| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 6 May 2016 09:21:55 -0700 From: Andy Lutomirski <luto@...capital.net> To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> Cc: Ingo Molnar <mingo@...nel.org>, Pavel Machek <pavel@....cz>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, Thomas Gleixner <tglx@...utronix.de>, Greg KH <gregkh@...uxfoundation.org>, Mathias Krause <minipli@...glemail.com>, Borislav Petkov <bp@...e.de>, "open list:STAGING SUBSYSTEM" <devel@...verdev.osuosl.org>, Wan Zongshun <Vincent.Wan@....com>, Kristen Carlson Accardi <kristen@...ux.intel.com>, open list <linux-kernel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, "H. Peter Anvin" <hpa@...or.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl> Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions On Fri, May 6, 2016 at 4:23 AM, Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> wrote: > On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote: >> >> * Andy Lutomirski <luto@...capital.net> wrote: >> >> > > What new syscalls would be needed for ssh to get all this support? >> > >> > This patchset or similar, plus some user code and an enclave to use. >> > >> > Sadly, on current CPUs, you also need Intel to bless the enclave. It looks like >> > new CPUs might relax that requirement. >> >> That looks like a fundamental technical limitation in my book - to an open source >> user this is essentially a very similar capability as tboot: it only allows the >> execution of externally blessed static binary blobs... >> >> I don't think we can merge any of this upstream until it's clear that the hardware >> owner running open-source user-space can also freely define/start his own secure >> enclaves without having to sign the enclave with any external party. I.e. >> self-signed enclaves should be fundamentally supported as well. > > Post Skylake we will have a set of MSRs for defining your own root of > trust: IA32_SGXLEPUBKEYHASH. > > Andy had a concern that you could set root of trust multiple times, > which could lead to potential attack scenarios. These MSRs are one-shot. > ENCLS will fail if the launch control is locked. There's no possiblity > to have a root of trust that is unlocked. If this is actually true, can you ask the architecture folks to clarify their manual. The MSR description in table 35-2 says "Write permitted if CPUID.(EAX=12H,ECX=0H): EAX[0]=1 && IA32_FEATURE_CONTROL[17] = 1 && IA32_FEATURE_CONTROL[0] = 1" 39.1.4 says "If IA32_FEATURE_CONTROL is locked with bit 17 set, IA32_SGXLEPUBKEYHASH MSRs are reconfigurable (writeable). If either IA32_FEATURE_CONTROL is not locked or bit 17 is clear, the MSRs are read only. By leaving these MSRs writable, system SW or a VMM can support a plurality of Launch Enclaves for hosting multiple execution environments." This does not sound like one-shot to me. It sounds quite clear, in fact, that it's *not* one-shot so a "plurality" of these things are supported. --Andy
Powered by blists - more mailing lists