[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200524212719.GA1192@bug>
Date: Sun, 24 May 2020 23:27:19 +0200
From: Pavel Machek <pavel@....cz>
To: "Dr. Greg" <greg@...ellic.com>
Cc: Sean Christopherson <sean.j.christopherson@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org,
x86@...nel.org, linux-sgx@...r.kernel.org,
akpm@...ux-foundation.org, dave.hansen@...el.com,
nhorman@...hat.com, npmccallum@...hat.com, haitao.huang@...el.com,
andriy.shevchenko@...ux.intel.com, kai.svahn@...el.com,
bp@...en8.de, josh@...htriplett.org, luto@...nel.org,
kai.huang@...el.com, rientjes@...gle.com, cedric.xing@...el.com,
puiterwijk@...hat.com
Subject: Re: [PATCH v29 00/20] Intel SGX foundations
Hi!
> > > At the very least a modular form of the driver should be
> > > considered that would allow alternate implementations. Sean
> > > indicated that there was a 'kludgy' approach that would allow an
> > > alternate modular implementation alongside the in-kernel driver.
> > > I believe that Andy has already indicated that may not be an
> > > advisable approach.
>
> > Modularizing the the driver does nothing for your use case. The
> > "driver" is a relatively lightweight wrapper, removing that is akin
> > to making /dev/sgx/enclave inaccessible, i.e. it doesn't make the
Well... SGX is proprietary feature of Intel. I don't see any effort for standartization
so that other architectures could use it. Yet it provides userspace interface...
You clearly want distros to enable it, but that will waste memory on non-Intel systems.
That is not good.
> Here in a nutshell is the paradox the kernel faces:
>
> No one seems to be disputing the fact that the primary focus of this
> driver will be to support the notion of 'runtime encryption' and
> Confidential Computing. The whole premise of the concept and economic
> predicate of the initiative is that the owner/manager of the platform
> has no visibility into what is being done on the platform.
Well, in my eyes preventing owner of the machine from accessing all its parts is
pretty questionable.
Physics says it is impossible, many tried, and many failed. Why it should be
different this time?
> If the Linux community believes that standard platform security
> controls can make qualitatively good judgements on what enclave based
> execution is doing, it is effectively making the statement that the
> very concept of runtime encryption and by extension Confidential
> Computing is invalid.
And yes, I believe that concept of Confidential Computing is invalid.. and we
should simply not merge this support.
It provides false sense of security, and I'm afraid big companies will try to force
people to use it. "DRM, now with hardware support". "Finally advertisments you can
not skip". "Just run this piece of code on your machine to access your bank account.
Trust us!"
:-(.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Powered by blists - more mailing lists