lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <DM8PR11MB5750E0E7EE14FA87E9C48336E735A@DM8PR11MB5750.namprd11.prod.outlook.com>
Date: Thu, 14 Aug 2025 11:48:57 +0000
From: "Reshetova, Elena" <elena.reshetova@...el.com>
To: "Huang, Kai" <kai.huang@...el.com>, "Hansen, Dave" <dave.hansen@...el.com>
CC: "seanjc@...gle.com" <seanjc@...gle.com>, "mingo@...nel.org"
	<mingo@...nel.org>, "Scarlata, Vincent R" <vincent.r.scarlata@...el.com>,
	"x86@...nel.org" <x86@...nel.org>, "jarkko@...nel.org" <jarkko@...nel.org>,
	"Annapurve, Vishal" <vannapurve@...gle.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "Mallick, Asit K" <asit.k.mallick@...el.com>,
	"Aktas, Erdem" <erdemaktas@...gle.com>, "Cai, Chong" <chongc@...gle.com>,
	"Bondarevska, Nataliia" <bondarn@...gle.com>, "linux-sgx@...r.kernel.org"
	<linux-sgx@...r.kernel.org>, "Raynor, Scott" <scott.raynor@...el.com>
Subject: RE: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]



> -----Original Message-----
> From: Huang, Kai <kai.huang@...el.com>
> Sent: Thursday, August 14, 2025 12:36 PM
> To: Reshetova, Elena <elena.reshetova@...el.com>; Hansen, Dave
> <dave.hansen@...el.com>
> Cc: seanjc@...gle.com; mingo@...nel.org; Scarlata, Vincent R
> <vincent.r.scarlata@...el.com>; x86@...nel.org; jarkko@...nel.org;
> Annapurve, Vishal <vannapurve@...gle.com>; linux-kernel@...r.kernel.org;
> Mallick, Asit K <asit.k.mallick@...el.com>; Aktas, Erdem
> <erdemaktas@...gle.com>; Cai, Chong <chongc@...gle.com>; Bondarevska,
> Nataliia <bondarn@...gle.com>; linux-sgx@...r.kernel.org; Raynor, Scott
> <scott.raynor@...el.com>
> Subject: Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]
> 
> On Thu, 2025-08-14 at 10:34 +0300, Reshetova, Elena wrote:
> > All running enclaves and cryptographic assets (such as internal SGX
> > encryption keys) are assumed to be compromised whenever an SGX-related
> > microcode update occurs. To mitigate this assumed compromise the new
> > supervisor SGX instruction ENCLS[EUPDATESVN] can generate fresh
> > cryptographic assets.
> >
> > Before executing EUPDATESVN, all SGX memory must be marked as unused.
> This
> > requirement ensures that no potentially compromised enclave survives the
> > update and allows the system to safely regenerate cryptographic assets.
> >
> > Add the method to perform ENCLS[EUPDATESVN]. However, until the follow
> up
> > patch that wires calling sgx_update_svn() from sgx_inc_usage_count(), this
> > code is not reachable.
> >
> > Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
> > Signed-off-by: Elena Reshetova <elena.reshetova@...el.com>
> 
> Reviewed-by: Kai Huang <kai.huang@...el.com>
> 
> >
> > + * Return:
> > + * * %0:		- Success or not supported
> > + * * %-EAGAIN:		- Can be safely retried, failure is due to lack of
> > + * *			entropy in RNG
> 
> Nit: if another version is ever needed, I think it would be better to make
> the text vertical aligned w/o the leading '-', i.e.,
> 
> 	* %-EAGAIN:	- Can be ....
> 			  entropy in RNG.
> 
> .. instead of
> 
> 	* %-EAGAIN:	- Can be ....
> 			entropy in RNG.

OK, yes, this can be fixed, indeed. 

Thank you very much for your reviews, Kai!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