Re: [gentoo-user] [OT] Any thoughts on Intel Skylake SGX?

[Rich Freeman]

On Thu, Feb 25, 2016 at 2:06 PM, Mick  wrote:
> On Wednesday 24 Feb 2016 19:08:42 Rich Freeman wrote:
>> On Wed, Feb 24, 2016 at 4:05 AM, Frank Steinmetzger  wrote:
>> > Well my concern was more that SGX would provide leverage for even more
>> > eavesdropping, rather than prohibit it.
>>
>> Yeah, I'm one of those persons who tends to consider most fears of
>> TPMs and UEFI overblown, but these CPUs that almost have independent
>> CPUs inside with full RAM+hardware access which are secured against
>> the main CPU do concern me quite a bit.
>
> You have to see this from a demand angle of the computing market.  I suspect
> Intel is just responding to market demand for 'better security'.  For big
> corporates better security means protection from internal (employees) as well
> as external threats.  Most CIOs would sleep comfortably in the thought that
> they can blame Intel when things go sideways and try to keep their jobs among
> the blame-fest and ricochets that ensues.  Of course our concept of security
> (who we trust with our computing) is orthogonal to your average CIO's out
> there who are invariably acting as a procurement agent.  Dare I observe, we do
> not really feature as a target market for Intel.
>

All they need to do is provide the private key associated with the CPU
to the owner upon purchase.  In the case of a corporate computer, the
corporation gets the keys to the PC.

Most people wouldn't bother making any use of the key.  However, those
who are interested could sign libreboot or whatever with it and now
they have full control over their PC.  Indeed, they could then use
that control to ensure that nobody else goes tampering with their PC,
which is in fact the intended purpose of this feature anyway.

The problem is that Intel's solution effectively gives them a
back-door into everybody's PC.

-- 
Rich

Re: [gentoo-user] [OT] Any thoughts on Intel Skylake SGX?

[Mick]

On Wednesday 24 Feb 2016 19:08:42 Rich Freeman wrote:
> On Wed, Feb 24, 2016 at 4:05 AM, Frank Steinmetzger  wrote:
> > Well my concern was more that SGX would provide leverage for even more
> > eavesdropping, rather than prohibit it.
> 
> Yeah, I'm one of those persons who tends to consider most fears of
> TPMs and UEFI overblown, but these CPUs that almost have independent
> CPUs inside with full RAM+hardware access which are secured against
> the main CPU do concern me quite a bit.

You have to see this from a demand angle of the computing market.  I suspect 
Intel is just responding to market demand for 'better security'.  For big 
corporates better security means protection from internal (employees) as well 
as external threats.  Most CIOs would sleep comfortably in the thought that 
they can blame Intel when things go sideways and try to keep their jobs among 
the blame-fest and ricochets that ensues.  Of course our concept of security 
(who we trust with our computing) is orthogonal to your average CIO's out 
there who are invariably acting as a procurement agent.  Dare I observe, we do 
not really feature as a target market for Intel.

PS.  Thanks Max for sharing a good article on this topic.  I am interested to 
see if similar analysis has been performed on the AMD offerings.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] [OT] Any thoughts on Intel Skylake SGX?

[Rich Freeman]

On Wed, Feb 24, 2016 at 4:05 AM, Frank Steinmetzger  wrote:
>
> Well my concern was more that SGX would provide leverage for even more
> eavesdropping, rather than prohibit it.
>

Yeah, I'm one of those persons who tends to consider most fears of
TPMs and UEFI overblown, but these CPUs that almost have independent
CPUs inside with full RAM+hardware access which are secured against
the main CPU do concern me quite a bit.

-- 
Rich

Re: [gentoo-user] [OT] Any thoughts on Intel Skylake SGX?

[Frank Steinmetzger]

On Tue, Feb 23, 2016 at 04:28:03PM -0800, Max R.D. Parmer wrote:

> It seems like SGX is intertwined with the Intel Management Engine,
> Chapter 4 in Joanna Rutkowska's "Intel x86 considered harmful"[1] (pp.
> 35) goes in-depth on the potential issues with Intel ME.
> 
> That same book has some light discussion on SGX (pp. 20) but it seems
> like, if you are concerned about ME eavesdropping, SGX wouldn't stop
> that (at least as of October 2015).

