Re: [PATCH v20 00/28] Intel SGX1 support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Subject: Re: [PATCH v20 00/28] Intel SGX1 support
From: Jethro Beekman <jethro@xxxxxxxxxxxx>
Date: Fri, 19 Apr 2019 21:35:32 +0000
Accept-language: en-US
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, "Dr. Greg" <greg@xxxxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, "linux-sgx@xxxxxxxxxxxxxxx" <linux-sgx@xxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "Christopherson, Sean J" <sean.j.christopherson@xxxxxxxxx>, "nhorman@xxxxxxxxxx" <nhorman@xxxxxxxxxx>, "npmccallum@xxxxxxxxxx" <npmccallum@xxxxxxxxxx>, "Ayoun, Serge" <serge.ayoun@xxxxxxxxx>, "Katz-zamir, Shay" <shay.katz-zamir@xxxxxxxxx>, "Huang, Haitao" <haitao.huang@xxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, "Svahn, Kai" <kai.svahn@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>
In-reply-to: <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net>
References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com> <20190419141732.GA2269@wind.enjellic.com> <CALCETrV=wAsyWxtxQJ7y0xNrzkE863hTfU6Ysej48Gk9yPFJZw@mail.gmail.com> <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> <alpine.DEB.2.21.1904192233390.3174@nanos.tec.linutronix.de> <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> <alpine.DEB.2.21.1904192248550.3174@nanos.tec.linutronix.de> <e1478f70-7e44-6e3e-2aaf-1b12a96328ed@fortanix.com> <2AE80EA3-799E-4808-BBE4-3872F425BCF8@amacapital.net> <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net>

On 2019-04-19 14:31, Andy Lutomirski wrote:
> I do think we need to follow LSM rules.  But my bigger point is that there are policies that don’t allow JIT at all. I think we should arrange the SGX API so it’s still usable when such a policy is in effect.

I don't think we need to arrange that right now. This patch set needs to
be merged after more than 2 years of development. I'd like to avoid
introducing any more big changes. Let's just do what I described to make
LSM not broken, which is a minimal change to the current approach. We
can adjust the API later to support the use case you describe.

--
Jethro Beekman | Fortanix

Follow-Ups:
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Thomas Gleixner

References:
- [PATCH v20 00/28] Intel SGX1 support
  - From: Jarkko Sakkinen
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Dr. Greg
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Dave Hansen
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Dr. Greg
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Andy Lutomirski
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Thomas Gleixner
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Thomas Gleixner
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Andy Lutomirski
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Andy Lutomirski

Prev by Date: Re: [PATCH v20 00/28] Intel SGX1 support
Next by Date: Re: [PATCH v20 00/28] Intel SGX1 support
Previous by thread: Re: [PATCH v20 00/28] Intel SGX1 support
Next by thread: Re: [PATCH v20 00/28] Intel SGX1 support
Index(es):
- Date
- Thread

[Index of Archives] [AMD Graphics] [Linux USB Devel] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]