From: "Dr. Greg" <greg@enjellic.com>
To: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: "Huang, Kai" <kai.huang@intel.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
"platform-driver-x86@vger.kernel.org"
<platform-driver-x86@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"nhorman@redhat.com" <nhorman@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"suresh.b.siddha@intel.com" <suresh.b.siddha@intel.com>,
"Ayoun, Serge" <serge.ayoun@intel.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"npmccallum@redhat.com" <npmccallum@redhat.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
"Hansen, Dave" <dave.hansen@intel.com>
Subject: Re: [PATCH v13 10/13] x86/sgx: Add sgx_einit() for initializing enclaves
Date: Fri, 31 Aug 2018 16:34:45 -0500 [thread overview]
Message-ID: <20180831213445.GA4098@wind.enjellic.com> (raw)
In-Reply-To: <20180831174330.GA21555@linux.intel.com>
On Fri, Aug 31, 2018 at 10:43:30AM -0700, Sean Christopherson wrote:
Good afternoon to everyone.
> > Sorry I missed this one. To be honest I don't know. I checked the
> > SDM and all I can find is:
> >
> > "On reset, the default value is the digest of Intel's signing key."
> I confirmed the MSRs are reset any time the EPC is lost. Not sure
> what happens if the MSRs contained a non-Intel value but feature
> control is locked with SGX launch control disabled. I'll post an
> update when I have an answer.
It was our interpretation from the SDM that the identity modulus
signature MSR's are 'trap-door' registers. If flexible launch control
(FLC) is enabled the platform has one opportunity to write a new
signature value, after which the registers are locked from
modification until the next platform reset.
From a security architecture perspective it seemed that an FLC based
SGX implementation would use a modified version of TBOOT to securely
write that register once per platform boot/reset. The architecture
that is being discussed where there is a need to continually check
whether or not the correct root signing key is loaded sounds a bit
clunky at best.
At worst it has potential security implications since it is the
reponsibility of the enclave launch control infrastructure to control
which enclaves are allowed to have the PROVISION_KEY attribute bit
set.
Have a good weekend.
Dr. Greg
As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"Extensive interviews show that not one alcoholic has ever actually seen
a pink elephant."
-- Yale University
Center of Alcohol Studies
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. Greg" <greg@enjellic.com>
To: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: "Huang, Kai" <kai.huang@intel.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
"platform-driver-x86@vger.kernel.org"
<platform-driver-x86@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"nhorman@redhat.com" <nhorman@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"suresh.b.siddha@intel.com" <suresh.b.siddha@intel.com>,
"Ayoun, Serge" <serge.ayoun@intel.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"npmccallum@redhat.com" <npmccallum@redhat.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
"Hansen, Dave" <dave.hansen@intel.com>
Subject: Re: [PATCH v13 10/13] x86/sgx: Add sgx_einit() for initializing enclaves
Date: Fri, 31 Aug 2018 16:34:45 -0500 [thread overview]
Message-ID: <20180831213445.GA4098@wind.enjellic.com> (raw)
In-Reply-To: <20180831174330.GA21555@linux.intel.com>
On Fri, Aug 31, 2018 at 10:43:30AM -0700, Sean Christopherson wrote:
Good afternoon to everyone.
> > Sorry I missed this one. To be honest I don't know. I checked the
> > SDM and all I can find is:
> >
> > "On reset, the default value is the digest of Intel's signing key."
> I confirmed the MSRs are reset any time the EPC is lost. Not sure
> what happens if the MSRs contained a non-Intel value but feature
> control is locked with SGX launch control disabled. I'll post an
> update when I have an answer.
It was our interpretation from the SDM that the identity modulus
signature MSR's are 'trap-door' registers. If flexible launch control
(FLC) is enabled the platform has one opportunity to write a new
signature value, after which the registers are locked from
modification until the next platform reset.
