From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
intel-sgx-kernel-dev@lists.01.org
Cc: linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org
Subject: Re: [intel-sgx-kernel-dev] [PATCH v5 08/11] intel_sgx: in-kernel launch enclave
Date: Tue, 14 Nov 2017 09:05:09 -0800 [thread overview]
Message-ID: <1510679109.23727.6.camel@intel.com> (raw)
In-Reply-To: <20171113194528.28557-9-jarkko.sakkinen@linux.intel.com>
On Mon, 2017-11-13 at 21:45 +0200, Jarkko Sakkinen wrote:
> This commits implements the in-kernel launch enclave. It is wrapped into
> a user space program that reads SIGSTRUCT instances from stdin and
> outputs launch tokens to stdout.
>
> The commit also adds enclave signing tool that is used by kbuild to
> measure and sign the launch enclave.
>
> CONFIG_INTEL_SGX_SIGNING_KEY points to a PEM-file for the 3072-bit RSA
> key that is used as the LE public key pair. The default location is:
>
> drivers/platform/x86/intel_sgx/intel_sgx_signing_key.pem
Unless there is some conflict you are worried about, "signing_key.pem" is
preferable as the default name so that the key is ignored via the top-level
.gitignore. The intel_sgx dir should have also a .gitignore to exclude the
other LE related output files:
drivers/platform/x86/intel_sgx/le/enclave/sgx_le.ss
drivers/platform/x86/intel_sgx/le/enclave/sgxsign
drivers/platform/x86/intel_sgx/le/sgx_le_proxy
> If the default key does not exist kbuild will generate a random key and
> place it to this location. KBUILD_SGX_SIGN_PIN can be used to specify
> the passphrase for the LE public key.
>
> TinyCrypt (https://github.com/01org/tinycrypt) is used as AES
> implementation, which is not timing resistant. Eventually this needs to
> be replaced with AES-NI based implementation that could be either
>
> - re-use existing AES-NI code in the kernel
> - have its own hand written code
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
next prev parent reply other threads:[~2017-11-14 17:05 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-13 19:45 [PATCH v5 00/11] Intel SGX Driver Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 01/11] intel_sgx: updated MAINTAINERS Jarkko Sakkinen
2017-11-17 21:54 ` Darren Hart
2017-11-24 19:18 ` Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 02/11] x86: add SGX definition to cpufeature Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 03/11] x86: define the feature control MSR's SGX enable bit Jarkko Sakkinen
2017-11-17 21:48 ` Darren Hart
2017-11-13 19:45 ` [PATCH v5 04/11] x86: define the feature control MSR's SGX launch control bit Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 05/11] x86: add SGX MSRs to msr-index.h Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 06/11] intel_sgx: driver for Intel Software Guard Extensions Jarkko Sakkinen
2017-11-13 23:41 ` James Morris
2017-11-14 20:12 ` Jarkko Sakkinen
2017-11-15 10:04 ` Jarkko Sakkinen
2017-11-14 17:55 ` [intel-sgx-kernel-dev] " Sean Christopherson
2017-11-14 20:28 ` Jarkko Sakkinen
2017-11-15 18:20 ` Sean Christopherson
2017-12-13 23:18 ` Christopherson, Sean J
2017-12-15 15:00 ` Jarkko Sakkinen
2017-12-19 18:52 ` Christopherson, Sean J
2017-12-19 23:11 ` Jarkko Sakkinen
2017-12-19 23:24 ` Christopherson, Sean J
2017-12-20 10:13 ` Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 07/11] intel_sgx: ptrace() support Jarkko Sakkinen
2017-11-16 9:28 ` Thomas Gleixner
2017-11-23 10:25 ` Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 08/11] intel_sgx: in-kernel launch enclave Jarkko Sakkinen
2017-11-14 17:05 ` Sean Christopherson [this message]
2017-11-14 20:05 ` [intel-sgx-kernel-dev] " Jarkko Sakkinen
2017-11-20 22:21 ` Jarkko Sakkinen
2017-11-15 11:50 ` Peter Zijlstra
2017-11-20 22:25 ` Jarkko Sakkinen
2017-11-20 22:43 ` Thomas Gleixner
2017-11-20 23:43 ` Jarkko Sakkinen
2017-11-20 23:48 ` Thomas Gleixner
2017-11-21 12:23 ` Jarkko Sakkinen
2017-11-21 23:36 ` Thomas Gleixner
2017-11-13 19:45 ` [PATCH v5 09/11] fs/pipe.c: export create_pipe_files() and replace_fd() Jarkko Sakkinen
2017-11-16 9:15 ` Thomas Gleixner
2017-11-20 22:30 ` Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 10/11] intel_sgx: glue code for in-kernel LE Jarkko Sakkinen
2017-11-14 18:16 ` [intel-sgx-kernel-dev] " Sean Christopherson
2017-11-14 20:31 ` Jarkko Sakkinen
2017-11-15 10:10 ` Jarkko Sakkinen
2017-11-17 23:07 ` Darren Hart
2017-11-25 12:52 ` Jarkko Sakkinen
2017-11-25 18:01 ` Jarkko Sakkinen
2017-11-13 19:45 ` [PATCH v5 11/11] intel_sgx: driver documentation Jarkko Sakkinen
2017-11-14 3:01 ` [intel-sgx-kernel-dev] " Kai Huang
2017-11-14 19:47 ` Jarkko Sakkinen
2017-11-14 21:12 ` Kai Huang
2017-11-14 8:36 ` Borislav Petkov
2017-11-14 20:49 ` Jarkko Sakkinen
2017-11-14 21:53 ` Borislav Petkov
2017-11-20 22:37 ` Jarkko Sakkinen
2017-11-20 22:42 ` Borislav Petkov
2017-11-20 23:41 ` Jarkko Sakkinen
2017-11-21 11:10 ` Borislav Petkov
2017-11-15 11:54 ` Peter Zijlstra
2017-11-20 22:46 ` Jarkko Sakkinen
2017-11-21 12:38 ` Jarkko Sakkinen
2017-11-21 12:47 ` Borislav Petkov
2017-11-21 23:45 ` Jethro Beekman
2017-11-22 0:10 ` Borislav Petkov
2017-11-22 0:27 ` Jethro Beekman
2017-11-22 11:00 ` Borislav Petkov
2017-11-22 16:07 ` Jethro Beekman
2017-11-17 21:43 ` Darren Hart
2017-11-17 23:34 ` Thomas Gleixner
2017-11-17 23:46 ` Darren Hart
2017-11-20 23:12 ` Jarkko Sakkinen
2017-11-20 23:08 ` Jarkko Sakkinen
2017-11-27 17:03 ` Sean Christopherson
2017-11-27 19:41 ` Sean Christopherson
2017-11-28 20:37 ` Jarkko Sakkinen
2017-11-28 20:46 ` Jarkko Sakkinen
2017-11-24 17:26 ` Jarkko Sakkinen
2017-11-15 10:35 ` [PATCH v5 00/11] Intel SGX Driver Thomas Gleixner
2017-11-20 22:20 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1510679109.23727.6.camel@intel.com \
--to=sean.j.christopherson@intel.com \
--cc=intel-sgx-kernel-dev@lists.01.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=platform-driver-x86@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.