Re: [PATCH v17 18/23] platform/x86: Intel SGX driver

From: Jarkko Sakkinen
Date: Wed Nov 28 2018 - 14:22:32 EST

Next message: Russell King - ARM Linux: "Re: remove the ->mapping_error method from dma_map_ops V2"
Previous message: Dave.Carroll: "RE: [PATCH 03/41] scsi: aacraid: aachba: Mark expected switch fall-throughs"
In reply to: Dr. Greg: "Re: [PATCH v17 18/23] platform/x86: Intel SGX driver"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v17 18/23] platform/x86: Intel SGX driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 28, 2018 at 04:49:41AM -0600, Dr. Greg wrote:
> We've been carrying a patch, that drops in on top of the proposed
> kernel driver, that implements the needed policy management framework
> for DAC fragile (FLC) platforms. After a meeting yesterday with the
> client that is funding the work, a decision was made to release the
> enhancements when the SGX driver goes mainline. That will at least
> give developers the option of creating solutions on Linux that
> implement the security guarantees that SGX was designed to deliver.

We do not need yet another policy management framework to the *kernel*.

The token based approach that Andy is proposing is proven and well
established method to create a mechanism. You can then create a daemon
to user space that decides who it wants to send tokes.

/Jarkko

Next message: Russell King - ARM Linux: "Re: remove the ->mapping_error method from dma_map_ops V2"
Previous message: Dave.Carroll: "RE: [PATCH 03/41] scsi: aacraid: aachba: Mark expected switch fall-throughs"
In reply to: Dr. Greg: "Re: [PATCH v17 18/23] platform/x86: Intel SGX driver"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v17 18/23] platform/x86: Intel SGX driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]