Re: [PATCH 0/6] Intel Secure Guard Extensions

On May 13, 2016 2:42 AM, "Dr. Greg Wettstein" wrote: > > On Sun, May 08, 2016 at 06:32:10PM -0700, Andy Lutomirski wrote: > > Good morning, running behind on e-mail this week but wanted to get > some reflections out on Andy's well taken comments and concerns. > > > On May 8,

Re: [PATCH 0/6] Intel Secure Guard Extensions

On May 13, 2016 2:42 AM, "Dr. Greg Wettstein" wrote: > > On Sun, May 08, 2016 at 06:32:10PM -0700, Andy Lutomirski wrote: > > Good morning, running behind on e-mail this week but wanted to get > some reflections out on Andy's well taken comments and concerns. > > > On May 8, 2016 2:59 AM, "Dr.

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Sun, May 08, 2016 at 06:32:10PM -0700, Andy Lutomirski wrote: Good morning, running behind on e-mail this week but wanted to get some reflections out on Andy's well taken comments and concerns. > On May 8, 2016 2:59 AM, "Dr. Greg Wettstein" wrote: > > > > > > This now

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Sun, May 08, 2016 at 06:32:10PM -0700, Andy Lutomirski wrote: Good morning, running behind on e-mail this week but wanted to get some reflections out on Andy's well taken comments and concerns. > On May 8, 2016 2:59 AM, "Dr. Greg Wettstein" wrote: > > > > > > This now means the security of

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 08:27:04AM +0200, Thomas Gleixner wrote: Good morning. > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > I fully understand if you (and others) want to keep this standpoint but > > what if we could get it to staging after I've revised it with suggested > > > This should

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 08:27:04AM +0200, Thomas Gleixner wrote: Good morning. > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > I fully understand if you (and others) want to keep this standpoint but > > what if we could get it to staging after I've revised it with suggested > > > This should

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 08:27:04AM +0200, Thomas Gleixner wrote: > On Mon, 9 May 2016, Jarkko Sakkinen wrote: > > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 08:27:04AM +0200, Thomas Gleixner wrote: > On Mon, 9 May 2016, Jarkko Sakkinen wrote: > > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 09:04:09AM +0200, Greg KH wrote: > On Mon, May 09, 2016 at 08:38:25AM +0300, Jarkko Sakkinen wrote: > > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500,

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 09:04:09AM +0200, Greg KH wrote: > On Mon, May 09, 2016 at 08:38:25AM +0300, Jarkko Sakkinen wrote: > > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500,

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 08:38:25AM +0300, Jarkko Sakkinen wrote: > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > > > It would be helpful and

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 09, 2016 at 08:38:25AM +0300, Jarkko Sakkinen wrote: > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > > > It would be helpful and

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, 9 May 2016, Jarkko Sakkinen wrote: > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > > > It would be helpful and instructive for anyone

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, 9 May 2016, Jarkko Sakkinen wrote: > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > > > It would be helpful and instructive for anyone

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > > It would be helpful and instructive for anyone involved in this debate > > > to review the following URL

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote: > On Fri, 6 May 2016, Jarkko Sakkinen wrote: > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > > It would be helpful and instructive for anyone involved in this debate > > > to review the following URL

Re: [PATCH 0/6] Intel Secure Guard Extensions

On May 8, 2016 2:59 AM, "Dr. Greg Wettstein" wrote: > > > This now means the security of SGX on 'unlocked' platforms, at least > from a trust perspective, will be dependent on using TXT so as to > provide a hardware root of trust on which to base the SGX trust model. Can you

Re: [PATCH 0/6] Intel Secure Guard Extensions

On May 8, 2016 2:59 AM, "Dr. Greg Wettstein" wrote: > > > This now means the security of SGX on 'unlocked' platforms, at least > from a trust perspective, will be dependent on using TXT so as to > provide a hardware root of trust on which to base the SGX trust model. Can you explain what you

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi, I hope the weekend is going well for everyone. On Fri, May 06, 2016 at 02:39:44PM +0300, Jarkko Sakkinen wrote: > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > It would be helpful and instructive for anyone involved in this debate > > to review the following URL

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi, I hope the weekend is going well for everyone. On Fri, May 06, 2016 at 02:39:44PM +0300, Jarkko Sakkinen wrote: > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > It would be helpful and instructive for anyone involved in this debate > > to review the following URL

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, May 6, 2016 at 4:23 AM, Jarkko Sakkinen wrote: > On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote: >> >> * Andy Lutomirski wrote: >> >> > > What new syscalls would be needed for ssh to get all this support? >> > >> > This

