[PATCH v26 10/22] x86/sgx: Linux Enclave Driver
Dr. Greg
greg at enjellic.com
Sat Feb 15 18:05:54 UTC 2020
On Fri, Feb 14, 2020 at 09:11:46AM -0800, Sean Christopherson wrote:
Good morning to everyone, I hope the weekend is going well.
> On Fri, Feb 14, 2020 at 10:24:10AM +0100, Jethro Beekman wrote:
> > On 2020-02-13 19:07, Sean Christopherson wrote:
> > > On Thu, Feb 13, 2020 at 02:59:52PM +0100, Jethro Beekman wrote:
> > >> On 2020-02-09 22:25, Jarkko Sakkinen wrote:
> > >>> +/**
> > >>> + * struct sgx_enclave_add_pages - parameter structure for the
> > >>> + * %SGX_IOC_ENCLAVE_ADD_PAGE ioctl
> > >>> + * @src: start address for the page data
> > >>> + * @offset: starting page offset
> > >>> + * @length: length of the data (multiple of the page size)
> > >>> + * @secinfo: address for the SECINFO data
> > >>> + * @flags: page control flags
> > >>> + * @count: number of bytes added (multiple of the page size)
> > >>> + */
> > >>> +struct sgx_enclave_add_pages {
> > >>> + __u64 src;
> > >>> + __u64 offset;
> > >>> + __u64 length;
> > >>> + __u64 secinfo;
> > >>> + __u64 flags;
> > >>> + __u64 count;
> > >>> +};
> > >>
> > >> Compared to the last time I looked at the patch set, this API
> > >> removes the ability to measure individual pages chunks. That is
> > >> not acceptable.
> > >
> > > Why is it not acceptable? E.g. what specific use case do you
> > > have that _requires_ on measuring partial 4k pages of an
> > > enclave?
> >
> > The use case is someone gives me an enclave and I want to load
> > it. If I don't load it exactly as the enclave author specified,
> > the enclave hash will be different, and it won't work.
> And if our ABI says "thou shall measure in 4k chunks", then it's an
> invalid enclave if its author generated MRENCLAVE using a different
> granularity.
The enclave isn't invalid with respect to the hardware ISA or a
potential application or business case need. It is only invalid with
respect to how a small group of kernel developers have decided that
runtime/application developers, and ultimately their users, should use
hardware that they have purchased and own.
Interestingly, the very antithesis of what started the open source
movement.
If Jethro/Fortanix have a business case for measuring partial pages,
which incidentally he may not be able to divulge at this time, it
seems the driver should support it if the hardware does.
An interesting phenomenon is evolving with respect to Linux. With
secure boot, kernel module signing, and now the lockdown patches; the
major Linux vendors are in a position to use cryptographic constraints
to limit what the general Linux user community has available to it,
and particularly in the case of SGX, how the Linux application
eco-system can evolve.
I find this situation particularly fascinating.
Intel has choreographed 30+ million dollars of capital investment in
Fortanix in order to advance the development of an SGX software
eco-system. Given who is authoring the driver, one would think that
the Fortanix engineering desires/needs would be given careful
consideration before the hardware capabilities are limited by the
driver ABI, an ABI that will be subsequently cryptographically
constrained from innovation.
My apologies in advance for any intended or perceived indelicacies on
these issues.
Have a good weekend.
Dr. Greg
As always,
Dr. Greg Wettstein, Ph.D, Worker
IDfusion, LLC SGX secured infrastructure and
4206 N. 19th Ave. autonomously self-defensive platforms.
Fargo, ND 58102
PH: 701-281-1686 EMAIL: greg at idfusion.net
------------------------------------------------------------------------------
"Snow removal teaches all the important elements of succesful corporate
politics: 1.) Be the first one to work. 2.) Always signal your
intentions before moving. 3.) Be damn sure you're driving something
big enough to deal with anything that decides not to get out of your way."
-- Dr. G.W. Wettstein
Guerrilla Tactics for Corporate Survival
More information about the Linux-security-module-archive
mailing list