y3ps3j8JMttxDBqJqL4SSqrvIhdMoskTwWqPjtWVQRSxjzRvphb3x1h5efPrNo KaJVGFOLvV15RqeVnrJbnBagZNLbQQfgVwn7wF1jjCtJoww0tYQOYlGu7wXD4ZaYDjQJ XSxaDcMVopjwZD5pIPmApSnPSALQvpa6FHQ7rht0Kdb8wkEe/7ZszeW2S6ALv7dTHOzb SrcVub9eF0+Hbr6Yg49EErfI99XyU3LiMquTiS9rD7Rdb12KRxEbKL71s7/CW4pQPcx3 og/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20161025 header.b=n5uNYvm+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f3si22821035pgn.37.2017.11.27.01.59.24; Mon, 27 Nov 2017 01:59:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20161025 header.b=n5uNYvm+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752035AbdK0J6e (ORCPT + 78 others); Mon, 27 Nov 2017 04:58:34 -0500 Received: from mail-wm0-f65.google.com ([74.125.82.65]:37198 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751544AbdK0J6b (ORCPT ); Mon, 27 Nov 2017 04:58:31 -0500 Received: by mail-wm0-f65.google.com with SMTP id v186so33440186wma.2; Mon, 27 Nov 2017 01:58:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:date:to:cc:subject:message-id:mail-followup-to:mime-version :content-disposition:in-reply-to:user-agent; bh=7Ix9zUI/bQLe0zX9EL46MSPA4aVu6DrT1t7KVlKH7FE=; b=n5uNYvm+gnXkDnrjGyAhHo7BLrTXOUwFmvrUU4IvxnK3dyR9jir2CTtnIo/vdSAgdL kBzVQB1Y4VKqKr7NFvbse4bj29N0HNVBlCcuYEhJSheGtXrc+jdvXzQQivQMXr/KupOW SVu3ioqR4oMhmJwEdbKTacArhj+/XnUeWS6E/DQjwdTjKGviMS9qH6DhIjTsKPU0NHyC LquJOucONowngEzaQynnR0iSUL5trMlH9mzeWS1uDtYnhTDDNDeyKj4LeYuKxgPF5woX XHWsuobCQ63+jeyTuuH1OwMBFJ+c+jAirq1Q6/vLr6jgDjzJcN5BgVuvL8Q9nw5ABkCt WFgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id :mail-followup-to:mime-version:content-disposition:in-reply-to :user-agent; bh=7Ix9zUI/bQLe0zX9EL46MSPA4aVu6DrT1t7KVlKH7FE=; b=guxkRc4dQHs+SoA6/6YHfwjE4dDMw7xS7E/4R/g21ClvMc16F06iby7gmK1zZhW0qs WB49kq4KwQS4NOvPhx9K/Z6td76ctmk2d58lfFMav4fTMXj6ouUuUjvhrs33PB1M7zCo qNe+9xis+1qnb1oHNeUHiPv1ZWHXJLl53O4G8kOOxGtiC0fp/b5Res72Y3wtm+JxPIae jW4Ig2vdpI7pWmnvTeD7h6f6Y2jZTkKtPktn+ZpmqLc7zBcrwYGQRLCGqOdjSqFcEfuS ppxptJVGAt/OXSRRrGN7M7aRimbkLimzKeSlaf4CL684iQnjz+5GGITBvXaOOQ0qsIbl cHsQ== X-Gm-Message-State: AJaThX4n72PuGtxxPCG0eVpIsf0AnGC7j8O6F6ntTJTr3pxhIf3op8wM czwr3N/AzWqWfFNVCFgVHfE= X-Received: by 10.28.87.207 with SMTP id l198mr16618200wmb.45.1511776709932; Mon, 27 Nov 2017 01:58:29 -0800 (PST) Received: from localhost ([141.76.49.2]) by smtp.googlemail.com with ESMTPSA id 90sm43527848wrp.93.2017.11.27.01.58.29 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 27 Nov 2017 01:58:29 -0800 (PST) From: Till Smejkal X-Google-Original-From: Till Smejkal Date: Mon, 27 Nov 2017 10:58:28 +0100 To: Jarkko Sakkinen Cc: platform-driver-x86@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Darren Hart , Andy Shevchenko Subject: Re: [PATCH v6 08/11] intel_sgx: in-kernel launch enclave Message-ID: <20171127095828.GA32603@aton> Mail-Followup-To: Jarkko Sakkinen , platform-driver-x86@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Darren Hart , Andy Shevchenko MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171125193132.24321-9-jarkko.sakkinen@linux.intel.com> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 25 Nov 2017, Jarkko Sakkinen wrote: > This commits implements the in-kernel launch enclave. It is wrapped into > a user space program that reads SIGSTRUCT instances from stdin and > outputs launch tokens to stdout. > > The commit also adds enclave signing tool that is used by kbuild to > measure and sign the launch enclave. > > CONFIG_INTEL_SGX_SIGNING_KEY points to a PEM-file for the 3072-bit RSA > key that is used as the LE public key pair. The default location is: > > drivers/platform/x86/intel_sgx/intel_sgx_signing_key.pem ^ signing_key.pem You forgot to change the name of the pem file in the commit message. > > If the default key does not exist kbuild will generate a random key and > place it to this location. KBUILD_SGX_SIGN_PIN can be used to specify > the passphrase for the LE public key. > > TinyCrypt (https://github.com/01org/tinycrypt) is used as AES > implementation, which is not timing resistant. Eventually this needs to > be replaced with AES-NI based implementation that could be either > > - re-use existing AES-NI code in the kernel > - have its own hand written code > > Signed-off-by: Jarkko Sakkinen [...] Cheers Till From 1585067943711450020@xxx Sat Nov 25 19:36:27 +0000 2017 X-GM-THRID: 1585067943711450020 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread