From: "Dr. Greg" <greg@enjellic.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Yann Droneaud <ydroneaud@opteya.com>,
Ingo Molnar <mingo@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
patches@lists.linux.dev, Thomas Gleixner <tglx@linutronix.de>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
"Carlos O'Donell" <carlos@redhat.com>,
Florian Weimer <fweimer@redhat.com>,
Arnd Bergmann <arnd@arndb.de>, Jann Horn <jannh@google.com>,
Christian Brauner <brauner@kernel.org>,
linux-mm@kvack.org
Subject: Re: [PATCH v14 2/7] mm: add VM_DROPPABLE for designating always lazily freeable mappings
Date: Tue, 10 Jan 2023 05:01:28 -0600 [thread overview]
Message-ID: <20230110110128.GA12987@wind.enjellic.com> (raw)
In-Reply-To: <CAHk-=wgLWcKq2AdrTmTOxJKn6w4oEpEGdipWAah5Xad5-Yii6Q@mail.gmail.com>
On Fri, Jan 06, 2023 at 01:10:44PM -0800, Linus Torvalds wrote:
Good morning, I hope the week is going well for everyone.
> On Fri, Jan 6, 2023 at 12:54 PM Andy Lutomirski <luto@kernel.org> wrote:
> >
> > I'm going to suggest a very very different approach: fix secret
> > storage in memory for real. That is, don't lock "super secret
> > sensitive stuff" into memory, and don't wipe it either. *Encrypt* it.
>
> I don't think you're wrong, but people will complain about key
> management, and worry about that part instead.
>
> Honestly, this is what SGX and CPU enclaves is _supposed_ to all do
> for you, but then nobody uses it for various reasons.
The principal problem is that enclave technology was not made either
ubiquitous or accessible, long story there, suitable for multiple
snifters of single malt.
Unfortunately, the same goes for just about every other hardware
security technology. Every conversation comes down to; "what is the
business case for the technology", which translated means, how much
money are we going to make off it.
Encrypting memory based secrets, as an alternative to wiping them, is
attractive, but hardware support is needed to do key management
securely and correctly. Even than, by definition, there will be a
window when the material needs to be in memory as plaintext.
A discussion can be had in this arena about perfection being the enemy
of good. If you are truely interested in perfection in this endeavor,
you need to have a trusted platform definition and implementation.
Which, if history is any indication, needs to be an open architecture
with respect to both software and hardware.
> Linus
Best wishes to everyone for a productive remainder of the week.
As always,
Dr. Greg
The Quixote Project - Flailing at the Travails of Cybersecurity
next prev parent reply other threads:[~2023-01-10 11:02 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230101162910.710293-1-Jason@zx2c4.com>
2023-01-01 16:29 ` [PATCH v14 2/7] mm: add VM_DROPPABLE for designating always lazily freeable mappings Jason A. Donenfeld
2023-01-03 10:50 ` Ingo Molnar
2023-01-03 15:01 ` Jason A. Donenfeld
2023-01-03 18:15 ` Ingo Molnar
2023-01-03 18:51 ` Jason A. Donenfeld
2023-01-03 18:36 ` Andy Lutomirski
2023-01-03 19:05 ` Jason A. Donenfeld
2023-01-03 20:52 ` Andy Lutomirski
2023-01-03 19:19 ` Linus Torvalds
2023-01-03 19:35 ` Jason A. Donenfeld
2023-01-03 19:54 ` Linus Torvalds
2023-01-03 20:03 ` Jason A. Donenfeld
2023-01-03 20:15 ` Linus Torvalds
2023-01-03 20:25 ` Linus Torvalds
2023-01-03 20:44 ` Jason A. Donenfeld
2023-01-05 21:57 ` Yann Droneaud
2023-01-05 22:57 ` Jason A. Donenfeld
2023-01-06 1:02 ` Linus Torvalds
2023-01-06 2:08 ` Linus Torvalds
2023-01-06 2:42 ` Jason A. Donenfeld
2023-01-06 20:53 ` Andy Lutomirski
2023-01-06 21:10 ` Linus Torvalds
2023-01-10 11:01 ` Dr. Greg [this message]
2023-01-06 21:36 ` Jason A. Donenfeld
2023-01-06 21:42 ` Matthew Wilcox
2023-01-06 22:06 ` Linus Torvalds
2023-01-06 2:14 ` Jason A. Donenfeld
2023-01-09 10:34 ` Florian Weimer
2023-01-09 14:28 ` Linus Torvalds
2023-01-11 7:27 ` Eric Biggers
2023-01-11 12:07 ` Linus Torvalds
2023-01-01 16:29 ` [PATCH v14 3/7] x86: mm: Skip faulting instruction for VM_DROPPABLE faults Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230110110128.GA12987@wind.enjellic.com \
--to=greg@enjellic.com \
--cc=Jason@zx2c4.com \
--cc=adhemerval.zanella@linaro.org \
--cc=arnd@arndb.de \
--cc=brauner@kernel.org \
--cc=carlos@redhat.com \
--cc=fweimer@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=patches@lists.linux.dev \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
--cc=ydroneaud@opteya.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).