Well my concern was more that SGX would provide leverage for even more
eavesdropping, rather than prohibit it.

> If you are feeling paranoid but want an Intel chip, I would recommend
> you choose the pre-vPro/AMT systems (sandybridge or earlier, iirc).

I was going to stay clear of vPro in any case. I would try an AMD laptop (a
few years back, the el-cheapo Thinkpad x100-series had an AMD version), but
there are hardly any options nowadays. :-/

> [1]: http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf

Thanks for the link, I'll have a read.

> On Tue, Feb 23, 2016, at 15:34, Frank Steinmetzger wrote:
> > Hello list
> > [...]
> > Today the new Skylake lineup which I’ve been awaiting since January
> > finally appeared in the Lenovo online shop. Conincidentally also today¹,
> > I found out about the next thing since TPM, Secure Boot & Co: the SGX
> > (Software Guard Extension) instruction set which is part of all Skylake
> > chips².
> > 
> > The way I understood it is that it can be used to create private areas
> > in memory that are inaccessible to any other program, even the operating
> > system. Since it’s based on cryptographic signatures and Intel being the
> > sole supplier of licences and signature keys, there are those who fear
> > that Intel will – over time – gain unparalleled control over what we can
> > and cannot run on our machines and that we will not be able to check
> > what runs on our systems anymore. (Well, such fears are not really new
> > to begin with).
> > 
> > 
> > Infos are spare b/c it just hit the market a short wile ago, and I’m no
> > expert by far. Thus I seek guidance. With states and corporations
> > sniffing at our every step as they are already, can I – in your
> > considered opinion – still buy a Skylake device with good concience?
> > [...]
> > ¹ German news article:
> >   
> > http://www.heise.de/security/meldung/Kritik-an-Intels-Sicherheits-Architektur-Software-Guard-Extensions-3089439.html
> > ² https://en.wikipedia.org/wiki/Software_Guard_Extensions
> > -- 
> > Gruß | Greetings | Qapla’
> > Please do not share anything from, with or about me with any social
> > network.
> > 
> > This message was written using only recycled electrons.
> > Email had 1 attachment:
> > + signature.asc
> >   1k (application/pgp-signature)

Re: [gentoo-user] [OT] Any thoughts on Intel Skylake SGX?

[Max R.D. Parmer]

It seems like SGX is intertwined with the Intel Management Engine,
Chapter 4 in Joanna Rutkowska's "Intel x86 considered harmful"[1] (pp.
35) goes in-depth on the potential issues with Intel ME.

That same book has some light discussion on SGX (pp. 20) but it seems
like, if you are concerned about ME eavesdropping, SGX wouldn't stop
that (at least as of October 2015).

If you are feeling paranoid but want an Intel chip, I would recommend
you choose the pre-vPro/AMT systems (sandybridge or earlier, iirc). I
tend to think Intel ME is a very real risk for some users and will
remain so until users are more empowered to dictate it's operation and
until there are good public audits of it's code, and most importantly,
the ability to disable it.

Hopefully in a couple years we will have access to good quality laptops
running on RISC-V.

[1]: http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
-- 
0x7D964D3361142ACF

