On Thu, May 28, 2020 at 02:15:18PM +0300, Jarkko Sakkinen wrote:
> On Thu, May 07, 2020 at 05:25:55PM -0700, Sean Christopherson wrote:
> > Ah, fudge. shmem_zero_setup() triggers shmem_acct_size() and thus
> > __vm_enough_memory(). Which I should have rememered because I've stared
> > at that cod
On Thu, May 07, 2020 at 05:25:55PM -0700, Sean Christopherson wrote:
> Ah, fudge. shmem_zero_setup() triggers shmem_acct_size() and thus
> __vm_enough_memory(). Which I should have rememered because I've stared
> at that code several times when dealing with the enclave's backing store.
> I wasn't
From: Pavel Machek
> Sent: 24 May 2020 22:27
..
> It provides false sense of security, and I'm afraid big companies will try to
> force
> people to use it. "DRM, now with hardware support". "Finally advertisments
> you can
> not skip". "Just run this piece of code on your machine to access your b
Hi!
> > > At the very least a modular form of the driver should be
> > > considered that would allow alternate implementations. Sean
> > > indicated that there was a 'kludgy' approach that would allow an
> > > alternate modular implementation alongside the in-kernel driver.
> > > I believe that A
On Fri, 2020-05-15 at 15:54 -0400, Nathaniel McCallum wrote:
> The (Red Hat sponsored) Enarx project will continue building an
> unofficial, unsupported version of the Fedora kernel with the SGX
> patches[0] until such time as the patches are upstream. Once upstream,
> I intend to propose that the
On Thu, May 14, 2020 at 5:17 AM Dr. Greg wrote:
>
> On Fri, May 08, 2020 at 12:56:35PM -0700, Sean Christopherson wrote:
>
> Good morning, I hope the week is proceeding well for everyone.
>
> > On Fri, May 08, 2020 at 02:02:26PM -0500, Dr. Greg wrote:
> > > On Thu, May 07, 2020 at 02:41:30AM +0200
On Fri, 2020-05-15 at 11:42 +0200, Borislav Petkov wrote:
> On Fri, May 15, 2020 at 12:28:54PM +0300, Jarkko Sakkinen wrote:
> > Uh oh, should probably address this. Should I send v31 today with a "nosgx"
> > patch added? Sorry for missing this one :-/
>
> Not the whole thing - just the one patch
On Fri, May 15, 2020 at 12:28:54PM +0300, Jarkko Sakkinen wrote:
> Uh oh, should probably address this. Should I send v31 today with a "nosgx"
> patch added? Sorry for missing this one :-/
Not the whole thing - just the one patch as a reply to your thread pls.
Thx.
--
Regards/Gruss,
Boris.
On Thu, 2020-05-14 at 18:20 +0200, Borislav Petkov wrote:
> On Thu, May 14, 2020 at 09:15:59AM -0700, Sean Christopherson wrote:
> > I'm not opposed to adding a kernel param to disable SGX. At one point
> > there was a proposal to extend clearcpuid to allow disabling multiple
> > feature bits, but
On Thu, 2020-05-14 at 12:05 -0700, Seth Moore wrote:
> On Fri, May 8, 2020 at 12:08 PM Sean Christopherson
> wrote:
> > Adding some Google folks to the party.
>
> Thanks, Sean.
>
> > On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
> > > Intel(R) SGX is a set of CPU instructions
On Thu, 2020-05-14 at 21:30 +0200, Thomas Gleixner wrote:
> Jarkko Sakkinen writes:
> > General question: maybe it would be easiest that I issue a pull request
> > once everyone feels that the series is ready to be pulled and stop sending
> > new versions of the series?
>
> Might be the easiest f
On Thu, 2020-05-14 at 09:15 -0700, Sean Christopherson wrote:
> On Thu, May 14, 2020 at 04:16:37AM -0500, Dr. Greg wrote:
> > What we would recommend at this point is that you and Jarkko do the
> > Linux community and beyond a favor and wire up a simple kernel
> > command-line parameter that contro
Jarkko Sakkinen writes:
>
> General question: maybe it would be easiest that I issue a pull request
> once everyone feels that the series is ready to be pulled and stop sending
> new versions of the series?
Might be the easiest for you, but I prefer a final series in email.
Thanks,
tglx
Borislav Petkov writes:
> On Thu, May 14, 2020 at 09:15:59AM -0700, Sean Christopherson wrote:
>> I'm not opposed to adding a kernel param to disable SGX. At one point
>> there was a proposal to extend clearcpuid to allow disabling multiple
>> feature bits, but it looks like that went the way of
On Fri, May 8, 2020 at 12:08 PM Sean Christopherson
wrote:
>
> Adding some Google folks to the party.
