[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181209170132.d4hhiic3dfoky4fr@devuan>
Date: Sun, 9 Dec 2018 18:01:32 +0100
From: Pavel Machek <pavel@....cz>
To: Andy Lutomirski <luto@...capital.net>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
X86 ML <x86@...nel.org>,
Platform Driver <platform-driver-x86@...r.kernel.org>,
linux-sgx@...r.kernel.org, Dave Hansen <dave.hansen@...el.com>,
"Christopherson, Sean J" <sean.j.christopherson@...el.com>,
nhorman@...hat.com, npmccallum@...hat.com,
"Ayoun, Serge" <serge.ayoun@...el.com>, shay.katz-zamir@...el.com,
haitao.huang@...ux.intel.com,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
"Svahn, Kai" <kai.svahn@...el.com>, mark.shanahan@...el.com,
Suresh Siddha <suresh.b.siddha@...el.com>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Darren Hart <dvhart@...radead.org>, andy@...radead.org,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v17 18/23] platform/x86: Intel SGX driver
Hi!
> On Thu, Nov 15, 2018 at 5:08 PM Jarkko Sakkinen
> <jarkko.sakkinen@...ux.intel.com> wrote:
> >
> > Intel Software Guard eXtensions (SGX) is a set of CPU instructions that
> > can be used by applications to set aside private regions of code and
> > data. The code outside the enclave is disallowed to access the memory
> > inside the enclave by the CPU access control.
> >
> > SGX driver provides a ioctl API for loading and initializing enclaves.
> > Address range for enclaves is reserved with mmap() and they are
> > destroyed with munmap(). Enclave construction, measurement and
> > initialization is done with the provided the ioctl API.
> >
>
> I brought this up a while back, and I think I should re-ask it now
> that this driver is getting close to ready:
>
> As it stands, there's just one SGX character device, and I imagine
> that it'll be available to unprivileged applications. I'm concerned
> that this isn't quite what we want. I certainly think that everyone,
> or at least almost everyone, ought to be able to run normal
> enclaves.
I don't think nobody or postfix or guest should be running enclaves on
my systems. First, I'd like to be able to debug my systems.
Second, sgx quite complex and tricky. It may turn out to be secure in
the end, but I'd not be surprised if we got few CVEs before we get
there.
Last, I'd hate to find out in few years that I can't switch to amd
cpu because firefox now requires sgx.
Just make it root-only or 660 by default. Users can get permission in
similar way they get rights to audio..
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Powered by blists - more mailing lists