From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: ACJfBov9PetVwdjOE0L7fY+txkJipYO1ukbvb0haW5vxL7WU8+qdzaECYlb4CNgZQ4GWvtCZ3atG ARC-Seal: i=1; a=rsa-sha256; t=1514944863; cv=none; d=google.com; s=arc-20160816; b=FsuKkTliWqisEPBqZKglLN0SJe24CUUuQRdFDtx4SYDwFhoJOdKsBoE9kRn8ku/D/P FhQknVN0DWaNHjA46yPFjkWRBV5e7PtO3KV/NTWpkB210tAJ+fCzvdttmBxneLNUAKBj dMtIFhH1o3Qk9C96GZaXC24rF8v52lY5hKYrJfNOC0DjL/mCOsUoPKlKKnKeIw3+Bb2L 9+H5c4hpTDIbCPr1lM2N54J+6o4qt+Rf/156zRbksCpoUrWa0UPRdxVqMuuWYf71U095 ZxHakC31W3LAMYhqYgxa3Fde+hL1xeVwYhLSAiaAxwbUnTgIljugc5XYK7NxLbGgEgsM gdoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:references:subject:cc:to :mime-version:user-agent:from:date:message-id :arc-authentication-results; bh=RZP6eJo6OA+8yTPrspMxXAGXekEwxEvIGezDhPDSx9c=; b=hKPTyWxi294UHptesmOPGyPL3B1bCMNxPIap4xpD4OVp3gdjfgXFPx9goRYhbMOtHN OJ4VIa3ECN9pGInruNN0rmUsUsDQsu+ukzOlKkvW/MIZmfMe4owfUydmWXc3eu1b6th6 /KzHudtx+swZEjzpOa4E22Wt/+e0nPfb7VSIGPPbgwDk1KLfUm8gGKXEtRgqEYI/YcLL ma1RuWiS4+Kjj5N4aVJesZrXYFGrw0uoKnmsyEN7pr51RrrCR/E754Kqrr6Ws1C/dQUc dRyoT5zXFuDZxE0wMz/RR5w3GaI+NYagu+DdKohMKf5iBWSFSYLhAZbC2IBE0Td+VUao dIGg== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 212.227.126.133 is neither permitted nor denied by best guess record for domain of stroetmann@ontolab.com) smtp.mailfrom=stroetmann@ontolab.com Authentication-Results: mx.google.com; spf=neutral (google.com: 212.227.126.133 is neither permitted nor denied by best guess record for domain of stroetmann@ontolab.com) smtp.mailfrom=stroetmann@ontolab.com Message-ID: <5A4C393F.8090908@ontolab.com> Date: Wed, 03 Jan 2018 03:00:31 +0100 From: Christian Stroetmann User-Agent: Mozilla/5.0 (Windows NT 5.0; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: greg@enjellic.com CC: "Dr. Greg Wettstein" , Pavel Machek , Jarkko Sakkinen , platform-driver-x86@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , "David S. Miller" , Greg Kroah-Hartman , Grzegorz Andrejczuk , Haim Cohen , Ingo Molnar , Janakarajan Natarajan , Jim Mattson , Kan Liang , "Kirill A. Shutemov" , Kyle Huey , Len Brown , open list:DOCUMENTATION , "open list:FILESYSTEMS (VFS and infrastructure)" , Mauro Carvalho Chehab , Paolo Bonzini , Piotr Luc , Radim Kr??m???? , Randy Dunlap , Sean Christopherson , Thomas Gleixner , Tom Lendacky , Vikas Shivappa Subject: Re: [PATCH v6 00/11] Intel SGX Driver References: <201801030059.w030xQGD011342@wind.enjellic.com> In-Reply-To: <201801030059.w030xQGD011342@wind.enjellic.com> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:2BGa1BRK0NHktw+m/ePDLe02wIAfB7vaNNUQmabgntQ3Y+qc9Rz nfRXdN2EBfE3zr9q/4COVMp5u11RxV96GxOtAU1U447UFrmAZq35BL60D/KpdoC+fQOGIC2 ZLZMhzReCgyG2lAiqM911swOgJo5uv2oRhAij+4AXFoFLtsEsdfdXzFIjKLyMLxgb11gzfJ ZhOUezxDDm6m5kLgdQagw== X-UI-Out-Filterresults: notjunk:1;V01:K0:IYeFrw5boQk=:R75kJdzia6ltOUDd/7PEkN jXPgY/NDZLKcrilTsCpbNfacj62vn6XUCTLMnhrjpId8w6hmPMuP19M2IPrzIbIifh2RceRWf CMDKJoTt7frWlpYT8V6BijGxKOtqFlHEWwUUa7ag4XBwz/Shj3mTjh+i/Et8dBCu0uZmq2IhD FdwKA9CBXA13WsHKQshHzFBpEKx4PrVn867eLva6d49/1yR1Rn7zusDmPGYRCHFi7J94xYrCd 5VFc0gCxpw+mufKN834hGuQSjyfZtu+QBi7otsw5RdOBqBpXKi4SVHDuFseu+36N7CQkuq4G/ bQuYmVKIofhYVaT3Fow7SwDqmCdgM9t4SvYPlKuaf5b9/N8/juB6qXs0wzUJuYTEog+3FmjTK TGjFutD2YqgPZpH0rpSpNOL1TEva7PHjeYLAqWRtC2KUhvrpxu9iwukVTQ0JTeeUEhW0CvAtc 0xrt7bEqJWxjXRTLayWNkyTvRm1IAf8IgR9I8GYOKnbOeVSDHa5jHAD1GTAvFAm1rD9Hn4ku5 ojqZ8gRBhiklUY+YHaEULhcAe+f6qVp6wRjbmY84KwhlQHlYiKicidCJSja6njgl79kTMId+I glSPkkCzL3HIWczhJxH/zFCg+ZtJxN6v9Xb850XSeG6gnpie+Pw3wnHCiHBP3OcnGMWVC38nr BSVYoz4i91asl2wAXwvN33lUzomS1d2i4bYI2Cg3IFPorbgrJLGyy8L45Oejwwc7NtdZ0USGF mW+t3LlQ1iBvZ7W7uv6dWGxfXz0mY5bmr3afJ4lz4aXlClup7cusNLBPts4= X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1587696854965003493?