Re: [PATCH v6 00/11] Intel SGX Driver

2018-02-08 Thread Jarkko Sakkinen
On Thu, Feb 08, 2018 at 09:46:53AM +0100, Pavel Machek wrote: > On Tue 2018-01-09 16:27:30, Jarkko Sakkinen wrote: > > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > > > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > > > and the MELTATOMBOMBA4 worm which

Re: [PATCH v6 00/11] Intel SGX Driver

2018-02-08 Thread Pavel Machek
On Tue 2018-01-09 16:27:30, Jarkko Sakkinen wrote: > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > > and the MELTATOMBOMBA4 worm which uses this exploit? > > > > Ced > > Everything going out of L1 gets

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-10 Thread Jarkko Sakkinen
On Tue, Jan 09, 2018 at 03:50:23PM -0600, Dr. Greg Wettstein wrote: > > Everything going out of L1 gets encrypted. This is done to defend > > against peripheral like adversaries and should work also against > > meltdown. > > I don't believe this is an architecturally correct assertion. The >

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-09 Thread Dr. Greg Wettstein
On Jan 9, 4:25pm, Jarkko Sakkinen wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver Good afternoon I hope the week is going well for everyone. In order to minimize spamming mailboxes with two mails I'm incorporating a reply to Jarkko's second e-mail on the Memory Encryption Engine below

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-09 Thread Jarkko Sakkinen
On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? > > Ced Everything going out of L1 gets encrypted. This is done to defend against peripheral like

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-09 Thread Jarkko Sakkinen
On Thu, Jan 04, 2018 at 03:06:43AM -0600, Dr. Greg Wettstein wrote: > If we are talking about the issues motivating the KPTI work I don't > have any useful information beyond what is raging through the industry > right now. > > With respect to SGX, the issues giving rise to KPTI are

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-04 Thread Dr. Greg Wettstein
On Jan 4, 3:27pm, Greg Kroah-Hartman wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver Wild day, enjoyed by all I'm sure. > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > > and the

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-04 Thread James Bottomley
On Thu, 2018-01-04 at 15:17 +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? Actually, a data exfiltration attack against SGX, using page tables has already been documented:

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-04 Thread Greg Kroah-Hartman
On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? It has nothing to do with it at all, sorry. greg k-h -- To unsubscribe from this list: send the line

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-04 Thread Cedric Blancher
So how does this protect against the MELTDOWN attack (CVE-2017-5754) and the MELTATOMBOMBA4 worm which uses this exploit? Ced On 25 November 2017 at 20:29, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by applications to >

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-04 Thread Dr. Greg Wettstein
On Jan 3, 10:48am, Pavel Machek wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver > Hi! Good morning. > :-). Stuff proceeds as usual. Too bad it is raining outside, instead > of snowing. -19C here, so we have snow... :-) > > > So ... even with SGX, host can

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-03 Thread Pavel Machek
Hi! > Good evening Pavel et.al., I hope the New Year has started well for > everyone. :-). Stuff proceeds as usual. Too bad it is raining outside, instead of snowing. > > > > Would you list guarantees provided by SGX? > > > > > > Obviously, confidentiality and integrity. SGX was designed to

Re: [PATCH v6 00/11] Intel SGX Driver

2018-01-02 Thread Dr. Greg Wettstein
On Dec 27, 9:46pm, Pavel Machek wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver > Hi! Good evening Pavel et.al., I hope the New Year has started well for everyone. > > > Would you list guarantees provided by SGX? > > > > Obviously, confidentiality and inte

Re: [PATCH v6 00/11] Intel SGX Driver

2017-12-27 Thread Pavel Machek
Hi! > > Would you list guarantees provided by SGX? > > Obviously, confidentiality and integrity. SGX was designed to address > an Iago threat model, a very difficult challenge to address in > reality. Do you have link on "Iago threat model"? > I don't have the citation immediately available,

Re: [PATCH v6 00/11] Intel SGX Driver

2017-12-27 Thread Dr. Greg Wettstein
On Dec 12, 3:07pm, Pavel Machek wrote: } Subject: Re: [PATCH v6 00/11] Intel SGX Driver Good morning, I hope this note finds the holiday season going well for everyone. This note is a bit delayed due to the holidays, my apologies. Pretty wide swath on this e-mail but will include the copy list

Re: [PATCH v6 00/11] Intel SGX Driver

2017-12-20 Thread Jarkko Sakkinen
On Wed, Dec 20, 2017 at 01:33:46AM +0200, Jarkko Sakkinen wrote: > On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote: > > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > > Intel(R) SGX is a set of CPU instructions that can be used by > > > applications to > > > set aside private

Re: [PATCH v6 00/11] Intel SGX Driver

2017-12-19 Thread Jarkko Sakkinen
On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote: > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > to > > set aside private regions of code and data. The code outside the enclave is > > disallowed to

Re: [PATCH v6 00/11] Intel SGX Driver

2017-12-14 Thread Jarkko Sakkinen
On Tue, Dec 12, 2017 at 03:07:50PM +0100, Pavel Machek wrote: > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > to > > set aside private regions of code and data. The code outside the enclave is > > disallowed

Re: [PATCH v6 00/11] Intel SGX Driver

2017-12-12 Thread Pavel Machek
On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by applications to > set aside private regions of code and data. The code outside the enclave is > disallowed to access the memory inside the enclave by the CPU access control. > In a

[PATCH v6 00/11] Intel SGX Driver

2017-11-25 Thread Jarkko Sakkinen
Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. In a way you can think that SGX provides inverted sandbox. It