From: "Christopherson, Sean J" <sean.j.christopherson@intel.com>
To: "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
"'Andy Lutomirski'" <luto@kernel.org>,
"Huang, Kai" <kai.huang@linux.intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
"Cohen, Haim" <haim.cohen@intel.com>,
"intel-sgx-kernel-dev@lists.01.org"
<intel-sgx-kernel-dev@lists.01.org>,
kvm list <kvm@vger.kernel.org>, Radim Krcmar <rkrcmar@redhat.com>
Subject: RE: [intel-sgx-kernel-dev] [PATCH 08/10] kvm: vmx: add guest's IA32_SGXLEPUBKEYHASHn runtime switch support
Date: Fri, 12 May 2017 20:50:23 +0000 [thread overview]
Message-ID: <37306EFA9975BE469F115FDE982C075B9B70691D@ORSMSX108.amr.corp.intel.com> (raw)
In-Reply-To: <37306EFA9975BE469F115FDE982C075B9B706869@ORSMSX108.amr.corp.intel.com>
Christopherson, Sean J <sean.j.christopherson@intel.com> wrote:
> Andy Lutomirski <luto@kernel.org> wrote:
> > On Thu, May 11, 2017 at 9:56 PM, Huang, Kai <kai.huang@linux.intel.com>
> > >> [1] Guests that steal sealed data from each other or from the host can
> > >> manipulate that data without compromising the hypervisor by simply
> > >> loading the same enclave that its rightful owner would use. If you're
> > >> trying to use SGX to protect your crypto credentials so that, if
> > >> stolen, they can't be used outside the guest, I would consider this to
> > >> be a major flaw. It breaks the security model in a multi-tenant cloud
> > >> situation. I've complained about it before.
> > >>
> > >
> > > Looks potentially only guest's IA32_SGXLEPUBKEYHASHn may be leaked? In
> > > this case even it is leaked looks we cannot dig anything out just the
> > > hash value?
> >
> > Not sure what you mean. Are you asking about the lack of guest
> > personalization?
> >
> > Concretely, imagine I write an enclave that seals my TLS client
> > certificate's private key and offers an API to sign TLS certificate
> > requests with it. This way, if my system is compromised, an attacker
> > can use the certificate only so long as they have access to my
> > machine. If I kick them out or if they merely get the ability to read
> > the sealed data but not to execute code, the private key should still
> > be safe. But, if this system is a VM guest, the attacker could run
> > the exact same enclave on another guest on the same physical CPU and
> > sign using my key. Whoops!
>
> I know this issue has been raised internally as well, but I don't know
> the status of the situation. I'll follow up and provide any information
> I can.
So, the key players are well aware of the value added by per-VM keys,
but, ultimately, shipping this feature is dependent on having strong
requests from customers.
next prev parent reply other threads:[~2017-05-12 20:50 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-08 5:24 [RFC PATCH 00/10] Basic KVM SGX Virtualization support Kai Huang
2017-05-08 5:24 ` [PATCH 01/10] x86: add SGX Launch Control definition to cpufeature Kai Huang
2017-05-08 5:24 ` [PATCH 02/10] kvm: vmx: add ENCLS VMEXIT detection Kai Huang
2017-05-08 5:24 ` [PATCH 03/10] kvm: vmx: detect presence of host SGX driver Kai Huang
2017-05-08 5:24 ` [PATCH 04/10] kvm: sgx: new functions to init and destory SGX for guest Kai Huang