next prev parent reply other threads:[~2018-08-31 21:35 UTC|newest]
Thread overview: 259+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-27 18:53 [PATCH v13 00/13] Intel SGX1 support Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 01/13] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-09-03 12:56 ` Andy Shevchenko
2018-09-03 12:56 ` Andy Shevchenko
2018-09-03 19:10 ` Jarkko Sakkinen
2018-09-03 19:10 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 02/13] x86/cpufeature: Add SGX and SGX_LC CPU features Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-28 0:07 ` Huang, Kai
2018-08-28 0:07 ` Huang, Kai
2018-08-28 0:07 ` Huang, Kai
2018-08-28 7:17 ` Jarkko Sakkinen
2018-08-28 7:17 ` Jarkko Sakkinen
2018-08-29 7:36 ` Huang, Kai
2018-08-29 7:36 ` Huang, Kai
2018-08-29 7:36 ` Huang, Kai
2018-08-31 12:19 ` Jarkko Sakkinen
2018-08-31 12:19 ` Jarkko Sakkinen
2018-08-31 12:19 ` Jarkko Sakkinen
2018-08-31 16:18 ` Dr. Greg
2018-08-31 16:18 ` Dr. Greg
2018-08-31 16:18 ` Dr. Greg
2018-08-27 18:53 ` [PATCH v13 03/13] x86/cpufeatures: Add Intel-defined SGX leaf CPUID_12_EAX Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 19:39 ` Dave Hansen
2018-08-27 19:39 ` Dave Hansen
2018-08-27 19:39 ` Dave Hansen
2018-08-27 19:39 ` Dave Hansen
2018-08-28 7:23 ` Jarkko Sakkinen
2018-08-28 7:23 ` Jarkko Sakkinen
2018-08-28 10:21 ` Borislav Petkov
2018-08-28 10:21 ` Borislav Petkov
2018-08-28 10:38 ` Jarkko Sakkinen
2018-08-28 10:38 ` Jarkko Sakkinen
2018-08-28 10:38 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 04/13] x86/sgx: Architectural structures Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 19:41 ` Dave Hansen
2018-08-27 19:41 ` Dave Hansen
2018-08-27 19:41 ` Dave Hansen
2018-08-28 8:08 ` Jarkko Sakkinen
2018-08-28 8:08 ` Jarkko Sakkinen
2018-08-28 8:08 ` Jarkko Sakkinen
2018-09-03 13:16 ` Andy Shevchenko
2018-09-03 13:16 ` Andy Shevchenko
2018-09-03 19:17 ` Jarkko Sakkinen
2018-09-03 19:17 ` Jarkko Sakkinen
2018-09-04 16:04 ` Dave Hansen
2018-09-04 16:04 ` Dave Hansen
2018-09-04 16:06 ` Andy Shevchenko
2018-09-04 16:06 ` Andy Shevchenko
2018-09-05 17:32 ` Jarkko Sakkinen
2018-09-05 17:32 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 05/13] x86/msr: Add SGX definitions to msr-index.h Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 19:42 ` Dave Hansen
2018-08-27 19:42 ` Dave Hansen
2018-08-27 19:42 ` Dave Hansen
2018-08-28 8:11 ` Jarkko Sakkinen
2018-08-28 8:11 ` Jarkko Sakkinen
2018-08-28 8:11 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 06/13] x86/sgx: Detect Intel SGX Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 19:53 ` Dave Hansen
2018-08-27 19:53 ` Dave Hansen
2018-08-27 19:53 ` Dave Hansen
2018-08-28 8:28 ` Jarkko Sakkinen
2018-08-28 8:28 ` Jarkko Sakkinen
2018-08-28 8:28 ` Jarkko Sakkinen
2018-09-03 14:26 ` Andy Shevchenko
2018-09-03 14:26 ` Andy Shevchenko
2018-09-04 9:56 ` Jarkko Sakkinen
2018-09-04 9:56 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 07/13] x86/sgx: Add data structures for tracking the EPC pages Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 21:07 ` Dave Hansen
2018-08-27 21:07 ` Dave Hansen
2018-08-27 21:07 ` Dave Hansen
