From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E352BC73C63 for ; Wed, 10 Jul 2019 03:21:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9C42F20656 for ; Wed, 10 Jul 2019 03:21:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=fortanix.onmicrosoft.com header.i=@fortanix.onmicrosoft.com header.b="V1urabe3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725875AbfGJDV2 (ORCPT ); Tue, 9 Jul 2019 23:21:28 -0400 Received: from mail-eopbgr770104.outbound.protection.outlook.com ([40.107.77.104]:17312 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725840AbfGJDV1 (ORCPT ); Tue, 9 Jul 2019 23:21:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fortanix.onmicrosoft.com; s=selector2-fortanix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MrS1ntQKEgmadU4myPxsfx4ERPgSyMt9tcjRn9nQF0c=; b=V1urabe3krq5W9HgvPce6kl6v8CO2L/UlZevTV5ADgdNGmObP74z+53wvW0mZ6Ds+Mu9Uo9oWLe2f/4tHlOqELRozFOwJsSYLsu5M9vFYUTulE+F/bMTpbYB7+7N1C2tgvsi/mcxX/qR6jFSW//GMJfP/eiCRWJ53EntCVp6zcg= Received: from SN6PR11MB3167.namprd11.prod.outlook.com (52.135.109.144) by SN6PR11MB3488.namprd11.prod.outlook.com (52.135.112.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Wed, 10 Jul 2019 03:21:23 +0000 Received: from SN6PR11MB3167.namprd11.prod.outlook.com ([fe80::59f4:16ea:3382:f48c]) by SN6PR11MB3167.namprd11.prod.outlook.com ([fe80::59f4:16ea:3382:f48c%7]) with mapi id 15.20.2052.019; Wed, 10 Jul 2019 03:21:23 +0000 From: Jethro Beekman To: Sean Christopherson , Jarkko Sakkinen CC: "linux-sgx@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" , Bill Roberts , Casey Schaufler , James Morris , Dave Hansen , Cedric Xing , Andy Lutomirski , "Dr . Greg Wettstein" , Stephen Smalley Subject: Re: [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM Thread-Topic: [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM Thread-Index: AQHVJu278e4P7nG6+0S5cQ1LEP9rZqa8SSqAgATOYACAAjewAA== Date: Wed, 10 Jul 2019 03:21:23 +0000 Message-ID: <8d3f16db-53c2-2bcc-04e1-ff722092af16@fortanix.com> References: <20190619222401.14942-1-sean.j.christopherson@intel.com> <20190705160549.tzsck5ho5kvtdhit@linux.intel.com> <20190708172930.GA20791@linux.intel.com> In-Reply-To: <20190708172930.GA20791@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR08CA0021.namprd08.prod.outlook.com (2603:10b6:a03:100::34) To SN6PR11MB3167.namprd11.prod.outlook.com (2603:10b6:805:c4::16) authentication-results: spf=none (sender IP is ) smtp.mailfrom=jethro@fortanix.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [76.236.28.27] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3a521bd8-f773-4e96-5104-08d704e5af2e x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020);SRVR:SN6PR11MB3488; x-ms-traffictypediagnostic: SN6PR11MB3488: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(366004)(39840400004)(376002)(396003)(136003)(199004)(189003)(66616009)(256004)(66946007)(66446008)(8676002)(64756008)(66556008)(14444005)(66476007)(6436002)(8936002)(446003)(81156014)(7416002)(15650500001)(71190400001)(305945005)(53936002)(71200400001)(316002)(54906003)(110136005)(186003)(5660300002)(31686004)(86362001)(6246003)(53546011)(68736007)(386003)(6506007)(66066001)(486006)(25786009)(81166006)(508600001)(6486002)(14454004)(102836004)(2616005)(52116002)(76176011)(99936001)(99286004)(476003)(11346002)(3846002)(7736002)(2906002)(229853002)(26005)(31696002)(6512007)(36756003)(4326008)(6116002);DIR:OUT;SFP:1102;SCL:1;SRVR:SN6PR11MB3488;H:SN6PR11MB3167.