lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200520210441.GD18102@linux.intel.com>
Date:   Wed, 20 May 2020 14:04:41 -0700
From:   Sean Christopherson <sean.j.christopherson@...el.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        linux-kernel@...r.kernel.org, x86@...nel.org,
        linux-sgx@...r.kernel.org, akpm@...ux-foundation.org,
        dave.hansen@...el.com, nhorman@...hat.com, npmccallum@...hat.com,
        haitao.huang@...el.com, andriy.shevchenko@...ux.intel.com,
        tglx@...utronix.de, kai.svahn@...el.com, josh@...htriplett.org,
        luto@...nel.org, kai.huang@...el.com, rientjes@...gle.com,
        cedric.xing@...el.com, puiterwijk@...hat.com,
        Jethro Beekman <jethro@...tanix.com>
Subject: Re: [PATCH v30 04/20] x86/sgx: Add SGX microarchitectural data
 structures

On Wed, May 20, 2020 at 08:47:45PM +0200, Borislav Petkov wrote:
> On Fri, May 15, 2020 at 03:43:54AM +0300, Jarkko Sakkinen wrote:
> > +/**
> > + * struct sgx_sigstruct_header -  defines author of the enclave
> > + * @header1:		constant byte string
> > + * @vendor:		must be either 0x0000 or 0x8086
> 
> Out of pure curiosity: what is that about?
> 
> Nothing in the patchset enforces this, so hw does? If so, why?

Yes, enforced by hardware during EINIT.

> Are those vendor IDs going to be assigned by someone or what's up?

No, the field has no real meaning or value, and there is no (and never was
any) intent to use it to create an OEM registry or anything of that nature.

It's effectively a reserved-0 field that happens to allow 0x8086 because of
legacy behavior within Intel's signing sytem.  Intel signed enclaves
currently populate it with 0x8086, but future enclaves may change the vendor
to 0x0 just to avoid confusion.  In short, software should ignore the field.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