All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@amacapital.net>
To: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Greg KH <gregkh@linuxfoundation.org>,
	Mathias Krause <minipli@googlemail.com>,
	"open list:STAGING SUBSYSTEM" <devel@driverdev.osuosl.org>,
	Pavel Machek <pavel@ucw.cz>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Borislav Petkov <bp@suse.de>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	Wan Zongshun <Vincent.Wan@amd.com>,
	Peter Zijlstra <a.p.zijlstra@chello.nl>,
	Kristen Carlson Accardi <kristen@linux.intel.com>,
	open list <linux-kernel@vger.kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions
Date: Wed, 27 Apr 2016 07:05:53 -0700	[thread overview]
Message-ID: <CALCETrW+KWm0rkh586xNUhkC1nFDNYKwaLwupvCcij=m_5Or1Q@mail.gmail.com> (raw)
In-Reply-To: <20160427081804.GC16991@gmail.com>

On Apr 27, 2016 1:18 AM, "Ingo Molnar" <mingo@kernel.org> wrote:
>
>
> * Andy Lutomirski <luto@amacapital.net> wrote:
>
> > > What new syscalls would be needed for ssh to get all this support?
> >
> > This patchset or similar, plus some user code and an enclave to use.
> >
> > Sadly, on current CPUs, you also need Intel to bless the enclave.  It looks like
> > new CPUs might relax that requirement.
>
> That looks like a fundamental technical limitation in my book - to an open source
> user this is essentially a very similar capability as tboot: it only allows the
> execution of externally blessed static binary blobs...
>
> I don't think we can merge any of this upstream until it's clear that the hardware
> owner running open-source user-space can also freely define/start his own secure
> enclaves without having to sign the enclave with any external party. I.e.
> self-signed enclaves should be fundamentally supported as well.

Certainly, if this were a *graphics* driver, airlied would refuse to
merge it without open source userspace available.

We're all used to Intel sending patches that no one outside Intel can
test without because no one has the hardware.  Heck, I recently sent a
vdso patch that *I* can't test.  But in this case I have the hardware
and there is no way that I can test it, and I don't like this at all.

See my earlier comments about not allowing user code to provide
EINITTOKEN.  Implementing that would mostly solve this problem, with
the big caveat that it may be impossible to implement that suggestion
until Intel changes its stance (which is clearly in progress, given
the recent SDM updates).

This could easily end up bring a CNL-only feature in Linux.  (Or
whatever generation that change is in.)

--Andy

  reply	other threads:[~2016-04-27 14:06 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-25 17:34 [PATCH 0/6] Intel Secure Guard Extensions Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 1/6] x86: add SGX definition to cpufeature Jarkko Sakkinen
2016-04-25 19:31   ` Andy Lutomirski
2016-04-25 19:48     ` Andi Kleen
2016-04-25 17:34 ` [PATCH 2/6] x86, sgx: common macros and definitions Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 3/6] intel_sgx: driver for Intel Secure Guard eXtensions Jarkko Sakkinen
2016-04-25 17:55   ` Greg KH
2016-04-25 19:04     ` Jarkko Sakkinen
2016-04-27  6:49   ` Jethro Beekman
2016-04-27 12:40     ` Jarkko Sakkinen
2016-04-27 23:32       ` Jethro Beekman
2016-04-29 20:04         ` Jarkko Sakkinen
2016-04-29 22:22           ` Jethro Beekman
2016-05-09  5:29             ` Jarkko Sakkinen
2016-05-09  7:06               ` Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 4/6] intel_sgx: ptrace() support for the driver Jarkko Sakkinen
2016-04-25 17:34 ` [PATCH 5/6] intel_sgx: driver documentation Jarkko Sakkinen
2016-04-25 20:01   ` Andy Lutomirski
2016-05-05 22:45     ` Jarkko Sakkinen
2016-05-06  0:52       ` Andy Lutomirski
2016-05-06 11:35         ` Jarkko Sakkinen
2016-05-06 16:24           ` Andy Lutomirski
2016-04-25 17:34 ` [PATCH 6/6] intel_sgx: TODO file for the staging area Jarkko Sakkinen
2016-04-25 17:54   ` Greg KH
2016-04-25 18:56     ` Jarkko Sakkinen
2016-04-25 19:06   ` One Thousand Gnomes
2016-04-25 20:01   ` Andi Kleen
2016-04-26 11:23     ` Jarkko Sakkinen
2016-04-27  6:38       ` Jethro Beekman
2016-05-17  9:38         ` Jarkko Sakkinen
2016-04-25 17:53 ` [PATCH 0/6] Intel Secure Guard Extensions Greg KH
2016-04-25 19:03   ` Jarkko Sakkinen
2016-04-25 19:20     ` Andy Lutomirski
2016-04-26 19:00 ` Pavel Machek
2016-04-26 19:05   ` Andy Lutomirski
2016-04-26 19:41     ` Pavel Machek
2016-04-26 19:56       ` Andy Lutomirski
2016-04-26 20:11         ` Pavel Machek
2016-04-26 20:59           ` One Thousand Gnomes
2016-04-26 21:52             ` Pavel Machek
2016-04-26 22:35               ` Andy Lutomirski
2016-04-26 22:33           ` Andy Lutomirski
2016-04-27  7:32             ` Pavel Machek
2016-04-27  8:18             ` Ingo Molnar
2016-04-27 14:05               ` Andy Lutomirski [this message]
2016-05-06 11:23               ` Jarkko Sakkinen
2016-05-06 16:21                 ` Andy Lutomirski
2016-04-26 20:16         ` One Thousand Gnomes
2016-04-26 20:19       ` One Thousand Gnomes
2016-04-29 20:17   ` Jarkko Sakkinen
2016-05-01  9:40     ` Pavel Machek
2016-05-02 15:37     ` Austin S. Hemmelgarn
2016-05-03  9:06       ` Dr. Greg Wettstein
2016-05-03 15:38         ` Pavel Machek
2016-05-04  9:04           ` Dr. Greg Wettstein
2016-05-04 11:07             ` Pavel Machek
2016-05-06 11:39         ` Jarkko Sakkinen
2016-05-06 11:54           ` Thomas Gleixner
2016-05-09  5:38             ` Jarkko Sakkinen
2016-05-09  6:27               ` Thomas Gleixner
2016-05-09  9:20                 ` Jarkko Sakkinen
2016-05-12  8:50                 ` Dr. Greg Wettstein
2016-05-09  7:04               ` Greg KH
2016-05-09  9:13                 ` Jarkko Sakkinen
2016-05-08  9:58           ` Dr. Greg Wettstein
2016-05-09  1:32             ` Andy Lutomirski
2016-05-13  9:42               ` Dr. Greg Wettstein
2016-05-13 14:09                 ` Andy Lutomirski
2016-05-05 22:52       ` Jarkko Sakkinen
2016-05-06  7:14         ` Pavel Machek
2016-05-06 11:27           ` Jarkko Sakkinen
2016-04-29 22:08   ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALCETrW+KWm0rkh586xNUhkC1nFDNYKwaLwupvCcij=m_5Or1Q@mail.gmail.com' \
    --to=luto@amacapital.net \
    --cc=Vincent.Wan@amd.com \
    --cc=a.p.zijlstra@chello.nl \
    --cc=boris.ostrovsky@oracle.com \
    --cc=bp@suse.de \
    --cc=devel@driverdev.osuosl.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=hpa@zytor.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=kristen@linux.intel.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=minipli@googlemail.com \
    --cc=pavel@ucw.cz \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.