lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <be63771f-080e-4832-955e-13f5b06b2010@kuleuven.be>
Date:   Fri, 13 Oct 2023 13:45:39 +0200
From:   Jo Van Bulck <jo.vanbulck@...euven.be>
To:     Jarkko Sakkinen <jarkko@...nel.org>,
        "Huang, Kai" <kai.huang@...el.com>,
        "linux-sgx@...r.kernel.org" <linux-sgx@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Jo Van Bulck <jo.vanbulck@...kuleuven.be>
Cc:     "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>
Subject: Re: [PATCH v7 00/13] selftests/sgx: Fix compilation errors

On 10.10.23 11:44, Jarkko Sakkinen wrote:
> Folks (sorry for top posting): I've now taken my old NUC7 out of the
> dust and tested the series :-)
> 
> Tested-by: Jarkko Sakkinen <jarkko@...nel.org>

Thanks for testing this Jarkko! Not sure on next steps, do you want me 
to re-post the series with the Tested-by tag for all commits or will you 
add that? Let me know if something from my side is needed.

> Off-topic: I wish both Intel and AMD straighten up and deliver some
> "home friendly" development hardware for the  latest stuff. Just my
> stance but the biggest quality risk I see in both TDX and SNP is that
> the patches are made by an enterprise and reviewed (properly) *only*
> by other huge enterprises.

Yes, I totally agree on this. It is really unfortunate that things like 
SGX are not (anymore) available on home consumer hardware and you have 
to buy expensive servers for this, which also change every new CPU 
generation. Having some kind of "developer boards" like is more the case 
in embedded systems would be a great and very welcome evolution, if only 
it were to happen..

> I skim status of both from time to time but yeah not much attachment
> or motivation to do more than that as you either need a cloud access
> or partnership with Intel or AMD. "Indie" style seems to be disliked
> these days... You can extrapolate from this that there must be a bunch
> of maintainers around the Linux kernel that feel the same. Not saying
> that particularly my contribution would be that important.
> 
> Sort of even if let's say Intel would provide me a partner access I
> might not be that interested because I prefer my own (physical)
> computers.

I also understand this and share the concern. FWIW for some things 
(e.g., uarch attack research) remote access does also not really hold up 
to bare-metal access IMO.

Best,
Jo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