From: Josh Triplett <josh@joshtriplett.org>
To: Pavel Machek <pavel@ucw.cz>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
x86@kernel.org, platform-driver-x86@vger.kernel.org,
dave.hansen@intel.com, sean.j.christopherson@intel.com,
nhorman@redhat.com, npmccallum@redhat.com,
Alexei Starovoitov <ast@kernel.org>,
Andi Kleen <ak@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
"David S. Miller" <davem@davemloft.net>,
David Woodhouse <dwmw@amazon.co.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@kernel.org>,
"open list:INTEL SGX" <intel-sgx-kernel-dev@lists.01.org>,
Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
"open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)"
<kvm@vger.kernel.org>, Len Brown <len.brown@intel.com>,
Linus Walleij <linus.walleij@linaro.org>,
"open list:CRYPTO API" <linux-crypto@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>,
"open list:SPARSE CHECKER" <linux-sparse@vger.kernel.org>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Randy Dunlap <rdunlap@infradead.org>,
Ricardo Neri <ricardo.neri-calderon@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tom Lendacky <thomas.lendacky@amd.com>,
Vikas Shivappa <vikas.shivappa@linux.intel.com>
Subject: Re: [PATCH v11 00/13] Intel SGX1 support
Date: Mon, 10 Dec 2018 15:12:00 -0800 [thread overview]
Message-ID: <20181210231159.GA10718@localhost> (raw)
In-Reply-To: <20181210082704.GA14594@amd>
On Mon, Dec 10, 2018 at 09:27:04AM +0100, Pavel Machek wrote:
> On Sun 2018-12-09 23:47:17, Josh Triplett wrote:
> > On Sun, Dec 09, 2018 at 09:06:00PM +0100, Pavel Machek wrote:
> > ...
> > > > > > The default permissions for the device are 600.
> > > > >
> > > > > Good. This does not belong to non-root.
> > > >
> > > > There are entirely legitimate use cases for using this as an
> > > > unprivileged user. However, that'll be up to system and distribution
> > > > policy, which can evolve over time, and it makes sense for the *initial*
> > > > kernel permission to start out root-only and then adjust permissions via
> > > > udev.
> > >
> > > Agreed.
> > >
> > > > Building a software certificate store. Hardening key-agent software like
> > > > ssh-agent or gpg-agent. Building a challenge-response authentication
> > > > system. Providing more assurance that your server infrastructure is
> > > > uncompromised. Offloading computation to a system without having to
> > > > fully trust that system.
> > >
> > > I think you can do the crypto stuff... as crypto already verifies the
> > > results. But I don't think you can do the computation offload.
> >
> > You can, as long as you can do attestation.
>
> You can not, because random errors are very easy to trigger for person
> with physical access,
Random errors can also just happen, so if you're concerned about that
you might want to build each object on two different machines and
compare. Good luck generating the *same* random errors on two machines.
(And, of course, someone can also DoS you in any number of other ways,
such as accepting data and then never sending back a result. So you'll
need timeouts and failovers.)
> > > > As one of many possibilities, imagine a distcc that didn't have to trust
> > > > the compile nodes. The compile nodes could fail to return results at
> > > > all, but they couldn't alter the results.
> > >
> > > distcc on untrusted nodes ... oh yes, that would be great.
> > >
> > > Except that you can't do it, right? :-).
> > >
> > > First, AFAICT it would be quite hard to get gcc to run under SGX. But
> > > maybe you have spare month or three and can do it.
> >
> > Assuming you don't need to #include files, gcc seems quite simple to run
> > in an enclave: data in, computation inside, data out.
>
> So is there a plan to run dynamically linked binaries inside enclave?
I've seen some approaches for that, but you could also just statically
link your compiler. (Since you'd need attestation for all the individual
libraries, you'd need to know the versions of all those libraries, so
you might as well just statically link.)
> Or maybe even python/shell scripts? It looked to me like virtual
> memory will be "interesting" for enclaves.
Memory management doesn't seem that hard to deal with.