Thanks, Sean.
> On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > to set aside private regions o
On Thu, May 14, 2020 at 09:15:59AM -0700, Sean Christopherson wrote:
> I'm not opposed to adding a kernel param to disable SGX. At one point
> there was a proposal to extend clearcpuid to allow disabling multiple
> feature bits, but it looks like that went the way of the dodo.
>
> Note, such a pa
On Thu, May 14, 2020 at 04:16:37AM -0500, Dr. Greg wrote:
> What we would recommend at this point is that you and Jarkko do the
> Linux community and beyond a favor and wire up a simple kernel
> command-line parameter that controls the ability of the driver to be
> used, ie. enables/disables access
On Tue, 2020-05-12 at 19:55 +0800, Hui, Chunyang wrote:
> On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > to set aside private regions of code and data. The code outside the enclave
> > is disallowed
On Fri, May 08, 2020 at 12:56:35PM -0700, Sean Christopherson wrote:
Good morning, I hope the week is proceeding well for everyone.
> On Fri, May 08, 2020 at 02:02:26PM -0500, Dr. Greg wrote:
> > On Thu, May 07, 2020 at 02:41:30AM +0200, Thomas Gleixner wrote:
> > > The diffstat of your patch is
On 2020-05-14 00:14, Jarkko Sakkinen wrote:
> General question: maybe it would be easiest that I issue a pull request
> once everyone feels that the series is ready to be pulled and stop sending
> new versions of the series?
Sounds good
--
Jethro Beekman | Fortanix
smime.p7s
Description: S/MIM
On Wed, 2020-05-06 at 09:39 -0700, Jordan Hand wrote:
> On 4/21/20 2:52 PM, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > to set aside private regions of code and data. The code outside the enclave
> > is disallowed to access the memory in
On Thu, 2020-05-14 at 01:14 +0300, Jarkko Sakkinen wrote:
> On Wed, 2020-05-06 at 17:42 -0400, Nathaniel McCallum wrote:
> > Tested on Enarx. This requires a patch[0] for v29 support.
> >
> > Tested-by: Nathaniel McCallum
>
> Thank you. Update in my tree.
>
> Sean, I'll fixed that whitespace is
On Wed, 2020-05-06 at 17:42 -0400, Nathaniel McCallum wrote:
> Tested on Enarx. This requires a patch[0] for v29 support.
>
> Tested-by: Nathaniel McCallum
Thank you. Update in my tree.
Sean, I'll fixed that whitespace issue too in my tree.
General question: maybe it would be easiest that I is
On Tue, May 12, 2020 at 07:55:58PM +0800, Hui, Chunyang wrote:
> > You can tell if your CPU supports SGX by looking into /proc/cpuinfo:
> >
> > cat /proc/cpuinfo | grep sgx
>
> Tested-by: Chunyang Hui
> Occlum project (https://github.com/occlum/occlum) is a libOS built
> on top of Intel S
On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
> Intel(R) SGX is a set of CPU instructions that can be used by applications
> to set aside private regions of code and data. The code outside the enclave
> is disallowed to access the memory inside the enclave by the CPU access
> con
On Fri, May 08, 2020 at 02:02:26PM -0500, Dr. Greg wrote:
> On Thu, May 07, 2020 at 02:41:30AM +0200, Thomas Gleixner wrote:
> > The diffstat of your patch is irrelevant. What's relevant is the
> > fact that it is completely unreviewed and that it creates yet
> > another user space visible ABI with
Adding some Google folks to the party.
On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
> Intel(R) SGX is a set of CPU instructions that can be used by applications
> to set aside private regions of code and data. The code outside the enclave
> is disallowed to access the memory in
On Thu, May 07, 2020 at 02:41:30AM +0200, Thomas Gleixner wrote:
> Greg,
Good morning Thomas, I hope the week has gone well for you, the same
to everyone else reading this.
> "Dr. Greg" writes:
> > As an aside, for those who haven't spent the last 5+ years of their
> > life working with this te
On 5/7/20 11:06 AM, Dr. Greg wrote:
On Wed, May 06, 2020 at 09:39:55AM -0700, Jordan Hand wrote:
Good afternoon, I hope the week is going well for everyone.
On 4/21/20 2:52 PM, Jarkko Sakkinen wrote:
Make the vDSO callable directly from C by preserving RBX and taking leaf
from RCX.
Test
On Wed, Apr 29, 2020 at 8:30 AM Sean Christopherson
wrote:
>
> On Sun, Apr 26, 2020 at 11:57:53AM -0500, Dr. Greg wrote:
> > In closing, it is important to note that the proposed SGX driver is
> > not available as a module. This effectively excludes any alternative
> > implementations of the driv
On Thu, May 07, 2020 at 05:35:31PM -0500, Haitao Huang wrote:
> On Thu, 07 May 2020 14:34:59 -0500, Sean Christopherson
> wrote:
>
> >On Thu, May 07, 2020 at 12:49:15PM -0400, Nathaniel McCallum wrote:
> >>> For larger size mmap, I think it requires enabling vm overcommit mode
> >>1:
> >>> echo 1
On Thu, 07 May 2020 14:34:59 -0500, Sean Christopherson
wrote:
On Thu, May 07, 2020 at 12:49:15PM -0400, Nathaniel McCallum wrote:
On Thu, May 7, 2020 at 1:03 AM Haitao Huang
wrote:
>
> On Wed, 06 May 2020 17:14:22 -0500, Sean Christopherson
> wrote:
>
> > On Wed, May 06, 2020 at 05:42:42P
On Thu, 07 May 2020 11:49:15 -0500, Nathaniel McCallum
wrote:
On Thu, May 7, 2020 at 1:03 AM Haitao Huang
wrote:
On Wed, 06 May 2020 17:14:22 -0500, Sean Christopherson
wrote:
> On Wed, May 06, 2020 at 05:42:42PM -0400, Nathaniel McCallum wrote:
>> Tested on Enarx. This requires a patch[
On Thu, May 07, 2020 at 12:49:15PM -0400, Nathaniel McCallum wrote:
> On Thu, May 7, 2020 at 1:03 AM Haitao Huang
> wrote:
> >
> > On Wed, 06 May 2020 17:14:22 -0500, Sean Christopherson
> > wrote:
> >
> > > On Wed, May 06, 2020 at 05:42:42PM -0400, Nathaniel McCallum wrote:
> > >> Tested on Enar
On Wed, May 06, 2020 at 09:39:55AM -0700, Jordan Hand wrote:
Good afternoon, I hope the week is going well for everyone.
> On 4/21/20 2:52 PM, Jarkko Sakkinen wrote:
> > Make the vDSO callable directly from C by preserving RBX and taking leaf
> > from RCX.
> Tested with the Open Enclave SDK on
On Thu, May 7, 2020 at 1:03 AM Haitao Huang
wrote:
>
> On Wed, 06 May 2020 17:14:22 -0500, Sean Christopherson
> wrote:
>
> > On Wed, May 06, 2020 at 05:42:42PM -0400, Nathaniel McCallum wrote:
> >> Tested on Enarx. This requires a patch[0] for v29 support.
> >>
> >> Tested-by: Nathaniel McCallum
On Wed, 06 May 2020 17:14:22 -0500, Sean Christopherson
wrote:
On Wed, May 06, 2020 at 05:42:42PM -0400, Nathaniel McCallum wrote:
Tested on Enarx. This requires a patch[0] for v29 support.
Tested-by: Nathaniel McCallum
However, we did uncover a small usability issue. See below.
[0]:
h
Greg,
"Dr. Greg" writes:
> As an aside, for those who haven't spent the last 5+ years of their
> life working with this technology. SGX2 hardware platforms have the
> ability to allow unrestricted code execution in enclave context.
Unrestricted code execution even before loaded? Unrestricted by
On Wed, May 06, 2020 at 05:42:42PM -0400, Nathaniel McCallum wrote:
> Tested on Enarx. This requires a patch[0] for v29 support.
>
> Tested-by: Nathaniel McCallum
>
> However, we did uncover a small usability issue. See below.
>
> [0]:
> https://github.com/enarx/enarx/pull/507/commits/80da2352
Tested on Enarx. This requires a patch[0] for v29 support.
Tested-by: Nathaniel McCallum
However, we did uncover a small usability issue. See below.
[0]:
https://github.com/enarx/enarx/pull/507/commits/80da2352aba46aa7bc6b4d1fccf20fe1bda58662
On Tue, Apr 21, 2020 at 5:53 PM Jarkko Sakkinen
w
On 4/21/20 2:52 PM, Jarkko Sakkinen wrote:
Intel(R) SGX is a set of CPU instructions that can be used by applications
to set aside private regions of code and data. The code outside the enclave
is disallowed to access the memory inside the enclave by the CPU access
control.
There is a new hardwa
On Thu, Apr 30, 2020 at 04:12:07PM +0200, Jethro Beekman wrote:
> On 2020-04-30 10:23, Jarkko Sakkinen wrote:
> > On Thu, Apr 30, 2020 at 09:19:48AM +0200, Jethro Beekman wrote:
> >> On 2020-04-30 05:46, Jarkko Sakkinen wrote:
> >>> On Wed, Apr 29, 2020 at 05:27:48PM +0200, Jethro Beekman wrote:
>
On Sat, May 02, 2020 at 05:48:30PM -0700, Andy Lutomirski wrote:
Good morning, I hope the week is starting well for everyone.
