| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181210074717.GA9880@localhost>
Date: Sun, 9 Dec 2018 23:47:17 -0800
From: Josh Triplett <josh@...htriplett.org>
To: Pavel Machek <pavel@....cz>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, x86@...nel.org,
platform-driver-x86@...r.kernel.org, dave.hansen@...el.com,
sean.j.christopherson@...el.com, nhorman@...hat.com,
npmccallum@...hat.com, Alexei Starovoitov <ast@...nel.org>,
Andi Kleen <ak@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...e.de>,
"David S. Miller" <davem@...emloft.net>,
David Woodhouse <dwmw@...zon.co.uk>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...nel.org>,
"open list:INTEL SGX" <intel-sgx-kernel-dev@...ts.01.org>,
Janakarajan Natarajan <Janakarajan.Natarajan@....com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
"open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)"
<kvm@...r.kernel.org>, Len Brown <len.brown@...el.com>,
Linus Walleij <linus.walleij@...aro.org>,
"open list:CRYPTO API" <linux-crypto@...r.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
"open list:SPARSE CHECKER" <linux-sparse@...r.kernel.org>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
Randy Dunlap <rdunlap@...radead.org>,
Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Tom Lendacky <thomas.lendacky@....com>,
Vikas Shivappa <vikas.shivappa@...ux.intel.com>
Subject: Re: [PATCH v11 00/13] Intel SGX1 support
On Sun, Dec 09, 2018 at 09:06:00PM +0100, Pavel Machek wrote:
...
> > > > The default permissions for the device are 600.
> > >
> > > Good. This does not belong to non-root.
> >
> > There are entirely legitimate use cases for using this as an
> > unprivileged user. However, that'll be up to system and distribution
> > policy, which can evolve over time, and it makes sense for the *initial*
> > kernel permission to start out root-only and then adjust permissions via
> > udev.
>
> Agreed.
>
> > Building a software certificate store. Hardening key-agent software like
> > ssh-agent or gpg-agent. Building a challenge-response authentication
> > system. Providing more assurance that your server infrastructure is
> > uncompromised. Offloading computation to a system without having to
> > fully trust that system.
>
> I think you can do the crypto stuff... as crypto already verifies the
> results. But I don't think you can do the computation offload.
You can, as long as you can do attestation.
> > As one of many possibilities, imagine a distcc that didn't have to trust
> > the compile nodes. The compile nodes could fail to return results at
> > all, but they couldn't alter the results.
>
> distcc on untrusted nodes ... oh yes, that would be great.
>
> Except that you can't do it, right? :-).
>
> First, AFAICT it would be quite hard to get gcc to run under SGX. But
> maybe you have spare month or three and can do it.
Assuming you don't need to #include files, gcc seems quite simple to run
in an enclave: data in, computation inside, data out.
Powered by blists - more mailing lists