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, May 6, 2016 at 4:23 AM, Jarkko Sakkinen wrote: > On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote: >> >> * Andy Lutomirski wrote: >> >> > > What new syscalls would be needed for ssh to get all this support? >> > >> > This patchset or similar, plus some user code and an enclave

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, 6 May 2016, Jarkko Sakkinen wrote: > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > It would be helpful and instructive for anyone involved in this debate > > to review the following URL which details Intel's SGX licening > > program: > > > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, 6 May 2016, Jarkko Sakkinen wrote: > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > > It would be helpful and instructive for anyone involved in this debate > > to review the following URL which details Intel's SGX licening > > program: > > > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > It would be helpful and instructive for anyone involved in this debate > to review the following URL which details Intel's SGX licening > program: > > https://software.intel.com/en-us/articles/intel-sgx-product-licensing I

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote: > It would be helpful and instructive for anyone involved in this debate > to review the following URL which details Intel's SGX licening > program: > > https://software.intel.com/en-us/articles/intel-sgx-product-licensing I

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, May 06, 2016 at 09:14:43AM +0200, Pavel Machek wrote: > On Fri 2016-05-06 01:52:04, Jarkko Sakkinen wrote: > > On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote: > > > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > > > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri, May 06, 2016 at 09:14:43AM +0200, Pavel Machek wrote: > On Fri 2016-05-06 01:52:04, Jarkko Sakkinen wrote: > > On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote: > > > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > > > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote: > > * Andy Lutomirski wrote: > > > > What new syscalls would be needed for ssh to get all this support? > > > > This patchset or similar, plus some user code and an enclave to use. > > > > Sadly, on current

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote: > > * Andy Lutomirski wrote: > > > > What new syscalls would be needed for ssh to get all this support? > > > > This patchset or similar, plus some user code and an enclave to use. > > > > Sadly, on current CPUs, you also need Intel

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri 2016-05-06 01:52:04, Jarkko Sakkinen wrote: > On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote: > > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > > >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Fri 2016-05-06 01:52:04, Jarkko Sakkinen wrote: > On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote: > > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > > >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote: > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > >>>Intel(R) SGX is a set of CPU instructions that can be

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote: > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > >>>Intel(R) SGX is a set of CPU instructions that can be

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > Good morning, I hope everyone's day is starting out well. :-). Rainy day here. > > > In the TL;DR department I would highly recommend that anyone > > > interested in all of this read MIT's 170+ page review of the > > > technology before jumping to any conclusions :-) > > > Would you

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > Good morning, I hope everyone's day is starting out well. :-). Rainy day here. > > > In the TL;DR department I would highly recommend that anyone > > > interested in all of this read MIT's 170+ page review of the > > > technology before jumping to any conclusions :-) > > > Would you

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, May 03, 2016 at 05:38:40PM +0200, Pavel Machek wrote: > Hi! Good morning, I hope everyone's day is starting out well. > > I told my associates the first time I reviewed this technology that > > SGX has the ability to be a bit of a Pandora's box and it seems to be > > following that

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, May 03, 2016 at 05:38:40PM +0200, Pavel Machek wrote: > Hi! Good morning, I hope everyone's day is starting out well. > > I told my associates the first time I reviewed this technology that > > SGX has the ability to be a bit of a Pandora's box and it seems to be > > following that

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > We have been following and analyzing this technology since the first > HASP paper was published detailing its development. We have been (1) > > I told my associates the first time I reviewed this technology that > SGX has the ability to be a bit of a Pandora's box and it seems to be >

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > We have been following and analyzing this technology since the first > HASP paper was published detailing its development. We have been (1) > > I told my associates the first time I reviewed this technology that > SGX has the ability to be a bit of a Pandora's box and it seems to be >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On May 2, 11:37am, "Austin S. Hemmelgarn" wrote: } Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions Good morning, I hope the day is starting out well for everyone. > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > > On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek

Re: [PATCH 0/6] Intel Secure Guard Extensions

On May 2, 11:37am, "Austin S. Hemmelgarn" wrote: } Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions Good morning, I hope the day is starting out well for everyone. > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > > On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek

Re: [PATCH 0/6] Intel Secure Guard Extensions

On 2016-04-29 16:17, Jarkko Sakkinen wrote: On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code

