lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200522161326.GC25128@linux.intel.com>
Date:   Fri, 22 May 2020 09:13:26 -0700
From:   Sean Christopherson <sean.j.christopherson@...el.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc:     Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
        x86@...nel.org, linux-sgx@...r.kernel.org,
        akpm@...ux-foundation.org, dave.hansen@...el.com,
        nhorman@...hat.com, npmccallum@...hat.com, haitao.huang@...el.com,
        andriy.shevchenko@...ux.intel.com, tglx@...utronix.de,
        kai.svahn@...el.com, josh@...htriplett.org, luto@...nel.org,
        kai.huang@...el.com, rientjes@...gle.com, cedric.xing@...el.com,
        puiterwijk@...hat.com, Jethro Beekman <jethro@...tanix.com>
Subject: Re: [PATCH v30 04/20] x86/sgx: Add SGX microarchitectural data
 structures

On Fri, May 22, 2020 at 06:54:05PM +0300, Jarkko Sakkinen wrote:
> On Wed, May 20, 2020 at 08:47:45PM +0200, Borislav Petkov wrote:
> > On Fri, May 15, 2020 at 03:43:54AM +0300, Jarkko Sakkinen wrote:
> > > +/**
> > > + * struct sgx_sigstruct_header -  defines author of the enclave
> > > + * @header1:		constant byte string
> > > + * @vendor:		must be either 0x0000 or 0x8086
> > 
> > Out of pure curiosity: what is that about?
> > 
> > Nothing in the patchset enforces this, so hw does? If so, why?
> > 
> > Are those vendor IDs going to be assigned by someone or what's up?
> > 
> > Thx.
> 
> In SGX1 world 0x8086 was used to mark architectural enclaves and 0x0000
> user run enclaves. In SGX2 world they are irrelevant.

That's not accurate, the vendor is irrelevant in all SGX eras, e.g. enclaves
signed by someone other than Intel can use 0x8086 on SGX1 hardware and even
pre-LC hardware.  0x8086 is/was used as an _informal_ "this is an
Intel-signed enclave", but in no way was it mandatory or reliable.

> In order to retain compatiblity I'd add an explicit check to:
> 
> 1. Allow vendor ID of 0x0000 or 0x8086.
> 2. Reject other vendor ID's (-EINVAL).

Unless we also check the reserved fields in sigstruct, I don't see the
point.  Even then, I don't understand what the kernel gains from enforcing
anything with respect to sigstruct.  Enforcing the SECS makes sense as we
don't want to allow userspace to enable some unknown future feature.  But
sigstruct is purely for verification, we (Intel) have far bigger problems
if Intel is enabling new behavior via sigstruct.

That being said, I'm not dead set against sanity checking sigstruct, I just
think it'd be a waste of cycles.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