Re: [intel-sgx-kernel-dev] [PATCH v11 13/13] intel_sgx: in-kernel launch enclave
From: Andy Lutomirski
Date: Thu Jun 21 2018 - 18:49:08 EST
On Thu, Jun 21, 2018 at 12:11 PM Nathaniel McCallum
<npmccallum@xxxxxxxxxx> wrote:
>
> If this is acceptable for everyone, my hope is the following:
>
> 1. Intel would split the existing code into one of the following
> schemas (I don't care which):
> A. three parts: UEFI module, FLC-only kernel driver and user-space
> launch enclave
> B. two parts: UEFI module (including launch enclave) and FLC-only
> kernel driver
>
> 2. Intel would release a reproducible build of the GPL UEFI module
> sources signed with a SecureBoot trusted key and provide an
> acceptable[0] binary redistribution license.
>
> 3. The kernel community would agree to merge the kernel driver given
> the above criteria (and, obviously, acceptable kernel code).
>
> The question of how to distribute the UEFI module and possible launch
> enclave remains open. I see two options: independent distribution and
> bundling it in linux-firmware. The former may be a better
> technological fit since the UEFI module will likely need to be run
> before the kernel (and the boot loader; and shim). However, the latter
> has the benefit of already being a well-known entity to our downstream
> distributors. I could go either way on this.
This is a lot of complication and effort for a gain that is not
entirely clear. I really really really do *not* want to see Intel or
anyone else start enforcing policy on which programs can and cannot
run using this mechanism. (This is exactly why non-FLC systems aren't
about to be supported upstream.) So my preference is to not merge
anything that supports this type of use case unless there is
compelling evidence that it is (a) genuinely useful, (b) will be used
to improve security and (c) won't be abused for, say, revenue
purposes.
--Andy