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: fortanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 3MsQ8kEGq8/jRmCeTKinx5LLby3zL0S42n8nXJaZ4p64Tmf9TAWgbXdZP3Yc0qEGVOFY0mGPPXxI1+6oIru4R5IGlTgFKO50Wwpb2z2rUPscjL65aYyU0ZILTWrUGWLaGSpsbx+8fU4L0pesxMmrZNHZAeJC+Ior1iX5Xz7+LFXcacOR3tsc+Az1mUIHLmh1xb8EEbek9EEQHd54nMKS4ISeUS4vqKp5hkDt58UOReAobuH2y/Z5cYKnJPRKyAB48qgW4QiP6VfiTx+DmCZrW7xVSrfeQJWrp9IQTMY+X8dAuTTCZ8DoOLwrasSub0IVQh/rgX2uZePDabuPKQGYpabOw3bz26q3SSNE3EKYmSWCfuDS1FiEGOvpiJA9Iqp5/HGgbutJ1pgiBTwYfaGuy/b/KeUVKhwfCanH3gAk8tw= Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms040208080400030707060206" MIME-Version: 1.0 X-OriginatorOrg: fortanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3a521bd8-f773-4e96-5104-08d704e5af2e X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 03:21:23.2222 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: de7becae-4883-43e8-82c7-7dbdbb988ae6 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jethro@fortanix.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3488 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org --------------ms040208080400030707060206 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2019-07-08 10:29, Sean Christopherson wrote: > On Fri, Jul 05, 2019 at 07:05:49PM +0300, Jarkko Sakkinen wrote: >> On Wed, Jun 19, 2019 at 03:23:49PM -0700, Sean Christopherson wrote: >> >> I still don't get why we need this whole mess and do not simply admit >> that there are two distinct roles: >> >> 1. Creator >> 2. User >=20 > Because SELinux has existing concepts of EXECMEM and EXECMOD. >=20 >> In the SELinux context Creator needs FILE__WRITE and FILE__EXECUTE but= >> User does not. It just gets the fd from the Creator. I'm sure that all= >> the SGX2 related functionality can be solved somehow in this role >> playing game. >> >> An example would be the usual case where enclave is actually a loader >> that loads the actual piece of software that one wants to run. Things >> simply need to be designed in a way the Creator runs the loader part. >> These are non-trivial problems but oddball security model is not going= >> to make them disappear - on the contrary it will make designing user >> space only more complicated. >> >> I think this is classical example of when something overly complicated= >> is invented in the kernel only to realize that it should be solved in >> the user space. >> >> It would not be like the only use case where some kind of privileged >> daemon is used for managing some a kernel provided resource. >> >> I think a really good conclusion from this discussion that has taken t= wo >> months is to realize that nothing needs to be done in this area (excep= t >> *maybe* noexec check). >=20 > Hmm, IMO we need to support at least equivalents to EXECMEM and EXECMOD= =2E >=20 > That being said, we can do so without functional changes to the SGX uap= i, > e.g. add reserved fields so that the initial uapi can be extended *if* = we > decide to go with the "userspace provides maximal protections" path, an= d > use the EPCM permissions as the maximal protections for the initial > upstreaming. Why do you need to add reserved fields now? Isn't this what=20 incorporating the struct size in the ioctl number is for? -- Jethro Beekman | Fortanix --------------ms040208080400030707060206 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC Cx8wggUxMIIEGaADAgECAhBdZC9mIseKJlmxx1xn+g00MA0GCSqGSIb3DQEBCwUAMIGXMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBD bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xODA5MTUwMDAw MDBaFw0xOTA5MTUyMzU5NTlaMCQxIjAgBgkqhkiG9w0BCQEWE2pldGhyb0Bmb3J0YW5peC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRQDOQsroKjy2xAQCXLyqryJt4 Xwj8hcweJCzOnjILKHIoWlOQ0b9yIbFLIWBRt/9zdxlE5ZabDVHnkIyhcVgtU/BA73e78Wx2 LOObdg0wfs9U2CVRYhz2EPHFjGvkYKihItt69ye91hj1w7RKCrYC8KZGSZ/+sbkJzQdXVy32 lxmiNEt17GNRebpkJCaFnznd6C2a8tBAS2Fa/UNyFdEs4eoRoYSKswclRhbe81aVhqY2hjcd O6puyyaYp5hkmau2UPih6OpRSOhbe6Tuebceg1yvumoVX3OZtGPS1VdQ+p0bxB0RE6gNs140 ZKUhrvAJDETuGaaQD4A2/6ksLunjAgMBAAGjggHpMIIB5TAfBgNVHSMEGDAWgBSCr2yM+MX+ lmF86B89K3FIXsSLwDAdBgNVHQ4EFgQUsFUcmGtaJBU7/52LyTYHC/M+LscwDgYDVR0PAQH/ BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUC MBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsG AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBL hklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlv bmFuZFNlY3VyZUVtYWlsQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0 dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5k U2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv bTAeBgNVHREEFzAVgRNqZXRocm9AZm9ydGFuaXguY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB6 v3tFEUSGv9+yY4wUjvcMyz3126nJrX5LkfEvrnCEpEiImECuoYvxOYNLYYynell7BQGtTaZg shMfDvwpy2isoi3w1AWAfbn6npnSKLzu0BMRvcCPWY8VPmePPizTqXoPkLwgTJfSaWkxMP1u rfL9S5NeRdkjwjHklX5IWuwwDu1hsKVZrxSSY2unCtvq67UHWz+z6rG1JQrP2YDfb98xun3y eLBNe/LFBNnGISbkT5q6D+e5c0bgzoH9nH4bsw3t8aDqJTfT3BqQdWr4pF05ODzzeOmEqeYE qGlD9hIL2AbmTZLjunAnARr6Fv7Sfqt23ptsGkmoZ9ZQNjT3TlwvMIIF5jCCA86gAwIBAgIQ apvhODv/K2ufAdXZuKdSVjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwHhcNMTMwMTEwMDAwMDAwWhcNMjgwMTA5MjM1OTU5WjCBlzELMAkGA1UEBhMCR0Ix GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC+s55XrCh2dUAWxzgDmNPGGHYhUPMleQtMtaDRfTpYPpynMS6n9jR22YRq2tA9 NEjk6vW7rN/5sYFLIP1of3l0NKZ6fLWfF2VgJ5cijKYy/qlAckY1wgOkUMgzKlWlVJGyK+Ul NEQ1/5ErCsHq9x9aU/x1KwTdF/LCrT03Rl/FwFrf1XTCwa2QZYL55AqLPikFlgqOtzk06kb2 qvGlnHJvijjI03BOrNpo+kZGpcHsgyO1/u1OZTaOo8wvEU17VVeP1cHWse9tGKTDyUGg2hJZ jrqck39UIm/nKbpDSZ0JsMoIw/JtOOg0JC56VzQgBo7ictReTQE5LFLG3yQK+xS1AgMBAAGj ggE8MIIBODAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUgq9s jPjF/pZhfOgfPStxSF7Ei8AwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw EQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9jcmwuY29tb2Rv Y2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEGCCsGAQUFBwEB BGUwYzA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQWRk VHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTANBgkq hkiG9w0BAQwFAAOCAgEAeFyygSg0TzzuX1bOn5dW7I+iaxf28/ZJCAbU2C81zd9A/tNx4+js QgwRGiHjZrAYayZrrm78hOx7aEpkfNPQIHGG6Fvq3EzWf/Lvx7/hk6zSPwIal9v5IkDcZoFD 7f3iT7PdkHJY9B51csvU50rxpEg1OyOT8fk2zvvPBuM4qQNqbGWlnhMpIMwpWZT89RY0wpJO +2V6eXEGGHsROs3njeP9DqqqAJaBa4wBeKOdGCWn1/Jp2oY6dyNmNppI4ZNMUH4Tam85S1j6 E95u4+1Nuru84OrMIzqvISE2HN/56ebTOWlcrurffade2022O/tUU1gb4jfWCcyvB8czm12F gX/y/lRjmDbEA08QJNB2729Y+io1IYO3ztveBdvUCIYZojTq/OCR6MvnzS6X72HP0PRLRTiO SEmIDsS5N5w/8IW1Hva5hEFy6fDAfd9yI+O+IMMAj1KcL/Zo9jzJ16HO5m60ttl1Enk8MQkz /W3JlHaeI5iKFn4UJu1/cP2YHXYPiWf2JyBzsLBrGk1II+3yL8aorYew6CQvdVifC3HtwlSa m9V1niiCfOBe2C12TdKGu05LWIA3ZkFcWJGaNXOZ6Ggyh/TqvXG5v7zmEVDNXFnHn9tFpMpO UvxhcsjycBtH0dZ0WrNw6gH+HF8TIhCnH3+zzWuDN0Rk6h9KVkfKehIxggQ1MIIEMQIBATCB rDCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9E TyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yi x4omWbHHXGf6DTQwDQYJYIZIAWUDBAIBBQCgggJZMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDcxMDAzMjEyMFowLwYJKoZIhvcNAQkEMSIEIOp75790 20xkapqRi0adYCd/E5qwTnuCnjqf0DM8y690MGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgb0GCSsGAQQBgjcQBDGBrzCBrDCBlzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0Eg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yix4omWbHH XGf6DTQwgb8GCyqGSIb3DQEJEAILMYGvoIGsMIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g Q0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24g YW5kIFNlY3VyZSBFbWFpbCBDQQIQXWQvZiLHiiZZscdcZ/oNNDANBgkqhkiG9w0BAQEFAASC AQAtjbkLhhx6x+ZAOW8FCMJTR+OtstAilp5Py9pS0eXdAcfOPagcNX1/dvvvanHIHrJ951SM vdSYpPube2bqs2f+hoxt+vrKAd70wjJXUM4aQphgQEWjmZx6EIV1V/quwzlp43HP0UtpJvVC uUrRb+6yA3cNax9UlF6zhb/xcLtXpfd8TVRlA7XfBU1BkUgg1Vb+zXJq2QmcGxOLf8n5qhHv ztW6eOMbr1KghRqBNPdJrwLeFKb4T35clL1V3Y3mGwhxb5xuFPoP/26RDM6u7i6IKZTmaAqu 7Agr0DE+BxpD4DXxIxGPpIQrDY8QiNRE65Fb2ccl2bFwhdt1EmQlXMLLAAAAAAAA --------------ms040208080400030707060206--