| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a74ede5f4466572e33c92fceb69136b82c042d7e.camel@intel.com> Date: Thu, 14 Aug 2025 09:35:39 +0000 From: "Huang, Kai" <kai.huang@...el.com> To: "Reshetova, Elena" <elena.reshetova@...el.com>, "Hansen, Dave" <dave.hansen@...el.com> CC: "seanjc@...gle.com" <seanjc@...gle.com>, "mingo@...nel.org" <mingo@...nel.org>, "Scarlata, Vincent R" <vincent.r.scarlata@...el.com>, "x86@...nel.org" <x86@...nel.org>, "jarkko@...nel.org" <jarkko@...nel.org>, "Annapurve, Vishal" <vannapurve@...gle.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Mallick, Asit K" <asit.k.mallick@...el.com>, "Aktas, Erdem" <erdemaktas@...gle.com>, "Cai, Chong" <chongc@...gle.com>, "Bondarevska, Nataliia" <bondarn@...gle.com>, "linux-sgx@...r.kernel.org" <linux-sgx@...r.kernel.org>, "Raynor, Scott" <scott.raynor@...el.com> Subject: Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN] On Thu, 2025-08-14 at 10:34 +0300, Reshetova, Elena wrote: > All running enclaves and cryptographic assets (such as internal SGX > encryption keys) are assumed to be compromised whenever an SGX-related > microcode update occurs. To mitigate this assumed compromise the new > supervisor SGX instruction ENCLS[EUPDATESVN] can generate fresh > cryptographic assets. > > Before executing EUPDATESVN, all SGX memory must be marked as unused. This > requirement ensures that no potentially compromised enclave survives the > update and allows the system to safely regenerate cryptographic assets. > > Add the method to perform ENCLS[EUPDATESVN]. However, until the follow up > patch that wires calling sgx_update_svn() from sgx_inc_usage_count(), this > code is not reachable. > > Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org> > Signed-off-by: Elena Reshetova <elena.reshetova@...el.com> Reviewed-by: Kai Huang <kai.huang@...el.com> > > + * Return: > + * * %0: - Success or not supported > + * * %-EAGAIN: - Can be safely retried, failure is due to lack of > + * * entropy in RNG Nit: if another version is ever needed, I think it would be better to make the text vertical aligned w/o the leading '-', i.e., * %-EAGAIN: - Can be .... entropy in RNG. .. instead of * %-EAGAIN: - Can be .... entropy in RNG.
Powered by blists - more mailing lists