Re: [PATCH 0/6] Intel Secure Guard Extensions

On 2016-04-29 16:17, Jarkko Sakkinen wrote: On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! On Fri 2016-04-29 23:17:44, Jarkko Sakkinen wrote: > On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > > The firmware uses PRMRR registers to reserve an area of physical memory > > > called Enclave Page Cache (EPC). There

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! On Fri 2016-04-29 23:17:44, Jarkko Sakkinen wrote: > On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > > The firmware uses PRMRR registers to reserve an area of physical memory > > > called Enclave Page Cache (EPC). There

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the enclave is disallowed to

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the enclave is disallowed to

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the enclave is disallowed to

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the enclave is disallowed to

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Apr 27, 2016 1:18 AM, "Ingo Molnar" wrote: > > > * Andy Lutomirski wrote: > > > > What new syscalls would be needed for ssh to get all this support? > > > > This patchset or similar, plus some user code and an enclave to use. > > > > Sadly, on current

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Apr 27, 2016 1:18 AM, "Ingo Molnar" wrote: > > > * Andy Lutomirski wrote: > > > > What new syscalls would be needed for ssh to get all this support? > > > > This patchset or similar, plus some user code and an enclave to use. > > > > Sadly, on current CPUs, you also need Intel to bless the

Re: [PATCH 0/6] Intel Secure Guard Extensions

* Andy Lutomirski wrote: > > What new syscalls would be needed for ssh to get all this support? > > This patchset or similar, plus some user code and an enclave to use. > > Sadly, on current CPUs, you also need Intel to bless the enclave. It looks > like > new CPUs

Re: [PATCH 0/6] Intel Secure Guard Extensions

* Andy Lutomirski wrote: > > What new syscalls would be needed for ssh to get all this support? > > This patchset or similar, plus some user code and an enclave to use. > > Sadly, on current CPUs, you also need Intel to bless the enclave. It looks > like > new CPUs might relax that

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > > > Preventing cold boot attacks is really just icing on the cake. The > > > real point of this is to allow you to run an "enclave". An SGX > > > enclave has unencrypted code but gets access to a key that only it can > > > access. It could use that key to unwrap your ssh private key and

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > > > Preventing cold boot attacks is really just icing on the cake. The > > > real point of this is to allow you to run an "enclave". An SGX > > > enclave has unencrypted code but gets access to a key that only it can > > > access. It could use that key to unwrap your ssh private key and

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 2:52 PM, Pavel Machek wrote: > On Tue 2016-04-26 21:59:52, One Thousand Gnomes wrote: >> > But... that will mean that my ssh will need to be SGX-aware, and that >> > I will not be able to switch to AMD machine in future. ... or to other >> > Intel machine for

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 2:52 PM, Pavel Machek wrote: > On Tue 2016-04-26 21:59:52, One Thousand Gnomes wrote: >> > But... that will mean that my ssh will need to be SGX-aware, and that >> > I will not be able to switch to AMD machine in future. ... or to other >> > Intel machine for that matter,

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Apr 26, 2016 1:11 PM, "Pavel Machek" wrote: > > Hi! > > > >> >> The firmware uses PRMRR registers to reserve an area of physical > > >> >> memory > > >> >> called Enclave Page Cache (EPC). There is a hardware unit in the > > >> >> processor called Memory Encryption Engine. The

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Apr 26, 2016 1:11 PM, "Pavel Machek" wrote: > > Hi! > > > >> >> The firmware uses PRMRR registers to reserve an area of physical > > >> >> memory > > >> >> called Enclave Page Cache (EPC). There is a hardware unit in the > > >> >> processor called Memory Encryption Engine. The MEE encrypts

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue 2016-04-26 21:59:52, One Thousand Gnomes wrote: > > But... that will mean that my ssh will need to be SGX-aware, and that > > I will not be able to switch to AMD machine in future. ... or to other > > Intel machine for that matter, right? > > I'm not privy to AMD's CPU design plans. > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue 2016-04-26 21:59:52, One Thousand Gnomes wrote: > > But... that will mean that my ssh will need to be SGX-aware, and that > > I will not be able to switch to AMD machine in future. ... or to other > > Intel machine for that matter, right? > > I'm not privy to AMD's CPU design plans. > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

> But... that will mean that my ssh will need to be SGX-aware, and that > I will not be able to switch to AMD machine in future. ... or to other > Intel machine for that matter, right? I'm not privy to AMD's CPU design plans. However I think for the ssl/ssh case you'd use the same interfaces

