Re: [PATCH v20 00/28] Intel SGX1 support

From: Dr. Greg
Date: Fri Apr 19 2019 - 14:34:35 EST


On Thu, Apr 18, 2019 at 10:24:42AM -0700, Dave Hansen wrote:

Good morning again.

> On 4/18/19 10:10 AM, Dr. Greg wrote:
> > In addition, the driver breaks all existing SGX software by breaking
> > compatibility with what is a 3+ year ABI provided by the existing
> > driver. This seems to contravene the well understood philosophy that
> > Linux doesn't, if at all possible, break existing applications,

> Sorry, that doesn't apply to out-of-tree modules. While we don't go
> out of our way to intentionally break apps who are relying on
> out-of-tree modules, we also don't go our of or way to keep them
> working.

Yes, there is no question that we understand this concept.

The salient point is that when given an opportunity to preserve and
transition an existing development community, provide an
architecturally relevant driver and to impose no restrictions on how a
new, as yet untested and undesigned security architecture can emerge,
the decision is made to break all compatibility.

> Please stop asking about this. I don't see any route where it's going
> to change.

Which goes to my first e-mail where I noted this was about idealogy
rather then technology.

Nothing wrong with that as long as we are intellectually honest.

> Companies ideally shouldn't be getting their customers hooked on
> out-of-tree ABIs and customers should consume out-of-tree ABIs
> *expecting* them to break in the future.

At the risk of being indelicate, it was your company that hooked the
SGX development community on out-of-tree driver ABI's and software.

We are just trying to find a mutually beneficial and productive path
forward.

On that note.

One of the issues we have raised in multiple missives, that remains
unaddressed, was the notion that the proposed driver may not work on
all SGX hardware moving forward. Is there going to be an OEM mandated
requirement, enforced by Intel licensing, that all SGX capable
platforms will implement Flexible Launch Control?

For those following along at home, here is a link to the Intel
Security announcements made at RSA-2019 in February:

https://newsroom.intel.com/news/rsa-2019-intel-partner-ecosystem-offer-new-silicon-enabled-security-solutions/

Of relevant note is the section 'Operational Control':

"Intel is delivering a new capability called flexible launch control
that enables a company's data center operations to set and manage
their own unique security policies for launching enclaves as well as
providing controlled access to sensitive platform identification
information. This capability is currently available on Intel
SGX-enabled Intel Xeon E Processors and some Intel NUC's".

FLC is primarily about supporting Data-Center Attestation Services
(DCAS) on XEON class servers. New technologies are released on NUC's
since those are the platforms that Intel seems to target for developer
experimentation.

We have had some experience with legal and liability sensitivities
surrounding security in general and SGX in particular. Absent an
official policy statement, it is a really open question whether this
driver will be universally useful, with the end result being a fair
amount of chaos for the Linux SGX community.

As opposed to Windows, which will have a known and stable ABI that
works on any SGX capable hardware.

As I noted in my first e-mail yesterday, we anticipated this and our
architecture provides a path forward for resolving this issue as well.

Have a good weekend.

Dr. Greg

As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: greg@xxxxxxxxxxxx
------------------------------------------------------------------------------
"If you get to thinkin' you're a person of some influence, try
orderin' somebody else's dog around."
-- Cowboy Wisdom