Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > On Tue, Nov 21, 2017 at 12:48:26AM +0100, Thomas Gleixner wrote: > > The launch enclave is part of the kernel, at least that's what the subject > > line claims. So why and how would it do a syscall? The kernel has it's > > internal crypto API. > >

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > On Tue, Nov 21, 2017 at 12:48:26AM +0100, Thomas Gleixner wrote: > > The launch enclave is part of the kernel, at least that's what the subject > > line claims. So why and how would it do a syscall? The kernel has it's > > internal crypto API. > >

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, Nov 21, 2017 at 12:48:26AM +0100, Thomas Gleixner wrote: > The launch enclave is part of the kernel, at least that's what the subject > line claims. So why and how would it do a syscall? The kernel has it's > internal crypto API. It's part of the kernel in the way as lets say code

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, Nov 21, 2017 at 12:48:26AM +0100, Thomas Gleixner wrote: > The launch enclave is part of the kernel, at least that's what the subject > line claims. So why and how would it do a syscall? The kernel has it's > internal crypto API. It's part of the kernel in the way as lets say code

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > On Mon, Nov 20, 2017 at 11:43:22PM +0100, Thomas Gleixner wrote: > > On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > > > On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > > > > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > On Mon, Nov 20, 2017 at 11:43:22PM +0100, Thomas Gleixner wrote: > > On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > > > On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > > > > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Mon, Nov 20, 2017 at 11:43:22PM +0100, Thomas Gleixner wrote: > On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > > On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > > > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > > > > TinyCrypt

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Mon, Nov 20, 2017 at 11:43:22PM +0100, Thomas Gleixner wrote: > On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > > On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > > > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > > > > TinyCrypt

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > > > TinyCrypt (https://github.com/01org/tinycrypt) is used as AES > > > implementation, which is not timing

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, 21 Nov 2017, Jarkko Sakkinen wrote: > On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > > > TinyCrypt (https://github.com/01org/tinycrypt) is used as AES > > > implementation, which is not timing

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > > TinyCrypt (https://github.com/01org/tinycrypt) is used as AES > > implementation, which is not timing resistant. Eventually this needs to > > be replaced with

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Wed, Nov 15, 2017 at 12:50:06PM +0100, Peter Zijlstra wrote: > On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > > TinyCrypt (https://github.com/01org/tinycrypt) is used as AES > > implementation, which is not timing resistant. Eventually this needs to > > be replaced with

Re: [intel-sgx-kernel-dev] [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, Nov 14, 2017 at 10:05:05PM +0200, Jarkko Sakkinen wrote: > On Tue, Nov 14, 2017 at 09:05:09AM -0800, Sean Christopherson wrote: > > Unless there is some conflict you are worried about, "signing_key.pem" is > > preferable as the default name so that the key is ignored via the top-level > >

Re: [intel-sgx-kernel-dev] [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, Nov 14, 2017 at 10:05:05PM +0200, Jarkko Sakkinen wrote: > On Tue, Nov 14, 2017 at 09:05:09AM -0800, Sean Christopherson wrote: > > Unless there is some conflict you are worried about, "signing_key.pem" is > > preferable as the default name so that the key is ignored via the top-level > >

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > TinyCrypt (https://github.com/01org/tinycrypt) is used as AES > implementation, which is not timing resistant. Eventually this needs to > be replaced with AES-NI based implementation that could be either > - re-use existing AES-NI

Re: [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Mon, Nov 13, 2017 at 09:45:25PM +0200, Jarkko Sakkinen wrote: > TinyCrypt (https://github.com/01org/tinycrypt) is used as AES > implementation, which is not timing resistant. Eventually this needs to > be replaced with AES-NI based implementation that could be either > - re-use existing AES-NI

Re: [intel-sgx-kernel-dev] [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, Nov 14, 2017 at 09:05:09AM -0800, Sean Christopherson wrote: > Unless there is some conflict you are worried about, "signing_key.pem" is > preferable as the default name so that the key is ignored via the top-level > .gitignore.  The intel_sgx dir should have also a .gitignore to exclude

Re: [intel-sgx-kernel-dev] [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Tue, Nov 14, 2017 at 09:05:09AM -0800, Sean Christopherson wrote: > Unless there is some conflict you are worried about, "signing_key.pem" is > preferable as the default name so that the key is ignored via the top-level > .gitignore.  The intel_sgx dir should have also a .gitignore to exclude

Re: [intel-sgx-kernel-dev] [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Mon, 2017-11-13 at 21:45 +0200, Jarkko Sakkinen wrote: > This commits implements the in-kernel launch enclave. It is wrapped into > a user space program that reads SIGSTRUCT instances from stdin and > outputs launch tokens to stdout. > > The commit also adds enclave signing tool that is used

Re: [intel-sgx-kernel-dev] [PATCH v5 08/11] intel_sgx: in-kernel launch enclave

On Mon, 2017-11-13 at 21:45 +0200, Jarkko Sakkinen wrote: > This commits implements the in-kernel launch enclave. It is wrapped into > a user space program that reads SIGSTRUCT instances from stdin and > outputs launch tokens to stdout. > > The commit also adds enclave signing tool that is used

[PATCH v5 08/11] intel_sgx: in-kernel launch enclave

This commits implements the in-kernel launch enclave. It is wrapped into a user space program that reads SIGSTRUCT instances from stdin and outputs launch tokens to stdout. The commit also adds enclave signing tool that is used by kbuild to measure and sign the launch enclave.

[PATCH v5 08/11] intel_sgx: in-kernel launch enclave

This commits implements the in-kernel launch enclave. It is wrapped into a user space program that reads SIGSTRUCT instances from stdin and outputs launch tokens to stdout. The commit also adds enclave signing tool that is used by kbuild to measure and sign the launch enclave.