2017-05-08 5:24 ` [PATCH 05/10] kvm: x86: add KVM_GET_SUPPORTED_CPUID SGX support Kai Huang
2017-05-08 5:24 ` [PATCH 06/10] kvm: x86: add KVM_SET_CPUID2 " Kai Huang
2017-05-08 5:24 ` [PATCH 07/10] kvm: vmx: add SGX IA32_FEATURE_CONTROL MSR emulation Kai Huang
2017-05-08 5:24 ` [PATCH 08/10] kvm: vmx: add guest's IA32_SGXLEPUBKEYHASHn runtime switch support Kai Huang
2017-05-12 0:32 ` Huang, Kai
2017-05-12 3:28 ` [intel-sgx-kernel-dev] " Andy Lutomirski
2017-05-12 4:56 ` Huang, Kai
2017-05-12 6:11 ` Andy Lutomirski
2017-05-12 18:48 ` Christopherson, Sean J
2017-05-12 20:50 ` Christopherson, Sean J [this message]
2017-05-16 0:59 ` Huang, Kai
2017-05-16 1:22 ` Huang, Kai
2017-05-16 0:48 ` Huang, Kai
2017-05-16 14:21 ` Paolo Bonzini
2017-05-18 7:54 ` Huang, Kai
2017-05-18 8:58 ` Paolo Bonzini
2017-05-17 0:09 ` Andy Lutomirski
2017-05-18 7:45 ` Huang, Kai
2017-06-06 20:52 ` Huang, Kai
2017-06-06 21:22 ` Andy Lutomirski
2017-06-06 22:51 ` Huang, Kai
2017-06-07 14:45 ` Cohen, Haim
2017-06-08 12:31 ` Jarkko Sakkinen
2017-06-08 23:47 ` Huang, Kai
2017-06-08 23:53 ` Andy Lutomirski
2017-06-09 15:38 ` Cohen, Haim
2017-06-10 12:23 ` Jarkko Sakkinen
2017-06-11 22:45 ` Huang, Kai
2017-06-12 8:36 ` Jarkko Sakkinen
2017-06-12 9:53 ` Huang, Kai
2017-06-12 16:24 ` Andy Lutomirski
2017-06-12 22:08 ` Huang, Kai
2017-06-12 23:00 ` Andy Lutomirski
2017-06-16 3:46 ` Huang, Kai
2017-06-16 4:11 ` Andy Lutomirski
2017-06-16 4:33 ` Huang, Kai
2017-06-16 9:34 ` Huang, Kai
2017-06-16 16:03 ` Andy Lutomirski
2017-06-16 16:25 ` Andy Lutomirski
2017-06-16 16:31 ` Christopherson, Sean J
2017-06-16 16:43 ` Andy Lutomirski
2017-06-13 18:57 ` Jarkko Sakkinen
2017-06-13 19:05 ` Jarkko Sakkinen
2017-06-13 20:13 ` Sean Christopherson
2017-06-14 9:37 ` Jarkko Sakkinen
2017-06-14 15:11 ` Christopherson, Sean J
2017-06-14 17:03 ` Jarkko Sakkinen
2017-06-13 23:28 ` Huang, Kai
2017-06-14 9:44 ` Jarkko Sakkinen
2017-07-19 15:04 ` Sean Christopherson
2017-05-15 12:46 ` Jarkko Sakkinen
2017-05-15 23:56 ` Huang, Kai
2017-05-16 14:23 ` Paolo Bonzini
2017-05-17 14:21 ` Sean Christopherson
2017-05-18 8:14 ` Huang, Kai
2017-05-20 21:55 ` Andy Lutomirski
2017-05-23 5:43 ` Huang, Kai
2017-05-23 5:55 ` Huang, Kai
2017-05-23 16:34 ` Andy Lutomirski
2017-05-23 16:43 ` Paolo Bonzini
2017-05-24 8:20 ` Huang, Kai
2017-05-20 13:23 ` Jarkko Sakkinen
2017-05-08 5:24 ` [PATCH 09/10] kvm: vmx: handle ENCLS VMEXIT Kai Huang
2017-05-08 8:08 ` Paolo Bonzini
2017-05-10 1:30 ` Huang, Kai
2017-05-08 5:24 ` [PATCH 10/10] kvm: vmx: handle VMEXIT from SGX Enclave Kai Huang
2017-05-08 8:22 ` Paolo Bonzini
2017-05-11 9:34 ` Huang, Kai
2017-06-19 5:02 ` Huang, Kai
2017-06-27 15:29 ` Radim Krčmář
2017-06-28 22:22 ` Huang, Kai
2017-05-08 5:24 ` [PATCH 11/11] kvm: vmx: workaround FEATURE_CONTROL[17] is not set by BIOS Kai Huang
2017-05-08 5:29 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=37306EFA9975BE469F115FDE982C075B9B70691D@ORSMSX108.amr.corp.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=haim.cohen@intel.com \
--cc=intel-sgx-kernel-dev@lists.01.org \
--cc=kai.huang@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.