| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jun 2018 14:48:33 -0700
From: Josh Triplett <josh@...htriplett.org>
To: Pavel Machek <pavel@....cz>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, x86@...nel.org,
platform-driver-x86@...r.kernel.org, dave.hansen@...el.com,
sean.j.christopherson@...el.com, nhorman@...hat.com,
npmccallum@...hat.com, Alexei Starovoitov <ast@...nel.org>,
Andi Kleen <ak@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...e.de>,
"David S. Miller" <davem@...emloft.net>,
David Woodhouse <dwmw@...zon.co.uk>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...nel.org>,
"open list:INTEL SGX" <intel-sgx-kernel-dev@...ts.01.org>,
Janakarajan Natarajan <Janakarajan.Natarajan@....com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
"open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)"
<kvm@...r.kernel.org>, Len Brown <len.brown@...el.com>,
Linus Walleij <linus.walleij@...aro.org>,
"open list:CRYPTO API" <linux-crypto@...r.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
"open list:SPARSE CHECKER" <linux-sparse@...r.kernel.org>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
Randy Dunlap <rdunlap@...radead.org>,
Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Tom Lendacky <thomas.lendacky@....com>,
Vikas Shivappa <vikas.shivappa@...ux.intel.com>
Subject: Re: [PATCH v11 00/13] Intel SGX1 support
On Tue, Jun 19, 2018 at 10:04:15PM +0200, Pavel Machek wrote:
> On Tue 2018-06-19 17:59:43, Jarkko Sakkinen wrote:
> > On Tue, Jun 12, 2018 at 12:50:12PM +0200, Pavel Machek wrote:
> > > On Fri 2018-06-08 19:09:35, Jarkko Sakkinen wrote:
> > > > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > > > to set aside private regions of code and data. The code outside the enclave
> > > > is disallowed to access the memory inside the enclave by the CPU access
> > > > control. In a way you can think that SGX provides inverted sandbox. It
> > > > protects the application from a malicious host.
> > >
> > > Do you intend to allow non-root applications to use SGX?
> > >
> > > What are non-evil uses for SGX?
> > >
> > > ...because it is quite useful for some kinds of evil:
> >
> > The default permissions for the device are 600.
>
> Good. This does not belong to non-root.
There are entirely legitimate use cases for using this as an
unprivileged user. However, that'll be up to system and distribution
policy, which can evolve over time, and it makes sense for the *initial*
kernel permission to start out root-only and then adjust permissions via
udev.
> What are some non-evil uses for SGX?
Building a software certificate store. Hardening key-agent software like
ssh-agent or gpg-agent. Building a challenge-response authentication
system. Providing more assurance that your server infrastructure is
uncompromised. Offloading computation to a system without having to
fully trust that system.
As one of many possibilities, imagine a distcc that didn't have to trust
the compile nodes. The compile nodes could fail to return results at
all, but they couldn't alter the results.
Powered by blists - more mailing lists