Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, Feb 08, 2018 at 09:46:53AM +0100, Pavel Machek wrote: > On Tue 2018-01-09 16:27:30, Jarkko Sakkinen wrote: > > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > > > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > > > and the MELTATOMBOMBA4 worm which

Re: [PATCH v6 00/11] Intel SGX Driver

On Tue 2018-01-09 16:27:30, Jarkko Sakkinen wrote: > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > > and the MELTATOMBOMBA4 worm which uses this exploit? > > > > Ced > > Everything going out of L1 gets

Re: [PATCH v6 00/11] Intel SGX Driver

On Tue, Jan 09, 2018 at 03:50:23PM -0600, Dr. Greg Wettstein wrote: > > Everything going out of L1 gets encrypted. This is done to defend > > against peripheral like adversaries and should work also against > > meltdown. > > I don't believe this is an architecturally correct assertion. The >

Re: [PATCH v6 00/11] Intel SGX Driver

On Jan 9, 4:25pm, Jarkko Sakkinen wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver Good afternoon I hope the week is going well for everyone. In order to minimize spamming mailboxes with two mails I'm incorporating a reply to Jarkko's second e-mail on the Memory Encryption Engine below

Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? > > Ced Everything going out of L1 gets encrypted. This is done to defend against peripheral like

Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, Jan 04, 2018 at 03:06:43AM -0600, Dr. Greg Wettstein wrote: > If we are talking about the issues motivating the KPTI work I don't > have any useful information beyond what is raging through the industry > right now. > > With respect to SGX, the issues giving rise to KPTI are

Re: [PATCH v6 00/11] Intel SGX Driver

On Jan 4, 3:27pm, Greg Kroah-Hartman wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver Wild day, enjoyed by all I'm sure. > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > > and the

Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, 2018-01-04 at 15:17 +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? Actually, a data exfiltration attack against SGX, using page tables has already been documented:

Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? It has nothing to do with it at all, sorry. greg k-h -- To unsubscribe from this list: send the line

Re: [PATCH v6 00/11] Intel SGX Driver

So how does this protect against the MELTDOWN attack (CVE-2017-5754) and the MELTATOMBOMBA4 worm which uses this exploit? Ced On 25 November 2017 at 20:29, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by applications to >

Re: [PATCH v6 00/11] Intel SGX Driver

On Jan 3, 10:48am, Pavel Machek wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver > Hi! Good morning. > :-). Stuff proceeds as usual. Too bad it is raining outside, instead > of snowing. -19C here, so we have snow... :-) > > > So ... even with SGX, host can

Re: [PATCH v6 00/11] Intel SGX Driver

Hi! > Good evening Pavel et.al., I hope the New Year has started well for > everyone. :-). Stuff proceeds as usual. Too bad it is raining outside, instead of snowing. > > > > Would you list guarantees provided by SGX? > > > > > > Obviously, confidentiality and integrity. SGX was designed to

Re: [PATCH v6 00/11] Intel SGX Driver

On Dec 27, 9:46pm, Pavel Machek wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver > Hi! Good evening Pavel et.al., I hope the New Year has started well for everyone. > > > Would you list guarantees provided by SGX? > > > > Obviously, confidentiality and inte

Re: [PATCH v6 00/11] Intel SGX Driver

Hi! > > Would you list guarantees provided by SGX? > > Obviously, confidentiality and integrity. SGX was designed to address > an Iago threat model, a very difficult challenge to address in > reality. Do you have link on "Iago threat model"? > I don't have the citation immediately available,

Re: [PATCH v6 00/11] Intel SGX Driver

On Dec 12, 3:07pm, Pavel Machek wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver Good morning, I hope this note finds the holiday season going well for everyone. This note is a bit delayed due to the holidays, my apologies. Pretty wide swath on this e-mail but will include the copy list

Re: [PATCH v6 00/11] Intel SGX Driver

On Wed, Dec 20, 2017 at 01:33:46AM +0200, Jarkko Sakkinen wrote: > On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote: > > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > > Intel(R) SGX is a set of CPU instructions that can be used by > > > applications to > > > set aside private

Re: [PATCH v6 00/11] Intel SGX Driver

On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote: > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > to > > set aside private regions of code and data. The code outside the enclave is > > disallowed to

Re: [PATCH v6 00/11] Intel SGX Driver

On Tue, Dec 12, 2017 at 03:07:50PM +0100, Pavel Machek wrote: > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > to > > set aside private regions of code and data. The code outside the enclave is > > disallowed

Re: [PATCH v6 00/11] Intel SGX Driver

On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by applications to > set aside private regions of code and data. The code outside the enclave is > disallowed to access the memory inside the enclave by the CPU access control. > In a