On Mon, Jun 29, 2020 at 03:04:00PM -0700, Sean Christopherson wrote: > > I don't see this acronym resolved anywhere in the whole patchset. > > Quoting Enclave.
Yah, pls add it somewhere. > /dev/sgx/provision is root-only by default, the expectation is that the admin > will configure the system to grant only specific enclaves access to the > PROVISION_KEY. Uuh, I don't like "the expectation is" - the reality happens to turn differently, more often than not. > In this series, access is fairly binary, i.e. there's no additional kernel > infrastructure to help userspace make per-enclave decisions. There have been > more than a few proposals on how to extend the kernel to help provide better > granularity, e.g. LSM hooks, but it was generally agreed to punt that stuff > to post-upstreaming to keep things "simple" once we went far enough down > various paths to ensure we weren't painting ourselves into a corner. So this all sounds to me like we should not upstream /dev/sgx/provision now but delay it until the infrastructure for that has been made more concrete. We can always add it then. Changing it after the fact - if we have to and for whatever reason - would be a lot harder for a user-visible interface which someone has started using already. So I'd leave that out from the initial patchset. > If you want super gory details, Intel's whitepaper on attestation in cloud > environments is a good starting point[*], but I don't recommended doing much > more than skimming unless you really like attestation stuff or are > masochistic, which IMO amount to the same thing :-) No thanks. :) -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette