| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Sep 2019 10:51:56 +0200
From: Borislav Petkov <bp@...en8.de>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
linux-sgx@...r.kernel.org, akpm@...ux-foundation.org,
dave.hansen@...el.com, nhorman@...hat.com, npmccallum@...hat.com,
serge.ayoun@...el.com, shay.katz-zamir@...el.com,
haitao.huang@...el.com, andriy.shevchenko@...ux.intel.com,
tglx@...utronix.de, kai.svahn@...el.com, josh@...htriplett.org,
luto@...nel.org, kai.huang@...el.com, rientjes@...gle.com,
cedric.xing@...el.com, Kai Huang <kai.huang@...ux.intel.com>,
Haim Cohen <haim.cohen@...el.com>
Subject: Re: [PATCH v22 02/24] x86/cpufeatures: x86/msr: Intel SGX Launch
Control hardware bits
On Tue, Sep 24, 2019 at 01:22:10PM -0700, Sean Christopherson wrote:
> The approach we chose (patch 04, which we were discussing) is to disable
> SGX if SGX_LE_WR is not set, i.e. disallow SGX unless the hash MSRs exist
> and are fully writable.
Hmm, so I see
+ if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) {
+ pr_info_once("sgx: The launch control MSRs are not writable\n");
+ goto err_msrs_rdonly;
which clears only X86_FEATURE_SGX_LC but leaves the other three feature
bits set?!
If you'd want to disable SGX then you'd need to jump to the
err_unsupported label and get rid of the err_msrs_rdonly one.
Or am I missing something?
> WRMSR will #GP if FEATURE_CONTROL is locked (bit 0), e.g. attempting to
> set SGX_LE_WR will trap if FEATURE_CONTROL was locked by BIOS.
Right.
> And conversely, the various enable bits in FEATURE_CONTROL don't
> take effect until FEATURE_CONTROL is locked, e.g. the LE hash MSRs
> aren't writable if FEATURE_CONTROL is unlocked, regardless of whether
> SGX_LE_WR is set.
Ok. We want them writable.
> Sadly, because FEATURE_CONTROL must be locked to fully enable SGX, the
> reality is that any BIOS that supports SGX will lock FEATURE_CONTROL.
That's fine. The question is, would OEMs leave the hash MSRs writable?
If, as you say above, we clear SGX feature bit - not only
X86_FEATURE_SGX_LC - when the MSRs are not writable, then we're fine.
Platforms sticking their own hash in there won't be supported but I
guess their aim is not to be supported in Linux anyway.
> That's the status quo today as well since VMX (and SMX/TXT) is also
> enabled via FEATURE_CONTROL. KVM does have logic to enable VMX and lock
> FEATURE_CONTROL if the MSR isn't locked, but AIUI that exists only to work
> with old BIOSes.
>
> If we want to support setting and locking FEATURE_CONTROL in the extremely
> unlikely scenario that BIOS left it unlocked, the proper change would be
I wouldn't be too surprised if this happened. BIOS is very inventive.
> One note on Launch Control that isn't covered in the SDM: the LE hash
> MSRs can also be written before SGX is activated. SGX activation must
> occur before FEATURE_CONTROL is locked, meaning BIOS can set the LE
> hash MSRs to a non-intel and then lock FEATURE_CONTROL with SGX_LE_WR=0.
This is exactly what I'm afraid of. The OEM vendors locking this down.
> Heh, why stop at 4? 12_EBX, 12_1_ECX and 12_1_EDX are effectively feature
> leafs as well, although the kernel can ignore them for the most part.
Yeah, we're mentally prepared for the feature bit space explosion. :)
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists