From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-sgx@vger.kernel.org, akpm@linux-foundation.org,
dave.hansen@intel.com, sean.j.christopherson@intel.com,
nhorman@redhat.com, npmccallum@redhat.com,
haitao.huang@intel.com, andriy.shevchenko@linux.intel.com,
tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de,
josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com,
rientjes@google.com, cedric.xing@intel.com,
puiterwijk@redhat.com, linux-doc@vger.kernel.org
Subject: Re: [PATCH v25 21/21] docs: x86/sgx: Document SGX micro architecture and kernel internals
Date: Thu, 6 Feb 2020 01:07:56 +0200 [thread overview]
Message-ID: <20200205230756.GB28111@linux.intel.com> (raw)
In-Reply-To: <5ea28632-cd64-bc26-fab6-2868142eb9e4@infradead.org>
On Wed, Feb 05, 2020 at 09:54:31AM -0800, Randy Dunlap wrote:
> Hi,
> I have some Documentation edits. Please see inline below...
>
> or just: ``grep sgx /proc/cpuinfo
Makes sense.
> > +key set into MSRs, which would then generate launch tokens for other enclaves.
> > +This would only make sense with read-only MSRs, and thus the option has been
> > +discluded.
>
> I can't find "discluded" in a dictionary.
Should be "discarded".
> "MAC" can mean a lots of different things. Which one is this?
Message authentication code. I open
I rewrote the whole local attestation section:
"In local attestation an enclave creates a **REPORT** data structure
with **ENCLS[EREPORT]**, which describes the origin of an enclave. In
particular, it contains a AES-CMAC of the enclave contents signed with a
report key unique to each processor. All enclaves have access to this
key.
This mechanism can also be used in addition as a communication channel
as the **REPORT** data structure includes a 64-byte field for variable
information."
> > +* ECDSA based scheme, which 3rd party to act as an attestation service.
>
> which uses a 3rd party
> or
> using a 3rd party
It should be "allows a 3rd party".
> > +Intel provides an open source *quoting enclave (QE)* and *provisioning
> > +certification enclave (PCE)* for the ECDSA based scheme. The latter acts as
> > +the CA for the local QE's. Intel also a precompiled binary version of the PCE
>
> also provides [??]
I rewrote it as:
"Intel provides a proprietary binary version of the PCE. This is a
necessity when the software needs to prove to be running inside a legit
enclave on real hardware."
Thank you for the comments.
/Jarkko
next prev parent reply other threads:[~2020-02-05 23:08 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-04 6:05 [PATCH v25 00/21] Intel SGX foundations Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 01/21] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 02/21] x86/cpufeatures: x86/msr: Intel SGX Launch Control " Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 03/21] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 04/21] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 05/21] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 06/21] x86/cpu/intel: Detect SGX supprt Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 07/21] x86/sgx: Enumerate and track EPC sections Jarkko Sakkinen
2020-02-05 19:57 ` Sean Christopherson
2020-02-05 23:11 ` Jarkko Sakkinen
2020-02-06 15:34 ` Jarkko Sakkinen
2020-02-06 15:35 ` Jarkko Sakkinen
2020-02-06 15:55 ` Sean Christopherson
2020-02-04 6:05 ` [PATCH v25 08/21] x86/sgx: Add functions to allocate and free EPC pages Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 09/21] mm: Introduce vm_ops->may_mprotect() Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 10/21] x86/sgx: Linux Enclave Driver Jarkko Sakkinen
2020-02-04 6:18 ` Jarkko Sakkinen
2020-02-05 15:58 ` Haitao Huang
2020-02-07 17:03 ` Haitao Huang
2020-02-04 6:05 ` [PATCH v25 11/21] selftests/x86: Recurse into subdirectories Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 12/21] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 13/21] x86/sgx: Add provisioning Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 14/21] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 15/21] x86/sgx: ptrace() support for the SGX driver Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 16/21] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 17/21] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 18/21] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 19/21] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 20/21] selftests/x86: Add vDSO selftest for SGX Jarkko Sakkinen
2020-02-04 6:05 ` [PATCH v25 21/21] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-02-05 17:54 ` Randy Dunlap
2020-02-05 23:07 ` Jarkko Sakkinen [this message]
2020-02-05 23:10 ` Randy Dunlap
2020-02-06 14:50 ` Jarkko Sakkinen
2020-02-04 15:11 ` [PATCH v25 00/21] Intel SGX foundations Sean Christopherson
2020-02-05 21:59 ` Jarkko Sakkinen
2020-02-05 23:09 ` Jarkko Sakkinen
2020-02-05 16:01 ` Haitao Huang
2020-02-05 22:01 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200205230756.GB28111@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=josh@joshtriplett.org \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rdunlap@infradead.org \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.