On May 13, 2016 2:42 AM, "Dr. Greg Wettstein" wrote:
>
> On Sun, May 08, 2016 at 06:32:10PM -0700, Andy Lutomirski wrote:
>
> Good morning, running behind on e-mail this week but wanted to get
> some reflections out on Andy's well taken comments and concerns.
>
> > On May 8, 2016 2:59 AM, "Dr. Gre
On Sun, May 08, 2016 at 06:32:10PM -0700, Andy Lutomirski wrote:
Good morning, running behind on e-mail this week but wanted to get
some reflections out on Andy's well taken comments and concerns.
> On May 8, 2016 2:59 AM, "Dr. Greg Wettstein" wrote:
> >
> >
> > This now means the security of SG
On Mon, May 09, 2016 at 08:27:04AM +0200, Thomas Gleixner wrote:
Good morning.
> > On Fri, 6 May 2016, Jarkko Sakkinen wrote:
> > I fully understand if you (and others) want to keep this standpoint but
> > what if we could get it to staging after I've revised it with suggested
> >
> This should n
On Mon, May 09, 2016 at 08:27:04AM +0200, Thomas Gleixner wrote:
> On Mon, 9 May 2016, Jarkko Sakkinen wrote:
> > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote:
> > > On Fri, 6 May 2016, Jarkko Sakkinen wrote:
> > >
> > > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wetts
On Mon, May 09, 2016 at 09:04:09AM +0200, Greg KH wrote:
> On Mon, May 09, 2016 at 08:38:25AM +0300, Jarkko Sakkinen wrote:
> > On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote:
> > > On Fri, 6 May 2016, Jarkko Sakkinen wrote:
> > >
> > > > On Tue, May 03, 2016 at 04:06:27AM -0500,
On Mon, May 09, 2016 at 08:38:25AM +0300, Jarkko Sakkinen wrote:
> On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote:
> > On Fri, 6 May 2016, Jarkko Sakkinen wrote:
> >
> > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote:
> > > > It would be helpful and instructi
On Mon, 9 May 2016, Jarkko Sakkinen wrote:
> On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote:
> > On Fri, 6 May 2016, Jarkko Sakkinen wrote:
> >
> > > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote:
> > > > It would be helpful and instructive for anyone involved
On Fri, May 06, 2016 at 01:54:14PM +0200, Thomas Gleixner wrote:
> On Fri, 6 May 2016, Jarkko Sakkinen wrote:
>
> > On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote:
> > > It would be helpful and instructive for anyone involved in this debate
> > > to review the following URL whi
On May 8, 2016 2:59 AM, "Dr. Greg Wettstein" wrote:
>
>
> This now means the security of SGX on 'unlocked' platforms, at least
> from a trust perspective, will be dependent on using TXT so as to
> provide a hardware root of trust on which to base the SGX trust model.
Can you explain what you mean
Hi, I hope the weekend is going well for everyone.
On Fri, May 06, 2016 at 02:39:44PM +0300, Jarkko Sakkinen wrote:
> On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote:
> > It would be helpful and instructive for anyone involved in this debate
> > to review the following URL which
On Fri, May 6, 2016 at 4:23 AM, Jarkko Sakkinen
wrote:
> On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote:
>>
>> * Andy Lutomirski wrote:
>>
>> > > What new syscalls would be needed for ssh to get all this support?
>> >
>> > This patchset or similar, plus some user code and an enclave
On Fri, May 06, 2016 at 09:14:43AM +0200, Pavel Machek wrote:
> On Fri 2016-05-06 01:52:04, Jarkko Sakkinen wrote:
> > On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote:
> > > On 2016-04-29 16:17, Jarkko Sakkinen wrote:
> > > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Mache
On Fri, 6 May 2016, Jarkko Sakkinen wrote:
> On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote:
> > It would be helpful and instructive for anyone involved in this debate
> > to review the following URL which details Intel's SGX licening
> > program:
> >
> > https://software.inte
On Tue, May 03, 2016 at 04:06:27AM -0500, Dr. Greg Wettstein wrote:
> It would be helpful and instructive for anyone involved in this debate
> to review the following URL which details Intel's SGX licening
> program:
>
> https://software.intel.com/en-us/articles/intel-sgx-product-licensing
I thin
On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote:
>
> * Andy Lutomirski wrote:
>
> > > What new syscalls would be needed for ssh to get all this support?
> >
> > This patchset or similar, plus some user code and an enclave to use.
> >
> > Sadly, on current CPUs, you also need Intel
On Fri 2016-05-06 01:52:04, Jarkko Sakkinen wrote:
> On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote:
> > On 2016-04-29 16:17, Jarkko Sakkinen wrote:
> > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> > >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> >
On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote:
> On 2016-04-29 16:17, Jarkko Sakkinen wrote:
> >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> >>>Intel(R) SGX is a set of CPU instructions that can be used
Hi!
> Good morning, I hope everyone's day is starting out well.
:-). Rainy day here.
> > > In the TL;DR department I would highly recommend that anyone
> > > interested in all of this read MIT's 170+ page review of the
> > > technology before jumping to any conclusions :-)
>
> > Would you h
On Tue, May 03, 2016 at 05:38:40PM +0200, Pavel Machek wrote:
> Hi!
Good morning, I hope everyone's day is starting out well.
> > I told my associates the first time I reviewed this technology that
> > SGX has the ability to be a bit of a Pandora's box and it seems to be
> > following that cours
Hi!
