Re: [PATCH v30 04/20] x86/sgx: Add SGX microarchitectural data structures

From: Sean Christopherson
Date: Fri May 22 2020 - 12:13:29 EST


On Fri, May 22, 2020 at 06:54:05PM +0300, Jarkko Sakkinen wrote:
> On Wed, May 20, 2020 at 08:47:45PM +0200, Borislav Petkov wrote:
> > On Fri, May 15, 2020 at 03:43:54AM +0300, Jarkko Sakkinen wrote:
> > > +/**
> > > + * struct sgx_sigstruct_header - defines author of the enclave
> > > + * @header1: constant byte string
> > > + * @vendor: must be either 0x0000 or 0x8086
> >
> > Out of pure curiosity: what is that about?
> >
> > Nothing in the patchset enforces this, so hw does? If so, why?
> >
> > Are those vendor IDs going to be assigned by someone or what's up?
> >
> > Thx.
>
> In SGX1 world 0x8086 was used to mark architectural enclaves and 0x0000
> user run enclaves. In SGX2 world they are irrelevant.

That's not accurate, the vendor is irrelevant in all SGX eras, e.g. enclaves
signed by someone other than Intel can use 0x8086 on SGX1 hardware and even
pre-LC hardware. 0x8086 is/was used as an _informal_ "this is an
Intel-signed enclave", but in no way was it mandatory or reliable.

> In order to retain compatiblity I'd add an explicit check to:
>
> 1. Allow vendor ID of 0x0000 or 0x8086.
> 2. Reject other vendor ID's (-EINVAL).

Unless we also check the reserved fields in sigstruct, I don't see the
point. Even then, I don't understand what the kernel gains from enforcing
anything with respect to sigstruct. Enforcing the SECS makes sense as we
don't want to allow userspace to enable some unknown future feature. But
sigstruct is purely for verification, we (Intel) have far bigger problems
if Intel is enabling new behavior via sigstruct.

That being said, I'm not dead set against sanity checking sigstruct, I just
think it'd be a waste of cycles.