On Fri, Feb 14, 2020 at 09:11:46AM -0800, Sean Christopherson wrote: Good morning to everyone, I hope the weekend is going well. > On Fri, Feb 14, 2020 at 10:24:10AM +0100, Jethro Beekman wrote: > > On 2020-02-13 19:07, Sean Christopherson wrote: > > > On Thu, Feb 13, 2020 at 02:59:52PM +0100, Jethro Beekman wrote: > > >> On 2020-02-09 22:25, Jarkko Sakkinen wrote: > > >>> +/** > > >>> + * struct sgx_enclave_add_pages - parameter structure for the > > >>> + * %SGX_IOC_ENCLAVE_ADD_PAGE ioctl > > >>> + * @src: start address for the page data > > >>> + * @offset: starting page offset > > >>> + * @length: length of the data (multiple of the page size) > > >>> + * @secinfo: address for the SECINFO data > > >>> + * @flags: page control flags > > >>> + * @count: number of bytes added (multiple of the page size) > > >>> + */ > > >>> +struct sgx_enclave_add_pages { > > >>> + __u64 src; > > >>> + __u64 offset; > > >>> + __u64 length; > > >>> + __u64 secinfo; > > >>> + __u64 flags; > > >>> + __u64 count; > > >>> +}; > > >> > > >> Compared to the last time I looked at the patch set, this API > > >> removes the ability to measure individual pages chunks. That is > > >> not acceptable. > > > > > > Why is it not acceptable? E.g. what specific use case do you > > > have that _requires_ on measuring partial 4k pages of an > > > enclave? > > > > The use case is someone gives me an enclave and I want to load > > it. If I don't load it exactly as the enclave author specified, > > the enclave hash will be different, and it won't work. > And if our ABI says "thou shall measure in 4k chunks", then it's an > invalid enclave if its author generated MRENCLAVE using a different > granularity. The enclave isn't invalid with respect to the hardware ISA or a potential application or business case need. It is only invalid with respect to how a small group of kernel developers have decided that runtime/application developers, and ultimately their users, should use hardware that they have purchased and own. Interestingly, the very antithesis of what started the open source movement. If Jethro/Fortanix have a business case for measuring partial pages, which incidentally he may not be able to divulge at this time, it seems the driver should support it if the hardware does. An interesting phenomenon is evolving with respect to Linux. With secure boot, kernel module signing, and now the lockdown patches; the major Linux vendors are in a position to use cryptographic constraints to limit what the general Linux user community has available to it, and particularly in the case of SGX, how the Linux application eco-system can evolve. I find this situation particularly fascinating. Intel has choreographed 30+ million dollars of capital investment in Fortanix in order to advance the development of an SGX software eco-system. Given who is authoring the driver, one would think that the Fortanix engineering desires/needs would be given careful consideration before the hardware capabilities are limited by the driver ABI, an ABI that will be subsequently cryptographically constrained from innovation. My apologies in advance for any intended or perceived indelicacies on these issues. Have a good weekend. Dr. Greg As always, Dr. Greg Wettstein, Ph.D, Worker IDfusion, LLC SGX secured infrastructure and 4206 N. 19th Ave. autonomously self-defensive platforms. Fargo, ND 58102 PH: 701-281-1686 EMAIL: greg@xxxxxxxxxxxx ------------------------------------------------------------------------------ "Snow removal teaches all the important elements of succesful corporate politics: 1.) Be the first one to work. 2.) Always signal your intentions before moving. 3.) Be damn sure you're driving something big enough to deal with anything that decides not to get out of your way." -- Dr. G.W. Wettstein Guerrilla Tactics for Corporate Survival