2018-08-28 10:30 ` Jarkko Sakkinen
2018-08-28 10:30 ` Jarkko Sakkinen
2018-08-28 10:30 ` Jarkko Sakkinen
2018-08-28 16:53 ` Dave Hansen
2018-08-28 16:53 ` Dave Hansen
2018-08-28 16:53 ` Dave Hansen
2018-08-28 21:34 ` Sean Christopherson
2018-08-28 21:34 ` Sean Christopherson
2018-08-28 21:34 ` Sean Christopherson
2018-08-31 11:13 ` Jarkko Sakkinen
2018-08-31 11:13 ` Jarkko Sakkinen
2018-08-31 11:13 ` Jarkko Sakkinen
2018-08-31 11:10 ` Jarkko Sakkinen
2018-08-31 11:10 ` Jarkko Sakkinen
2018-08-31 11:10 ` Jarkko Sakkinen
2018-09-03 14:41 ` Andy Shevchenko
2018-09-03 14:41 ` Andy Shevchenko
2018-09-04 9:59 ` Jarkko Sakkinen
2018-09-04 9:59 ` Jarkko Sakkinen
2018-09-04 17:49 ` Sean Christopherson
2018-09-04 17:49 ` Sean Christopherson
2018-09-04 18:01 ` Andy Shevchenko
2018-09-04 18:01 ` Andy Shevchenko
2018-09-04 18:17 ` Sean Christopherson
2018-09-04 18:17 ` Sean Christopherson
2018-09-05 17:36 ` Jarkko Sakkinen
2018-09-05 17:36 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 08/13] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-09-03 15:01 ` Andy Shevchenko
2018-09-03 15:01 ` Andy Shevchenko
2018-09-04 11:09 ` Jarkko Sakkinen
2018-09-04 11:09 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 09/13] x86/sgx: Enclave Page Cache (EPC) memory manager Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 21:14 ` Dave Hansen
2018-08-27 21:14 ` Dave Hansen
2018-08-27 21:14 ` Dave Hansen
2018-08-28 8:36 ` Jarkko Sakkinen
2018-08-28 8:36 ` Jarkko Sakkinen
2018-08-28 8:36 ` Jarkko Sakkinen
2018-08-27 21:15 ` Dave Hansen
2018-08-27 21:15 ` Dave Hansen
2018-08-27 21:15 ` Dave Hansen
2018-08-28 8:35 ` Jarkko Sakkinen
2018-08-28 8:35 ` Jarkko Sakkinen
2018-08-28 8:35 ` Jarkko Sakkinen
2018-08-28 14:07 ` Dave Hansen
2018-08-28 14:07 ` Dave Hansen
2018-08-28 14:07 ` Dave Hansen
2018-08-28 21:22 ` Sean Christopherson
2018-08-28 21:22 ` Sean Christopherson
2018-08-28 21:22 ` Sean Christopherson
2018-08-28 21:26 ` Dave Hansen
2018-08-28 21:26 ` Dave Hansen
2018-08-28 21:26 ` Dave Hansen
2018-08-28 21:52 ` Sean Christopherson
2018-08-28 21:52 ` Sean Christopherson
2018-08-28 21:52 ` Sean Christopherson
2018-08-31 11:22 ` Jarkko Sakkinen
2018-08-31 11:22 ` Jarkko Sakkinen
2018-08-31 11:22 ` Jarkko Sakkinen
2018-09-03 19:02 ` Andy Shevchenko
2018-09-03 19:02 ` Andy Shevchenko
2018-09-04 15:38 ` Jarkko Sakkinen
2018-09-04 15:38 ` Jarkko Sakkinen
2018-09-04 15:45 ` Sean Christopherson
2018-09-04 15:45 ` Sean Christopherson
2018-09-11 15:04 ` Sean Christopherson
2018-09-11 15:04 ` Sean Christopherson
2018-09-11 15:04 ` Sean Christopherson
2018-09-16 11:40 ` Jarkko Sakkinen
2018-09-16 11:40 ` Jarkko Sakkinen
2018-09-16 11:40 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 10/13] x86/sgx: Add sgx_einit() for initializing enclaves Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 21:41 ` Huang, Kai
2018-08-27 21:41 ` Huang, Kai
2018-08-27 21:41 ` Huang, Kai
2018-08-28 7:01 ` Jarkko Sakkinen
2018-08-28 7:01 ` Jarkko Sakkinen
2018-08-29 7:33 ` Huang, Kai
2018-08-29 7:33 ` Huang, Kai
2018-08-29 7:33 ` Huang, Kai
2018-08-29 20:33 ` Sean Christopherson
2018-08-29 20:33 ` Sean Christopherson
2018-08-29 20:58 ` Huang, Kai