Re: [PATCH 0/6] Intel Secure Guard Extensions

> But... that will mean that my ssh will need to be SGX-aware, and that > I will not be able to switch to AMD machine in future. ... or to other > Intel machine for that matter, right? I'm not privy to AMD's CPU design plans. However I think for the ssl/ssh case you'd use the same interfaces

Re: [PATCH 0/6] Intel Secure Guard Extensions

> > Storing your ssh private key encrypted such that even someone who > > completely compromises your system can't get the actual private key > > Well, if someone gets root on my system, he can get my ssh private > key right? Potentially not. If you are using a TPM or other TEE (such as

Re: [PATCH 0/6] Intel Secure Guard Extensions

> > Storing your ssh private key encrypted such that even someone who > > completely compromises your system can't get the actual private key > > Well, if someone gets root on my system, he can get my ssh private > key right? Potentially not. If you are using a TPM or other TEE (such as

Re: [PATCH 0/6] Intel Secure Guard Extensions

> Replay Protected Memory Block. It's a device that allows someone to > write to it and confirm that the write happened and the old contents > is no longer available. You could use it to implement an enclave that > checks a password for your disk but only allows you to try a certain > number of

Re: [PATCH 0/6] Intel Secure Guard Extensions

> Replay Protected Memory Block. It's a device that allows someone to > write to it and confirm that the write happened and the old contents > is no longer available. You could use it to implement an enclave that > checks a password for your disk but only allows you to try a certain > number of

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > >> >> The firmware uses PRMRR registers to reserve an area of physical memory > >> >> called Enclave Page Cache (EPC). There is a hardware unit in the > >> >> processor called Memory Encryption Engine. The MEE encrypts and decrypts > >> >> the EPC pages as they enter and leave the processor

Re: [PATCH 0/6] Intel Secure Guard Extensions

Hi! > >> >> The firmware uses PRMRR registers to reserve an area of physical memory > >> >> called Enclave Page Cache (EPC). There is a hardware unit in the > >> >> processor called Memory Encryption Engine. The MEE encrypts and decrypts > >> >> the EPC pages as they enter and leave the processor

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 12:41 PM, Pavel Machek wrote: > On Tue 2016-04-26 12:05:48, Andy Lutomirski wrote: >> On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote: >> > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: >> >> Intel(R) SGX is a set of CPU instructions

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 12:41 PM, Pavel Machek wrote: > On Tue 2016-04-26 12:05:48, Andy Lutomirski wrote: >> On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote: >> > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: >> >> Intel(R) SGX is a set of CPU instructions that can be used by >> >>

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue 2016-04-26 12:05:48, Andy Lutomirski wrote: > On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote: > > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > >> Intel(R) SGX is a set of CPU instructions that can be used by > >> applications to set aside private regions of code

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue 2016-04-26 12:05:48, Andy Lutomirski wrote: > On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote: > > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > >> Intel(R) SGX is a set of CPU instructions that can be used by > >> applications to set aside private regions of code and data.

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: >> Intel(R) SGX is a set of CPU instructions that can be used by >> applications to set aside private regions of code and data. The code >> outside the enclave is disallowed

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: >> Intel(R) SGX is a set of CPU instructions that can be used by >> applications to set aside private regions of code and data. The code >> outside the enclave is disallowed to access the

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by > applications to set aside private regions of code and data. The code > outside the enclave is disallowed to access the memory inside the > enclave by the CPU access control. > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by > applications to set aside private regions of code and data. The code > outside the enclave is disallowed to access the memory inside the > enclave by the CPU access control. > >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, Apr 25, 2016 at 12:03 PM, Jarkko Sakkinen wrote: > On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote: >> On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote: >> > Intel(R) SGX is a set of CPU instructions that can be used by >> >

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, Apr 25, 2016 at 12:03 PM, Jarkko Sakkinen wrote: > On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote: >> On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote: >> > Intel(R) SGX is a set of CPU instructions that can be used by >> > applications to set aside private regions

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote: > On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the enclave is

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote: > On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the enclave is

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by > applications to set aside private regions of code and data. The code > outside the enclave is disallowed to access the memory inside the > enclave by the CPU access

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by > applications to set aside private regions of code and data. The code > outside the enclave is disallowed to access the memory inside the > enclave by the CPU access

[PATCH 0/6] Intel Secure Guard Extensions

Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. The firmware uses PRMRR registers to reserve an area of physical

[PATCH 0/6] Intel Secure Guard Extensions

Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. The firmware uses PRMRR registers to reserve an area of physical