On Fri, Feb 21, 2020 at 09:16:08PM -0600, Dr. Greg wrote: > Dispassionate observers would note that you make the case for locked > launch control registers.... :-) > > At an SGX engineering meeting in Israel last summer, we made the case > for the fact that locked vs. unlocked platforms should be a BIOS > configurable option. With an additional option that specifying locked > also allows specification of what the identity modulus signature > should be. That would seem to be the best of all worlds, we will see > what happens. > > One of the pushbacks we received, is that SGX is supposed to be immune > from firmware manipulation, which our suggested approach would open > the door for, which we noted was irrelevant given the trajectory that > the Linux kernel driver is on, ie. no cryptographic controls over code > origin and provenance. > > Just to provide a frame of reference, our interest in SGX is with > respect to its guarantee of integrity of execution, for the purposes > of verifying that the kernel could not have executed code that was > outside a desired behavioral definition for the platform. I'm not too opionated with this. The way things are is the consensus what is the least common denominator of things that can be accepted by the majority involved with the kernel. What I'm deeply opionated is that locked configuration cannot be a part of the current patch set. I'm neither going to proactively push such support when the code is in the upstream. However, I'm always ready to review any code changes and look into arguments (usually contained in the cover letter) in a neutral fashion, no matter what the code change is. /Jarkko