= X-GMAIL-MSGID: =?utf-8?q?1588534825584486752?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On the 03.Jan.2018 01:59, Dr. Greg Wettstein wrote: Hello everybody > On Dec 27, 9:46pm, Pavel Machek wrote: > } Subject: Re: [PATCH v6 00/11] Intel SGX Driver > >> Hi! [snip] >> People usually assume that bitflip will lead "only" to >> denial-of-service, but rowhammer work shows that even "random" bit >> flips easily lead to priviledge escalation on javascript virtual >> machines, and in similar way you can get root if you have user and >> bit flips happen. >> >> So... I believe we should assume compromise is possible, not just >> denial-of-service. > Prudence always dictates that one assumes the worst. In this case > however, the bitflip attacks against SGX enclaves are very definitely > in the denial-of-service category. The attack is designed to trigger > a hardware self-protection feature on the processor. > > Each page of memory which is initialized into an enclave has a > metadata block associated with it which contains the integrity state > of that page of memory. The MM{E,U} hardware on an SGX capable > platform checks this integrity data on each page fetch request arising > from addresses/pages inside of an enclave. > > Forcing a bitflip in enclave memory causes the next page fetch > containing the bitflipped location to fail its integrity check. Since > this technically shouldn't be possible, this situation was classified > as a hardware failure which is handled by the processor locking its > execution state, thus taking the machine down. > > It would seem to be a misfeature for the self-protection mechanism to > not generate some type of trappable fault rather then generating a > processor lockup but hindsight is always 20/20. Philosophically this > is a good example of security risk managment. Locking a machine is > obviously problematic in a cloud service environment, but it has to be > taken in the perspective of whether or not it would be preferable to > have a successful privilege escalation attack which could result in > exfiltration of sensitive data. > > Philosophically we take the approach that for high security assurance > environments it is virtually impossible to allow any untrusted code to > run on a platform. Which is why we focus on autonomous introspection > for these environments. Interesting. I would like to hear more about this autonomous introspection concept, specifically what it monitors and how it reacts on an issue. Maybe you have a summary or short introduction of the concept or/and a link to a document. Regards Christian Stroetmann >>> Unfortunately, in the security field it is way more fun, and >>> seemingly advantageous from a reputational perspective, to break >>> things then to build solutions.... :-)( >> Well, yes :-). And I believe someone is going to have fun with SGX >> ;-). >> Pavel > Arguably not as much fun as what appears to be pending, given what > appears to be the difficulty of some Intel processors to deal with > page faults induced by speculative memory references... :-) > > Best wishes for a productive New Year. > > Dr. Greg > > }-- End of excerpt from Pavel Machek > > As always, > Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC. > 4206 N. 19th Ave. Specializing in information infra-structure > Fargo, ND 58102 development. > PH: 701-281-1686 > FAX: 701-281-3949 EMAIL: greg@enjellic.com > ------------------------------------------------------------------------------ > "It is difficult to produce a television documentary that is both > incisive and probing when every twelve minutes one is interrupted by > twelve dancing rabbits singing about toilet paper." > -- Rod Serling >