From: Thomas Gleixner <tglx@linutronix.de>
To: Dave Hansen <dave.hansen@intel.com>,
Cathy Zhang <cathy.zhang@intel.com>,
linux-sgx@vger.kernel.org, x86@kernel.org
Subject: Re: [RFC PATCH 00/11] Support microcode updates affecting SGX
Date: Wed, 09 Mar 2022 21:15:05 +0100 [thread overview]
Message-ID: <87pmmuj31y.ffs@tglx> (raw)
In-Reply-To: <1742be9e-c18e-28c9-75c8-144bf1f6a311@intel.com>
Dave,
On Wed, Mar 09 2022 at 11:14, Dave Hansen wrote:
> On 3/9/22 11:01, Thomas Gleixner wrote:
>>> This series implements the infrastructure needed to track and tear
>>> down bare-metal enclaves and then run EUPDATESVN. This is expected
>>> to be triggered by administrators via sysfs at some convenient time
>>> after a microcode update, probably by the microcode update tooling
>>> itself.
>> Tear down after a microcode update? This does not make any sense at all,
>> really. If the enclaves become inconsistent due to the microcode update
>
> I don't think there's anything that makes the enclaves inconsistent from
> the microcode update itself.
>
> Let's imagine an extreme (thankfully imaginary) case: SGX has been
> totally broken by some attack. All running enclaves might have been
> compromised. A magical microcode update comes and saves the day and
> mitigates the attack.
>
> From the hardware perspective, at the time of the microcode update, the
> (presumably compromised) enclaves *can* still run. Nothing changes for
> them. The only thing they can't do is attest to the shiny new
> microcode.
So lets spin that further in a timeline of events:
6AM Info about CPU erratum which makes SGX vulnerable arrives with
a fix in form of a microcode update
12AM Microcode is updated
6PM Enclaves are torn down
It technically works, but it does not make any sense at all.
I fundamentaly detest procedures which are violating common sense
especially when those violations are not backed up by any technical
arguments.
> Are you saying that the kernel should consider the enclaves inconsistent
> at the time of the microcode update? Or, were you thinking that the
> microcode update process itself would make them inconsistent?
Inconsistent in the meaning that the attestation is moot at the point
of the microcode update because that attestation was done against the
previously loaded microcode.
That means if anything fundamentally changed by the microcode then the
enclave might become vulnerable by the microcode update itself because
the deployment decision based on the previous microcode is not longer
correct.
Unlikely, but not impossible and we had cases where certain mitigations
had to be redone in microcode which means that a code deployed based on
the previous microcode revision is not longer protected.
Again, this all might be a non issue, but with a cover letter based on
marketing ballyhoo, I'm not seeing how this can be correct under all
circumstances.
We write code and create proceedures based on the worst case assumptions
and by applying common sense and not based on what $customer has on his
wishlist. I'm all for serving customers, but ponies are not part of that.
Thanks,
tglx
next prev parent reply other threads:[~2022-03-09 20:15 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 10:40 [RFC PATCH 00/11] Support microcode updates affecting SGX Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 01/11] x86/sgx: Introduce mechanism to prevent new initializations of EPC pages Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 02/11] x86/sgx: Provide VA page non-NULL owner Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 03/11] x86/sgx: Save enclave pointer for VA page Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 04/11] x86/sgx: Keep record for SGX VA and Guest page type Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 05/11] x86/sgx: Save the size of each EPC section Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 06/11] x86/sgx: Forced EPC page zapping for EUPDATESVN Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 07/11] x86/sgx: Define error codes for ENCLS[EUPDATESVN] Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 08/11] x86/sgx: Implement ENCLS[EUPDATESVN] Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs Cathy Zhang
2022-03-09 11:20 ` Borislav Petkov
2022-03-09 15:42 ` Dave Hansen
2022-03-09 15:48 ` Borislav Petkov
2022-03-10 5:15 ` Zhang, Cathy
2022-03-09 10:40 ` [RFC PATCH 10/11] x86/sgx: Call ENCLS[EUPDATESVN] during SGX initialization Cathy Zhang
2022-03-09 10:40 ` [RFC PATCH 11/11] Documentation/x86/sgx: Document EUPDATESVN sysfs file Cathy Zhang
2022-03-09 19:01 ` [RFC PATCH 00/11] Support microcode updates affecting SGX Thomas Gleixner
2022-03-09 19:14 ` Dave Hansen
2022-03-09 19:36 ` Borislav Petkov
2022-03-09 19:52 ` Dave Hansen
2022-03-09 20:15 ` Thomas Gleixner [this message]
2022-03-09 20:32 ` Dave Hansen
2022-03-09 20:48 ` Raj, Ashok
2022-03-09 23:09 ` Thomas Gleixner
2022-03-10 5:24 ` Zhang, Cathy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pmmuj31y.ffs@tglx \
--to=tglx@linutronix.de \
--cc=cathy.zhang@intel.com \
--cc=dave.hansen@intel.com \
--cc=linux-sgx@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox