lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200522195017.GA121470@linux.intel.com>
Date:   Fri, 22 May 2020 22:50:17 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Sean Christopherson <sean.j.christopherson@...el.com>
Cc:     Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
        x86@...nel.org, linux-sgx@...r.kernel.org,
        akpm@...ux-foundation.org, dave.hansen@...el.com,
        nhorman@...hat.com, npmccallum@...hat.com, haitao.huang@...el.com,
        andriy.shevchenko@...ux.intel.com, tglx@...utronix.de,
        kai.svahn@...el.com, josh@...htriplett.org, luto@...nel.org,
        kai.huang@...el.com, rientjes@...gle.com, cedric.xing@...el.com,
        puiterwijk@...hat.com, Jethro Beekman <jethro@...tanix.com>
Subject: Re: [PATCH v30 04/20] x86/sgx: Add SGX microarchitectural data
 structures

On Fri, May 22, 2020 at 09:13:26AM -0700, Sean Christopherson wrote:
> On Fri, May 22, 2020 at 06:54:05PM +0300, Jarkko Sakkinen wrote:
> > On Wed, May 20, 2020 at 08:47:45PM +0200, Borislav Petkov wrote:
> > > On Fri, May 15, 2020 at 03:43:54AM +0300, Jarkko Sakkinen wrote:
> > > > +/**
> > > > + * struct sgx_sigstruct_header -  defines author of the enclave
> > > > + * @header1:		constant byte string
> > > > + * @vendor:		must be either 0x0000 or 0x8086
> > > 
> > > Out of pure curiosity: what is that about?
> > > 
> > > Nothing in the patchset enforces this, so hw does? If so, why?
> > > 
> > > Are those vendor IDs going to be assigned by someone or what's up?
> > > 
> > > Thx.
> > 
> > In SGX1 world 0x8086 was used to mark architectural enclaves and 0x0000
> > user run enclaves. In SGX2 world they are irrelevant.
> 
> That's not accurate, the vendor is irrelevant in all SGX eras, e.g. enclaves
> signed by someone other than Intel can use 0x8086 on SGX1 hardware and even
> pre-LC hardware.  0x8086 is/was used as an _informal_ "this is an
> Intel-signed enclave", but in no way was it mandatory or reliable.
> 
> > In order to retain compatiblity I'd add an explicit check to:
> > 
> > 1. Allow vendor ID of 0x0000 or 0x8086.
> > 2. Reject other vendor ID's (-EINVAL).
> 
> Unless we also check the reserved fields in sigstruct, I don't see the
> point.  Even then, I don't understand what the kernel gains from enforcing
> anything with respect to sigstruct.  Enforcing the SECS makes sense as we
> don't want to allow userspace to enable some unknown future feature.  But
> sigstruct is purely for verification, we (Intel) have far bigger problems
> if Intel is enabling new behavior via sigstruct.
> 
> That being said, I'm not dead set against sanity checking sigstruct, I just
> think it'd be a waste of cycles.

If other values except two are never going to be used it is more than a
legit point to validate this field.

It also the potential to use ~0x8086 bits to be defined later if ever
needed lets say for some kernel specific purpose.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