| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200306190753.GH7472@linux.intel.com>
Date: Fri, 6 Mar 2020 21:07:53 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: "Dr. Greg" <greg@...ellic.com>
Cc: Nathaniel McCallum <npmccallum@...hat.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
linux-sgx@...r.kernel.org, akpm@...ux-foundation.org,
dave.hansen@...el.com,
"Christopherson, Sean J" <sean.j.christopherson@...el.com>,
Neil Horman <nhorman@...hat.com>,
"Huang, Haitao" <haitao.huang@...el.com>,
andriy.shevchenko@...ux.intel.com, tglx@...utronix.de,
"Svahn, Kai" <kai.svahn@...el.com>, bp@...en8.de,
Josh Triplett <josh@...htriplett.org>, luto@...nel.org,
kai.huang@...el.com, rientjes@...gle.com, cedric.xing@...el.com,
Patrick Uiterwijk <puiterwijk@...hat.com>,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v28 14/22] selftests/x86: Add a selftest for SGX
On Fri, Mar 06, 2020 at 09:42:22AM -0600, Dr. Greg wrote:
> On Thu, Mar 05, 2020 at 01:33:28PM +0200, Jarkko Sakkinen wrote:
>
> Good morning, I hope the end of the week is going well for everyone.
>
> > On Wed, 2020-03-04 at 14:27 -0500, Nathaniel McCallum wrote:
> > > # Header
> > > .fill 1, 8, 0 # XSTATE_BV
> > > .fill 1, 8, 1 << 63 # XCOMP_BV (compaction mode)
> > > .fill 6, 8, 0
> > >
> > > Also, since people are likely to copy this code for their own
> > > enclaves, it would be helpful to document which flags are set in FCW
> > > and MXCSR.
>
> > It was meant as a test program but I'd guess what you say is true
> > because it also might be the only alternative user space to Intel's
> > :-) And a great starting point if you want to do things from
> > scratch.
> >
> > Because I meant it as a smoke test program for SGX, not everything
> > is too well documented but given the multipurpose use for that code
> > I'll make the improvements that you are suggesting.
>
> At the risk of what will certainly be a fair amount of criticism, I
> will take on the moniker of being the pernicious voice of reality, if
> not intellectual honesty, in all of this. No market or security
> relevant enclaves are going to get built by developers starting from
> scratch or copying this code, useful and informative as it might be,
> into their enclaves.
>
> That isn't to say that it isn't good to have some example code but
> Nate's point in a previous e-mail is well taken, it shouldn't have
> known security vulnerabilities in it. Given the current realities of
> speculative execution attacks, there are a ton of subtle issues
> surrounding entry and exit into enclaves, which by definition is the
> primary attack surface for a trusted execution environment.
>
> For the sake of those reading along at home, relevant enclave
> development needs, at an absolute minimum, the following:
>
> 1.) A lot of trusted runtime initialization and scaffolding code.
> 2.) An embedded C/C++ library.
> 3.) A compiler intrinsics implementation.
>
> That gets you, maybe, something that you can start thinking about,
> 'hello world', with, but nothing useful with respect to what anyone
> would want to do with an enclave.
Actually many people have applaused to have a small scoped, even if not
perfect, test program to look at how SGX works. One that is only
dependent on glibc. None of the selftests are meant to be production
peaces of code. You are getting wrong the role of the selftest in the
first place.
/Jarkko
Powered by blists - more mailing lists