> > On May 2, 2020, at 4:05 PM, Dr. Greg wrote:
> > In a nutshell, the driver needs our patch that implements
> > cryptographic policy management.
> >
> > A patch that:
> On May 2, 2020, at 4:05 PM, Dr. Greg wrote:
>
> On Thu, Apr 30, 2020 at 06:59:11AM +0300, Jarkko Sakkinen wrote:
>
> Good afternoon, I hope the weekend is going well for everyone.
>
>>> On Wed, Apr 29, 2020 at 08:14:59AM -0700, Sean Christopherson wrote:
>>> On Wed, Apr 29, 2020 at 08:23:
On Thu, Apr 30, 2020 at 06:59:11AM +0300, Jarkko Sakkinen wrote:
Good afternoon, I hope the weekend is going well for everyone.
> On Wed, Apr 29, 2020 at 08:14:59AM -0700, Sean Christopherson wrote:
> > On Wed, Apr 29, 2020 at 08:23:29AM +0300, Jarkko Sakkinen wrote:
> > > On Sun, Apr 26, 2020 at
On 2020-04-30 10:23, Jarkko Sakkinen wrote:
> On Thu, Apr 30, 2020 at 09:19:48AM +0200, Jethro Beekman wrote:
>> On 2020-04-30 05:46, Jarkko Sakkinen wrote:
>>> On Wed, Apr 29, 2020 at 05:27:48PM +0200, Jethro Beekman wrote:
On 2020-04-21 23:52, Jarkko Sakkinen wrote:
> Intel(R) SGX is a s
On Thu, Apr 30, 2020 at 09:19:48AM +0200, Jethro Beekman wrote:
> On 2020-04-30 05:46, Jarkko Sakkinen wrote:
> > On Wed, Apr 29, 2020 at 05:27:48PM +0200, Jethro Beekman wrote:
> >> On 2020-04-21 23:52, Jarkko Sakkinen wrote:
> >>> Intel(R) SGX is a set of CPU instructions that can be used by appl
On 2020-04-30 05:46, Jarkko Sakkinen wrote:
> On Wed, Apr 29, 2020 at 05:27:48PM +0200, Jethro Beekman wrote:
>> On 2020-04-21 23:52, Jarkko Sakkinen wrote:
>>> Intel(R) SGX is a set of CPU instructions that can be used by applications
>>> to set aside private regions of code and data. The code out
On Wed, Apr 29, 2020 at 08:14:59AM -0700, Sean Christopherson wrote:
> On Wed, Apr 29, 2020 at 08:23:29AM +0300, Jarkko Sakkinen wrote:
> > On Sun, Apr 26, 2020 at 11:57:53AM -0500, Dr. Greg wrote:
> > > On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
> > >
> > > Good day, I hope
On Wed, Apr 29, 2020 at 05:27:48PM +0200, Jethro Beekman wrote:
> On 2020-04-21 23:52, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > to set aside private regions of code and data. The code outside the enclave
> > is disallowed to access th
On 2020-04-21 23:52, Jarkko Sakkinen wrote:
> Intel(R) SGX is a set of CPU instructions that can be used by applications
> to set aside private regions of code and data. The code outside the enclave
> is disallowed to access the memory inside the enclave by the CPU access
> control.
>
> There is a
On Sun, Apr 26, 2020 at 11:57:53AM -0500, Dr. Greg wrote:
> In closing, it is important to note that the proposed SGX driver is
> not available as a module. This effectively excludes any alternative
> implementations of the driver without replacement of the kernel at
> large.
No it doesn't. The
On Wed, Apr 29, 2020 at 08:23:29AM +0300, Jarkko Sakkinen wrote:
> On Sun, Apr 26, 2020 at 11:57:53AM -0500, Dr. Greg wrote:
> > On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
> >
> > Good day, I hope the weekend is going well for everyone.
> >
> > > Intel(R) SGX is a set of CPU
On Sun, Apr 26, 2020 at 11:57:53AM -0500, Dr. Greg wrote:
> On Wed, Apr 22, 2020 at 12:52:56AM +0300, Jarkko Sakkinen wrote:
>
> Good day, I hope the weekend is going well for everyone.
>
> > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > to set aside private regio
On Wed, Apr 22, 2020 at 09:48:58AM -0700, Connor Kuehl wrote:
> On 4/21/20 2:52 PM, Jarkko Sakkinen wrote:
> > v29:
> > * The selftest has been moved to selftests/sgx. Because SGX is an execution
> >environment of its own, it really isn't a great fit with more "standard"
> >x86 tests.
> >
55 matches
Mail list logo
