Re: [PATCH v20 00/28] Intel SGX1 support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Dr. Greg" <greg@xxxxxxxxxxxx>
Subject: Re: [PATCH v20 00/28] Intel SGX1 support
From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Date: Mon, 22 Apr 2019 08:01:19 -0700
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Jethro Beekman <jethro@xxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, "linux-sgx@xxxxxxxxxxxxxxx" <linux-sgx@xxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "nhorman@xxxxxxxxxx" <nhorman@xxxxxxxxxx>, "npmccallum@xxxxxxxxxx" <npmccallum@xxxxxxxxxx>, "Ayoun, Serge" <serge.ayoun@xxxxxxxxx>, "Katz-zamir, Shay" <shay.katz-zamir@xxxxxxxxx>, "Huang, Haitao" <haitao.huang@xxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, "Svahn, Kai" <kai.svahn@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>
In-reply-to: <20190420160247.GA17291@wind.enjellic.com>
References: <alpine.DEB.2.21.1904192248550.3174@nanos.tec.linutronix.de> <e1478f70-7e44-6e3e-2aaf-1b12a96328ed@fortanix.com> <2AE80EA3-799E-4808-BBE4-3872F425BCF8@amacapital.net> <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net> <f9d93291-9b59-7b66-de9f-af92246f1c9c@fortanix.com> <alpine.DEB.2.21.1904192337160.3174@nanos.tec.linutronix.de> <5854e66a-950e-1b12-5393-d9cdd15367dc@fortanix.com> <alpine.DEB.2.21.1904200727410.3174@nanos.tec.linutronix.de> <20190420160247.GA17291@wind.enjellic.com>
User-agent: Mutt/1.5.24 (2015-08-30)

On Sat, Apr 20, 2019 at 11:02:47AM -0500, Dr. Greg wrote:
> We understand and support the need for the LSM to trap these events,
> but what does LSM provenance mean if the platform is compromised?
> That is, technically, the target application for SGX technology.

No, it's not.  Protecting the kernel/platform from a malicious entity is
outside the scope of SGX.

Follow-Ups:
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Dr. Greg

References:
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Thomas Gleixner
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Andy Lutomirski
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Andy Lutomirski
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Thomas Gleixner
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Jethro Beekman
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Thomas Gleixner
- Re: [PATCH v20 00/28] Intel SGX1 support
  - From: Dr. Greg

Prev by Date: Re: [PATCH v20 00/28] Intel SGX1 support
Next by Date: Re: [PATCH v20 00/28] Intel SGX1 support
Previous by thread: Re: [PATCH v20 00/28] Intel SGX1 support
Next by thread: Re: [PATCH v20 00/28] Intel SGX1 support
Index(es):
- Date
- Thread

[Index of Archives] [AMD Graphics] [Linux USB Devel] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]