linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@kernel.org>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: npmccallum@redhat.com, "Christopherson,
	Sean J" <sean.j.christopherson@intel.com>,
	Jethro Beekman <jethro@fortanix.com>,
	Andrew Lutomirski <luto@kernel.org>,
	nhorman@redhat.com, X86 ML <x86@kernel.org>,
	Platform Driver <platform-driver-x86@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Ingo Molnar <mingo@redhat.com>,
	intel-sgx-kernel-dev@lists.01.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Darren Hart <dvhart@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	andy@infradead.org, Peter Jones <pjones@redhat.com>
Subject: Re: [intel-sgx-kernel-dev] [PATCH v11 13/13] intel_sgx: in-kernel launch enclave
Date: Mon, 25 Jun 2018 08:45:31 -0700	[thread overview]
Message-ID: <CALCETrXos3b-VJxLCb1nwP1x2s5jiDmuQDWVahTVdXGxhqqsDw@mail.gmail.com> (raw)
In-Reply-To: <73b7e4e3712074b73f4ac8211699d24dfdced6bf.camel@linux.intel.com>

On Mon, Jun 25, 2018 at 2:41 AM Jarkko Sakkinen
<jarkko.sakkinen@linux.intel.com> wrote:
>
> On Thu, 2018-06-21 at 08:32 -0400, Nathaniel McCallum wrote:
> > This implies that it should be possible to create MSR activation (and
> > an embedded launch enclave?) entirely as a UEFI module. The kernel
> > would still get to manage who has access to /dev/sgx and other
> > important non-cryptographic policy details. Users would still be able
> > to control the cryptographic policy details (via BIOS Secure Boot
> > configuration that exists today). Distributions could still control
> > cryptographic policy details via signing of the UEFI module with their
> > own Secure Boot key (or using something like shim). The UEFI module
> > (and possibly the external launch enclave) could be distributed via
> > linux-firmware.
> >
> > Andy/Neil, does this work for you?
>
> Nothing against having UEFI module for MSR activation step.
>
> And we would move the existing in-kernel LE to firmware so that it is
> avaible for locked-in-to-non-Intel-values case?
>

This is a hell of a lot of complexity.  To get it right we'd need an
actual formal spec of what firmware is supposed to do and how it
integrates with the kernel, and we'd need a reason why it's useful.

I'm personally rather strongly in favor of the vastly simpler model in
which we first merge SGX without LE support at all.  Instead we use
the approach where we just twiddle the MSRs to launch normal enclaves
without an init token at all, which is probably considerably faster
and will remove several thousand lines of code.  If and when a bona
fide use case for LE support shows up, we can work out the details and
merge it.

Right now, we're talking about a lot of design considerations, a lot
of interoperability considerations, and a lot of code to support a use
case that doesn't clearly exist.

--Andy

  reply	other threads:[~2018-06-25 15:46 UTC|newest]

