| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 May 2016 17:38:40 +0200 From: Pavel Machek <pavel@....cz> To: "Dr. Greg Wettstein" <greg@...ellic.com> Cc: "Austin S. Hemmelgarn" <ahferroin7@...il.com>, Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, gregkh@...uxfoundation.org, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...e.de>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, "open list:STAGING SUBSYSTEM" <devel@...verdev.osuosl.org>, Ingo Molnar <mingo@...nel.org>, Kristen Carlson Accardi <kristen@...ux.intel.com>, "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>, open list <linux-kernel@...r.kernel.org>, Mathias Krause <minipli@...glemail.com>, Thomas Gleixner <tglx@...utronix.de>, Wan Zongshun <Vincent.Wan@....com> Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions Hi! > We have been following and analyzing this technology since the first > HASP paper was published detailing its development. We have been (1) > > I told my associates the first time I reviewed this technology that > SGX has the ability to be a bit of a Pandora's box and it seems to be > following that course. Can you elaborate on the Pandora's box? System administrator should be able to disable SGX on the system, and use system to do anything that could be done with the older CPUs, right? > support data and application confidentiality and integrity in the face > of an Iago threat environment, ie. a situation where a security (2) > Intel is obviously cognizant of the risk surrounding illicit uses of > this technology since it clearly calls out that, by agreeing to have > their key signed, a developer agrees to not implement nefarious or > privacy invasive software. Given the known issues that Certificate Yeah, that's likely to work ... not :-(. "It is not spyware, it is just collecting some anonymous statistics." > domination and control. They probably have enough on their hands with > attempting to convert humanity to FPGA's and away from devices which > are capable of maintaining a context of exection... :-) Heh. FPGAs are not designed to replace CPUs anytime soon... And probably never. > the Haven paper in which Microsoft Research discussed how SGX could be > used to run unmodified Windows applications within an SGX TEE. (3) > I think Intel was somewhat sobered by the follow on paper in which > Microsoft demonstrated that in an Iago environment an interloper was > capable of determing with accuracy levels greater then 60% what was > being done in an SGX TEE. Matt Hoekstra was very quick to call out > the need for the community to understand and develop side channel (4) > In the TL;DR department I would highly recommend that anyone > interested in all of this read MIT's 170+ page review of the > technology before jumping to any conclusions.... :-) (5) Would you have links for 1-5? Thanks, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Powered by blists - more mailing lists