> We have been following and analyzing this technology since the first
> HASP paper was published detailing its development. We have been
(1)
>
> I told my associates the first time I reviewed this technology that
> SGX has the ability to be a bit of a Pandora's box and it seems to be
> fo
On May 2, 11:37am, "Austin S. Hemmelgarn" wrote:
} Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions
Good morning, I hope the day is starting out well for everyone.
> On 2016-04-29 16:17, Jarkko Sakkinen wrote:
> > On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek
On 2016-04-29 16:17, Jarkko Sakkinen wrote:
On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
Intel(R) SGX is a set of CPU instructions that can be used by
applications to set aside private regions of code and data. The code
outsid
Hi!
On Fri 2016-04-29 23:17:44, Jarkko Sakkinen wrote:
> On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > > The firmware uses PRMRR registers to reserve an area of physical memory
> > > called Enclave Page Cache (EPC). There is
On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the enclave is disallowed to acc
On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the enclave is disallowed to acc
On Apr 27, 2016 1:18 AM, "Ingo Molnar" wrote:
>
>
> * Andy Lutomirski wrote:
>
> > > What new syscalls would be needed for ssh to get all this support?
> >
> > This patchset or similar, plus some user code and an enclave to use.
> >
> > Sadly, on current CPUs, you also need Intel to bless the enc
* Andy Lutomirski wrote:
> > What new syscalls would be needed for ssh to get all this support?
>
> This patchset or similar, plus some user code and an enclave to use.
>
> Sadly, on current CPUs, you also need Intel to bless the enclave. It looks
> like
> new CPUs might relax that requirem
Hi!
> > > Preventing cold boot attacks is really just icing on the cake. The
> > > real point of this is to allow you to run an "enclave". An SGX
> > > enclave has unencrypted code but gets access to a key that only it can
> > > access. It could use that key to unwrap your ssh private key and s
On Tue, Apr 26, 2016 at 2:52 PM, Pavel Machek wrote:
> On Tue 2016-04-26 21:59:52, One Thousand Gnomes wrote:
>> > But... that will mean that my ssh will need to be SGX-aware, and that
>> > I will not be able to switch to AMD machine in future. ... or to other
>> > Intel machine for that matter, r
On Apr 26, 2016 1:11 PM, "Pavel Machek" wrote:
>
> Hi!
>
> > >> >> The firmware uses PRMRR registers to reserve an area of physical
> > >> >> memory
> > >> >> called Enclave Page Cache (EPC). There is a hardware unit in the
> > >> >> processor called Memory Encryption Engine. The MEE encrypts and
On Tue 2016-04-26 21:59:52, One Thousand Gnomes wrote:
> > But... that will mean that my ssh will need to be SGX-aware, and that
> > I will not be able to switch to AMD machine in future. ... or to other
> > Intel machine for that matter, right?
>
> I'm not privy to AMD's CPU design plans.
>
> Ho
> But... that will mean that my ssh will need to be SGX-aware, and that
> I will not be able to switch to AMD machine in future. ... or to other
> Intel machine for that matter, right?
I'm not privy to AMD's CPU design plans.
However I think for the ssl/ssh case you'd use the same interfaces
curr
> > Storing your ssh private key encrypted such that even someone who
> > completely compromises your system can't get the actual private key
>
> Well, if someone gets root on my system, he can get my ssh private
> key right?
Potentially not. If you are using a TPM or other TEE (such as SGX
> Replay Protected Memory Block. It's a device that allows someone to
> write to it and confirm that the write happened and the old contents
> is no longer available. You could use it to implement an enclave that
> checks a password for your disk but only allows you to try a certain
> number of t
Hi!
> >> >> The firmware uses PRMRR registers to reserve an area of physical memory
> >> >> called Enclave Page Cache (EPC). There is a hardware unit in the
> >> >> processor called Memory Encryption Engine. The MEE encrypts and decrypts
> >> >> the EPC pages as they enter and leave the processor
On Tue, Apr 26, 2016 at 12:41 PM, Pavel Machek wrote:
> On Tue 2016-04-26 12:05:48, Andy Lutomirski wrote:
>> On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote:
>> > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
>> >> Intel(R) SGX is a set of CPU instructions that can be used by
>> >> app
On Tue 2016-04-26 12:05:48, Andy Lutomirski wrote:
> On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote:
> > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> >> Intel(R) SGX is a set of CPU instructions that can be used by
> >> applications to set aside private regions of code and data. The
On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> Intel(R) SGX is a set of CPU instructions that can be used by
> applications to set aside private regions of code and data. The code
> outside the enclave is disallowed to access the memory inside the
> enclave by the CPU access control.
>
> Th
On Tue, Apr 26, 2016 at 12:00 PM, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
>> Intel(R) SGX is a set of CPU instructions that can be used by
>> applications to set aside private regions of code and data. The code
>> outside the enclave is disallowed to access the me
On Mon, Apr 25, 2016 at 12:03 PM, Jarkko Sakkinen
wrote:
> On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote:
>> On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote:
>> > Intel(R) SGX is a set of CPU instructions that can be used by
>> > applications to set aside private regions
On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote:
> On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the enclave is disallow
On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote:
> Intel(R) SGX is a set of CPU instructions that can be used by
> applications to set aside private regions of code and data. The code
> outside the enclave is disallowed to access the memory inside the
> enclave by the CPU access co
Intel(R) SGX is a set of CPU instructions that can be used by
applications to set aside private regions of code and data. The code
outside the enclave is disallowed to access the memory inside the
enclave by the CPU access control.
The firmware uses PRMRR registers to reserve an area of physical
43 matches
Mail list logo