Thread overview: 104+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-08 17:09 [PATCH v11 00/13] Intel SGX1 support Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 01/13] compiler.h, kasan: add __SANITIZE_ADDRESS__ check for __no_kasan_or_inline Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 02/13] x86, sgx: updated MAINTAINERS Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 03/13] x86, sgx: add SGX definitions to cpufeature Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 04/13] x86, sgx: add SGX definitions to msr-index.h Jarkko Sakkinen
2018-06-08 17:25   ` Dave Hansen
2018-06-19 13:18     ` Jarkko Sakkinen
2018-06-19 14:01       ` Dave Hansen
2018-06-21 17:22         ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 05/13] x86, cpufeatures: add Intel-defined SGX leaf CPUID_12_EAX Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 06/13] crypto: aesni: add minimal build option for SGX LE Jarkko Sakkinen
2018-06-08 17:27   ` Dave Hansen
2018-06-11 15:24     ` Sean Christopherson
2018-06-08 17:09 ` [PATCH v11 07/13] x86, sgx: detect Intel SGX Jarkko Sakkinen
2018-06-08 17:36   ` Dave Hansen
2018-06-18 21:36     ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-25  7:39       ` Jarkko Sakkinen
2018-06-19 13:33     ` Jarkko Sakkinen
2018-06-11 11:35   ` Neil Horman
2018-06-19 13:34     ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 08/13] x86, sgx: added ENCLS wrappers Jarkko Sakkinen
2018-06-08 17:43   ` Dave Hansen
2018-06-19 13:25     ` Jarkko Sakkinen
2018-06-20 13:12   ` Sean Christopherson
2018-06-25  9:16     ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 09/13] x86, sgx: basic routines for enclave page cache Jarkko Sakkinen
2018-06-08 18:21   ` Jethro Beekman
2018-06-18 21:33     ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-25  7:36       ` Jarkko Sakkinen
2018-06-19 14:08     ` Jarkko Sakkinen
2018-06-19 15:44       ` Jethro Beekman
2018-06-08 18:24   ` Dave Hansen
2018-06-19 14:57     ` Jarkko Sakkinen
2018-06-19 15:19       ` Neil Horman
2018-06-19 15:32       ` Dave Hansen
2018-06-25  9:01         ` Jarkko Sakkinen
2018-06-19 15:59       ` Sean Christopherson
2018-06-25  9:14         ` Jarkko Sakkinen
2018-06-10  5:32   ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-11 15:12     ` Sean Christopherson
2018-06-20 13:21   ` Sean Christopherson
2018-06-25  9:21     ` Jarkko Sakkinen
2018-06-25 16:14       ` Neil Horman
2018-06-20 15:26   ` Sean Christopherson
2018-06-25  9:21     ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 10/13] intel_sgx: driver for Intel Software Guard Extensions Jarkko Sakkinen
2018-06-08 19:35   ` Dave Hansen
2018-06-19 13:29     ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 11/13] intel_sgx: ptrace() support Jarkko Sakkinen
2018-06-08 18:34   ` Dave Hansen
2018-06-11 15:02     ` Sean Christopherson
2018-06-19 13:38       ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 12/13] intel_sgx: driver documentation Jarkko Sakkinen
2018-06-08 18:32   ` Jethro Beekman
2018-06-19 13:30     ` Jarkko Sakkinen
2018-06-08 21:41   ` Randy Dunlap
2018-06-19 13:31     ` Jarkko Sakkinen
2018-06-08 17:09 ` [PATCH v11 13/13] intel_sgx: in-kernel launch enclave Jarkko Sakkinen
2018-06-08 18:50   ` [intel-sgx-kernel-dev] " Andy Lutomirski
2018-06-19 15:05     ` Jarkko Sakkinen
2018-06-10  5:39   ` Andy Lutomirski
2018-06-11  5:17     ` Andy Lutomirski
2018-06-11 11:52       ` Neil Horman
2018-06-12  4:55         ` Andy Lutomirski
2018-06-12 17:45           ` Neil Horman
2018-06-18 21:58             ` Andy Lutomirski
2018-06-19 13:17               ` Neil Horman
2018-06-20 16:28               ` Nathaniel McCallum
2018-06-20 18:16                 ` Jethro Beekman
2018-06-20 18:39                   ` Jethro Beekman
2018-06-20 21:01                     ` Sean Christopherson
2018-06-21 12:32                       ` Nathaniel McCallum
2018-06-21 15:29                         ` Neil Horman
2018-06-21 19:11                           ` Nathaniel McCallum
2018-06-21 21:20                             ` Sean Christopherson
2018-06-25 21:00                               ` Nathaniel McCallum
2018-06-25 22:35                                 ` Sean Christopherson
2018-06-21 22:48                             ` Andy Lutomirski
2018-06-25 21:06                               ` Nathaniel McCallum
2018-06-25 23:40                                 ` Andy Lutomirski
2018-06-25  9:41                         ` Jarkko Sakkinen
2018-06-25 15:45                           ` Andy Lutomirski [this message]
2018-06-25 21:28                             ` Nathaniel McCallum
2018-06-26  8:43                             ` Jarkko Sakkinen
2018-06-26 15:01                               ` Nathaniel McCallum
2018-06-27 15:31                                 ` Jarkko Sakkinen
2018-06-21 12:12                   ` Nathaniel McCallum
2018-06-25  9:27                 ` Jarkko Sakkinen
2018-06-25 21:26                   ` Nathaniel McCallum
2018-06-20  7:23       ` Jarkko Sakkinen
2018-06-12 10:50 ` [PATCH v11 00/13] Intel SGX1 support Pavel Machek
2018-06-19 14:59   ` Jarkko Sakkinen
2018-06-19 20:04     ` Pavel Machek
2018-06-19 20:23       ` Peter Zijlstra
2018-06-19 21:48       ` Josh Triplett
2018-12-09 20:06         ` Pavel Machek
2018-12-10  7:47           ` Josh Triplett
2018-12-10  8:27             ` Pavel Machek
2018-12-10 23:12               ` Josh Triplett
2018-12-11 18:10                 ` Dave Hansen
2018-12-11 18:31                   ` Sean Christopherson
2018-06-19 20:36     ` Peter Zijlstra
2018-06-21 12:55 ` Ingo Molnar
2018-06-25  9:44   ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALCETrXos3b-VJxLCb1nwP1x2s5jiDmuQDWVahTVdXGxhqqsDw@mail.gmail.com \
    --to=luto@kernel.org \
    --cc=andy@infradead.org \
    --cc=dvhart@infradead.org \
    --cc=hpa@zytor.com \
    --cc=intel-sgx-kernel-dev@lists.01.org \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jethro@fortanix.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=nhorman@redhat.com \
    --cc=npmccallum@redhat.com \
    --cc=pjones@redhat.com \
    --cc=platform-driver-x86@vger.kernel.org \
    --cc=sean.j.christopherson@intel.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).