next prev parent reply other threads:[~2018-12-10 23:12 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-08 17:09 [PATCH v11 00/13] Intel SGX1 support Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 01/13] compiler.h, kasan: add __SANITIZE_ADDRESS__ check for __no_kasan_or_inline Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 02/13] x86, sgx: updated MAINTAINERS Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 03/13] x86, sgx: add SGX definitions to cpufeature Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 04/13] x86, sgx: add SGX definitions to msr-index.h Jarkko Sakkinen
2018-06-08 17:25 ` Dave Hansen
2018-06-19 13:18 ` Jarkko Sakkinen
2018-06-19 14:01 ` Dave Hansen
2018-06-21 17:22 ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 05/13] x86, cpufeatures: add Intel-defined SGX leaf CPUID_12_EAX Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 06/13] crypto: aesni: add minimal build option for SGX LE Jarkko Sakkinen
2018-06-08 17:27 ` Dave Hansen
2018-06-11 15:24 ` Sean Christopherson
2018-06-08 17:09 ` [PATCH v11 07/13] x86, sgx: detect Intel SGX Jarkko Sakkinen
2018-06-08 17:36 ` Dave Hansen
2018-06-18 21:36 ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-25 7:39 ` Jarkko Sakkinen
2018-06-19 13:33 ` Jarkko Sakkinen
2018-06-11 11:35 ` Neil Horman
2018-06-19 13:34 ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 08/13] x86, sgx: added ENCLS wrappers Jarkko Sakkinen
2018-06-08 17:43 ` Dave Hansen
2018-06-19 13:25 ` Jarkko Sakkinen
2018-06-20 13:12 ` Sean Christopherson
2018-06-25 9:16 ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 09/13] x86, sgx: basic routines for enclave page cache Jarkko Sakkinen
2018-06-08 18:21 ` Jethro Beekman
2018-06-18 21:33 ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-25 7:36 ` Jarkko Sakkinen
2018-06-19 14:08 ` Jarkko Sakkinen
2018-06-19 15:44 ` Jethro Beekman
2018-06-08 18:24 ` Dave Hansen
2018-06-19 14:57 ` Jarkko Sakkinen
2018-06-19 15:19 ` Neil Horman
2018-06-19 15:32 ` Dave Hansen
2018-06-25 9:01 ` Jarkko Sakkinen
2018-06-19 15:59 ` Sean Christopherson
2018-06-25 9:14 ` Jarkko Sakkinen
2018-06-10 5:32 ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-11 15:12 ` Sean Christopherson
2018-06-20 13:21 ` Sean Christopherson
2018-06-25 9:21 ` Jarkko Sakkinen
2018-06-25 16:14 ` Neil Horman
2018-06-20 15:26 ` Sean Christopherson
2018-06-25 9:21 ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 10/13] intel_sgx: driver for Intel Software Guard Extensions Jarkko Sakkinen
2018-06-08 19:35 ` Dave Hansen
2018-06-19 13:29 ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 11/13] intel_sgx: ptrace() support Jarkko Sakkinen
2018-06-08 18:34 ` Dave Hansen
2018-06-11 15:02 ` Sean Christopherson
2018-06-19 13:38 ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 12/13] intel_sgx: driver documentation Jarkko Sakkinen
2018-06-08 18:32 ` Jethro Beekman
2018-06-19 13:30 ` Jarkko Sakkinen
2018-06-08 21:41 ` Randy Dunlap
2018-06-19 13:31 ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 13/13] intel_sgx: in-kernel launch enclave Jarkko Sakkinen
2018-06-08 18:50 ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-19 15:05 ` Jarkko Sakkinen
2018-06-10 5:39 ` Andy Lutomirski
2018-06-11 5:17 ` Andy Lutomirski
2018-06-11 11:52 ` Neil Horman
2018-06-12 4:55 ` Andy Lutomirski
2018-06-12 17:45 ` Neil Horman
2018-06-18 21:58 ` Andy Lutomirski
2018-06-19 13:17 ` Neil Horman
2018-06-20 16:28 ` Nathaniel McCallum
2018-06-20 18:16 ` Jethro Beekman
2018-06-20 18:39 ` Jethro Beekman
2018-06-20 21:01 ` Sean Christopherson
2018-06-21 12:32 ` Nathaniel McCallum
2018-06-21 15:29 ` Neil Horman
2018-06-21 19:11 ` Nathaniel McCallum
2018-06-21 21:20 ` Sean Christopherson
2018-06-25 21:00 ` Nathaniel McCallum
2018-06-25 22:35 ` Sean Christopherson
2018-06-21 22:48 ` Andy Lutomirski
2018-06-25 21:06 ` Nathaniel McCallum
2018-06-25 23:40 ` Andy Lutomirski
2018-06-25 9:41 ` Jarkko Sakkinen
2018-06-25 15:45 ` Andy Lutomirski
2018-06-25 21:28 ` Nathaniel McCallum
2018-06-26 8:43 ` Jarkko Sakkinen
2018-06-26 15:01 ` Nathaniel McCallum
2018-06-27 15:31 ` Jarkko Sakkinen
2018-06-21 12:12 ` Nathaniel McCallum
2018-06-25 9:27 ` Jarkko Sakkinen
2018-06-25 21:26 ` Nathaniel McCallum
2018-06-20 7:23 ` Jarkko Sakkinen
2018-06-12 10:50 ` [PATCH v11 00/13] Intel SGX1 support Pavel Machek
2018-06-19 14:59 ` Jarkko Sakkinen
2018-06-19 20:04 ` Pavel Machek
2018-06-19 20:23 ` Peter Zijlstra
2018-06-19 21:48 ` Josh Triplett
2018-12-09 20:06 ` Pavel Machek
2018-12-10 7:47 ` Josh Triplett
2018-12-10 8:27 ` Pavel Machek
2018-12-10 23:12 ` Josh Triplett [this message]
2018-12-11 18:10 ` Dave Hansen
2018-12-11 18:31 ` Sean Christopherson
2018-06-19 20:36 ` Peter Zijlstra
2018-06-21 12:55 ` Ingo Molnar
2018-06-25 9:44 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181210231159.GA10718@localhost \
--to=josh@joshtriplett.org \
--cc=Janakarajan.Natarajan@amd.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=ast@kernel.org \
--cc=bp@suse.de \
--cc=dave.hansen@intel.com \
--cc=davem@davemloft.net \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=intel-sgx-kernel-dev@lists.01.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linus.walleij@linaro.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mchehab+samsung@kernel.org \
--cc=mingo@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rdunlap@infradead.org \
--cc=ricardo.neri-calderon@linux.intel.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=vikas.shivappa@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).