Re: [PATCH v5 11/11] intel_sgx: driver documentation

From: Jethro Beekman
Date: Tue Nov 21 2017 - 19:27:58 EST

Next message: Mike Kravetz: "Re: [PATCH v2] mm: show total hugetlb memory consumption in /proc/meminfo"
Previous message: Rafael J. Wysocki: "Re: [RFC PATCH v10 6/7] PCI / PM: Move acpi wakeup code to pci core"
In reply to: Borislav Petkov: "Re: [PATCH v5 11/11] intel_sgx: driver documentation"
Next in thread: Borislav Petkov: "Re: [PATCH v5 11/11] intel_sgx: driver documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017-11-21 16:10, Borislav Petkov wrote:

On Tue, Nov 21, 2017 at 03:45:31PM -0800, Jethro Beekman wrote:

Boris & Peter: this key has nothing to do with "trust" or "security".

But with what? Why is the firmware at all involved then?

See http://www.spinics.net/lists/platform-driver-x86/msg13829.html under "Launch control". Essentially, firmware can make it so that user has no control over IA32_SGXLEPUBKEYHASHn value.

One comment on the documentation I linked:

> +The BIOS can configure IA32_SGXLEPUBKEYHASHn MSRs before feature control
> +register is locked.

This is not entirely accurate, hardware exists on the market today where IA32_SGXLEPUBKEYHASHn can't be configured, even by firmware. As mentioned in my previous email, I'd like to use said hardware.

Jethro Beekman

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Next message: Mike Kravetz: "Re: [PATCH v2] mm: show total hugetlb memory consumption in /proc/meminfo"
Previous message: Rafael J. Wysocki: "Re: [RFC PATCH v10 6/7] PCI / PM: Move acpi wakeup code to pci core"
In reply to: Borislav Petkov: "Re: [PATCH v5 11/11] intel_sgx: driver documentation"
Next in thread: Borislav Petkov: "Re: [PATCH v5 11/11] intel_sgx: driver documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]