2018-08-29 20:58 ` Huang, Kai
2018-08-29 20:58 ` Huang, Kai
2018-08-29 21:09 ` Sean Christopherson
2018-08-29 21:09 ` Sean Christopherson
2018-08-30 1:45 ` Huang, Kai
2018-08-30 1:45 ` Huang, Kai
2018-08-30 1:45 ` Huang, Kai
2018-08-31 17:43 ` Sean Christopherson
2018-08-31 17:43 ` Sean Christopherson
2018-08-31 21:34 ` Dr. Greg [this message]
2018-08-31 21:34 ` Dr. Greg
2018-08-31 21:34 ` Dr. Greg
2018-09-03 19:27 ` Jarkko Sakkinen
2018-09-03 19:27 ` Jarkko Sakkinen
2018-09-03 18:15 ` Jarkko Sakkinen
2018-09-03 18:15 ` Jarkko Sakkinen
2018-08-31 12:17 ` Jarkko Sakkinen
2018-08-31 12:17 ` Jarkko Sakkinen
2018-08-31 18:15 ` Sean Christopherson
2018-08-31 18:15 ` Sean Christopherson
2018-09-03 19:19 ` Jarkko Sakkinen
2018-09-03 19:19 ` Jarkko Sakkinen
2018-09-03 23:45 ` Huang, Kai
2018-09-03 23:45 ` Huang, Kai
2018-09-03 23:45 ` Huang, Kai
2018-09-04 14:54 ` Sean Christopherson
2018-09-04 14:54 ` Sean Christopherson
2018-09-04 15:30 ` Jarkko Sakkinen
2018-09-04 15:30 ` Jarkko Sakkinen
2018-09-04 16:35 ` Sean Christopherson
2018-09-04 16:35 ` Sean Christopherson
2018-09-04 22:13 ` Huang, Kai
2018-09-04 22:13 ` Huang, Kai
2018-09-04 22:13 ` Huang, Kai
2018-09-05 17:39 ` Jarkko Sakkinen
2018-09-05 17:39 ` Jarkko Sakkinen
2018-09-04 15:26 ` Jarkko Sakkinen
2018-09-04 15:26 ` Jarkko Sakkinen
2018-09-03 13:53 ` Jann Horn
2018-09-03 13:53 ` Jann Horn
2018-09-04 9:55 ` Jarkko Sakkinen
2018-09-04 9:55 ` Jarkko Sakkinen
2018-09-04 16:05 ` Andy Shevchenko
2018-09-04 16:05 ` Andy Shevchenko
2018-08-27 18:53 ` [PATCH v13 11/13] platform/x86: Intel SGX driver Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-09-04 17:59 ` Andy Shevchenko
2018-09-04 17:59 ` Andy Shevchenko
2018-09-05 17:33 ` Jarkko Sakkinen
2018-09-05 17:33 ` Jarkko Sakkinen
2018-09-05 17:36 ` Andy Shevchenko
2018-09-05 17:36 ` Andy Shevchenko
2018-09-06 9:21 ` Jarkko Sakkinen
2018-09-06 9:21 ` Jarkko Sakkinen
2018-09-06 17:35 ` Miguel Ojeda
2018-09-06 17:35 ` Miguel Ojeda
2018-09-07 0:50 ` Joe Perches
2018-09-07 0:50 ` Joe Perches
2018-09-07 17:02 ` Sean Christopherson
2018-09-07 17:02 ` Sean Christopherson
2018-09-07 17:02 ` Sean Christopherson
2018-09-10 18:37 ` Jarkko Sakkinen
2018-09-10 18:37 ` Jarkko Sakkinen
2018-09-10 21:22 ` Joe Perches
2018-09-10 21:22 ` Joe Perches
2018-09-10 18:33 ` Jarkko Sakkinen
2018-09-10 18:33 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 12/13] platform/x86: ptrace() support for the " Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` [PATCH v13 13/13] x86/sgx: Driver documentation Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 18:53 ` Jarkko Sakkinen
2018-08-27 19:40 ` Randy Dunlap
2018-08-27 19:40 ` Randy Dunlap
2018-08-28 7:58 ` Jarkko Sakkinen
2018-08-28 7:58 ` Jarkko Sakkinen
2018-08-28 8:03 ` Jarkko Sakkinen
2018-08-28 8:03 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180831213445.GA4098@wind.enjellic.com \
--to=greg@enjellic.com \
--cc=dave.hansen@intel.com \
--cc=hpa@zytor.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=kai.huang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=sean.j.christopherson@intel.com \
--cc=serge.ayoun@intel.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.