On Tue, Feb 23, 2016, at 15:34, Frank Steinmetzger wrote:
> Hello list
> 
> so I was about to treat myself to a new Thinkpad. After malware, backdoor
> and BIOS rootkit stories at Lenovo’s (which to my knowledge were all
> Windows-only problems) I already started looking elsewhere and even
> considered bying a used model which existed before all this modern crap
> came
> along, but always came back yet for lack of better alternatives.
> 
> Today the new Skylake lineup which I’ve been awaiting since January
> finally
> appeared in the Lenovo online shop. Conincidentally also today¹, I found
> out
> about the next thing since TPM, Secure Boot & Co: the SGX (Software Guard
> Extension) instruction set which is part of all Skylake chips².
> 
> The way I understood it is that it can be used to create private areas in
> memory that are inaccessible to any other program, even the operating
> system. Since it’s based on cryptographic signatures and Intel being the
> sole supplier of licences and signature keys, there are those who fear
> that
> Intel will – over time – gain unparalleled control over what we can and
> cannot run on our machines and that we will not be able to check what
> runs
> on our systems anymore. (Well, such fears are not really new to begin
> with).
> 
> 
> Infos are spare b/c it just hit the market a short wile ago, and I’m no
> expert by far. Thus I seek guidance. With states and corporations
> sniffing
> at our every step as they are already, can I – in your considered opinion
> –
> still buy a Skylake device with good concience?
> 
> Am I seeing things too bleak in the context of constant attacks on open
> systems which – when puzzled together – give a horrible picture of our
> future in a society that doesn’t care as long as Facebook works?
> 
> Or don’t I have to worry about it because this will only play a role in
> the
> walled gardens of contemporary commercial consuming interfaces (formerly
> known as operating systems, AKA Windows) or servers?
> 
> 
> Ew, I wanted to ask a simple question. Instead, I needed 30 minutes to
> write
> half a short story. Sorry and thanks for your time.
> 
> 
> ¹ German news article:
>   
> http://www.heise.de/security/meldung/Kritik-an-Intels-Sicherheits-Architektur-Software-Guard-Extensions-3089439.html
> ² https://en.wikipedia.org/wiki/Software_Guard_Extensions
> -- 
> Gruß | Greetings | Qapla’
> Please do not share anything from, with or about me with any social
> network.
> 
> This message was written using only recycled electrons.
> Email had 1 attachment:
> + signature.asc
>   1k (application/pgp-signature)

[gentoo-user] [OT] Any thoughts on Intel Skylake SGX?

[Frank Steinmetzger]

Hello list

so I was about to treat myself to a new Thinkpad. After malware, backdoor
and BIOS rootkit stories at Lenovo’s (which to my knowledge were all
Windows-only problems) I already started looking elsewhere and even
considered bying a used model which existed before all this modern crap came
along, but always came back yet for lack of better alternatives.

Today the new Skylake lineup which I’ve been awaiting since January finally
appeared in the Lenovo online shop. Conincidentally also today¹, I found out
about the next thing since TPM, Secure Boot & Co: the SGX (Software Guard
Extension) instruction set which is part of all Skylake chips².

The way I understood it is that it can be used to create private areas in
memory that are inaccessible to any other program, even the operating
system. Since it’s based on cryptographic signatures and Intel being the
sole supplier of licences and signature keys, there are those who fear that
Intel will – over time – gain unparalleled control over what we can and
cannot run on our machines and that we will not be able to check what runs
on our systems anymore. (Well, such fears are not really new to begin with).


Infos are spare b/c it just hit the market a short wile ago, and I’m no
expert by far. Thus I seek guidance. With states and corporations sniffing
at our every step as they are already, can I – in your considered opinion –
still buy a Skylake device with good concience?

Am I seeing things too bleak in the context of constant attacks on open
systems which – when puzzled together – give a horrible picture of our
future in a society that doesn’t care as long as Facebook works?

Or don’t I have to worry about it because this will only play a role in the
walled gardens of contemporary commercial consuming interfaces (formerly
known as operating systems, AKA Windows) or servers?


Ew, I wanted to ask a simple question. Instead, I needed 30 minutes to write
half a short story. Sorry and thanks for your time.


¹ German news article:
  
http://www.heise.de/security/meldung/Kritik-an-Intels-Sicherheits-Architektur-Software-Guard-Extensions-3089439.html
² https://en.wikipedia.org/wiki/Software_Guard_Extensions
-- 
Gruß | Greetings | Qapla’
Please do not share anything from, with or about me with any social network.

This message was written using only recycled electrons.


signature.asc
Description: Digital signature