udev: add default group for sgx enclave access #18944
Conversation
bluca
added
good-to-merge/waiting-for-ci 👍
|
hmm, what's the point of the SYMLINK+= part? who would use that? Can you explain? |
|
Symlink looks like backcompat with previous out of tree kernel drivers. Now that we have a stable driver to build from I think it's better to force a “reset” of the ecosystem. |
poettering
added
reviewed/needs-rework 🔨
|
@haitaohuang, ptal. |
|
Yeah, pretty much looks like it. For reference here's a table of (header, device path) and a comment for a particular we use for driver autodetection: https://github.com/oscarlab/graphene/blob/cea083122941c52b8e9b21dfd327364ffbc3f0cb/Pal/src/host/Linux-SGX/link-intel-driver.py#L8-L19. This particular symlink is aimed at DCAP driver, which historically closely followed the repeated patchsets (they even have a nice table: https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/driver/linux#compatibility-with-intelr-sgx-psw-releases). With graphene hat: either way works for us. Thank you! |
|
@woju I think you missed one https://github.com/fortanix/rust-sgx/blob/master/sgxs-loaders/src/isgx/mod.rs#L443-L446 |
Closes systemd#18669. This creates a "well known" for sgx_enclave ownership. By doing this here we avoid the risk that various projects making use of the device will provide similar-but-slightly-incompatible installation instructions, in particular using different group names. ACLs are actually a better approach to grant access to users, but not in all cases, so we want to provide a standard group anyway. Mode is 0o660, not 0o666 because this is very new code and distributions are likely to not want to give full access to all users. This might change in the future, but being conservative is a good default in the beginning. Rules for /dev/sgx_provision will be provided by libsg-ae-pce: intel/linux-sgx#678.
I dropped the symlink again. |
keszybz
added
good-to-merge/waiting-for-ci 👍
|
lgtm |
keszybz
removed
the
good-to-merge/waiting-for-ci 👍
|
Hm, why not use |
|
|
|
Sure, but do we have a need/use-case for such a non-logged in user? My fear is, that sgx is very much a specialized use case requiring a certain hardware and software combination. So I don't see the need (yet) to add such a group to everyones system. Who knows if sgx is still a thing a couple of years down the line. |
|
There isn't any particular reason to tie this to My main goal with merging this here is to provide a standardized experience on all systems. Introducing a group like this is really cheap, the whole patch is two lines. Intel cpus are very popular, so even if only some fraction of users can use this, this fraction can still be a lot of people. If we at some point decide that it's not useful any more, we can drop it again. Existing systems will keep the group, no harm done. This is certainly better then a proliferation of scripts and instructions to add the group in every project that wants to make use of it. |
|
Well, no. Removing existing system groups isn't cheap. Once introduced it's usually hard to get rid of them, as you might have files/directories using that group. |
Which is why we should be careful introducing new system groups... |
|
I guess if someone wants to use uaccess, then anyone who does will be compatible with each other out of the box, as you don't need a specific keyword. With group access, you do need to use the exact same name, and that's where standardisation at the top level helps. Also, I definitely see use cases for this feature in service-level software, which won't run from a logged in user, and thus won't benefit from uaccess, right? |
Such as? |
|
Honestly, I'm quite puzzled. For years we have been advocating that static group member ship is probably not such a great idea. |
|
uaccess doesn't sounds like an appropriate thing I'd say. That#s really more about desktopish stuff, and SGX is entirely generic stuff. I mean, I'd expect sshd do use it and http servers and such that need crypto, and there's really no relevance to the desktop there. As you might have seen with the AMD SEV stuff I generally try to push away stuff that is too special purpose, and where there's another package that is pretty much "the" maintainer of that subsystem. But I was told that SGX doesn't really fit into that much, it's pretty generic stuff that is useful outside of the virtualization space, and apparently is supposed to be pretty commonly available in intel CPUs. I mean, we have to draw the line somewhere: we have the group concept and it makes sense for system-level stuff like this. Hence we should use it. Because otherwise there's no point in the groups at all, if we never use them. The other options are only to say "meh, not our problem, let people fight for device node ownership", or to open up the device node. I doubt this is really in our interest. We try to gently push distros to come to a common groups database, and we can do this via the sysusers stuff pretty OK. Of course it's open source, people can patch it out downstream again. |
huh? you missed the point apparently |
|
So, the responses so far convinced me even more to revert this change. But I'm open to actual use cases. |
I am not sure what a "proper" justification is supposed to be, beyond what we already gave you: we add groups for device nodes for reasonably common/generic device types, where system components have a good reason to get access to (while others shall not) and which are accessed by multiple projects directly as opposed to having a single userspace subsystem owner. That's all there is to it. of course, these criteria are not binary decision points — "common" and "generic" are subjective and a continous scale. we came to the conclusion that these criteria apply so we merged it. If you disagree with that, it's your freedom. So for the next time (iirc we had the same discussion about the "render" nodes stuff), let's semi formalize things:
|
I mean, knock yourself out, but we listed plenty usecases, don't claim otherwise. You just decided to ignore or discount them as irrelevant. |
then explain it to me! |
I'm not sure what you mean by "actual use case" - if you mean software that today can use enclaves, then the various ssl libraries have been mentioned. For example, you can run apache or nginx with wolfssl with sgx support. You know perfectly well you don't want to run web servers as root. That's a use case as concrete as it could possibly be, available today. |
Not really, no. But thanks for being so constructive.
Hm, that feels familiar. |
The web servers I know start off as root and only drop privileges after they've setup everything (like binding to privileged ports) |
I'm not an expert but I don't think that works here, as access is required at any time |
you are talking about tape recorders. Not sure what that is supposed to mean when I was asking for real use cases. |
It's an fd that can be passed to the children, no? |
|
@mbiebl i listed two more cases, and iirc backups in big data centers is still all tapes, they even build new tape drivers pretty regularly. |
Yeah, on sysvinit this is how things worked, but we try to move people away from schemes like that and just drop privs for them. |
that's still true today, even under systemd, afaics. |
how tape recoders are related to sgx still eludes me. |
|
Any network service is a candidate for use of SGX, which they may use to protect sensitive information such as TLS keys or application data. However, not every network service requires root. |
AFAIK none of the libraries/implementations work like that, and the nodes are accessed directly. Another real, existing use case is Graphene, and this is how it instructs users to set up: https://graphene.readthedocs.io/en/latest/sgx-intro.html#linux-kernel-drivers iow, exactly what this PR does, as suggested in the ticket by #18669 (comment) |
|
@mbiebl: We (Graphene) and Fortanix (@jethrogb's project) both use We aim for as easy installation as possible (optimally |
|
As it appears Signal (the IM program) can do its crypto in SGX. Not sure if on linux yet though. See https://signal.org/blog/secure-value-recovery/ |
Perfect example that uaccess would be a better choice here. |
Uhm, how so? It is used server-side, not by the user app - ie, a practical example of the "securely handle customer data" that I mentioned the other day. From the article:
|
So "Signal (the IM program)" is not referring to the client? |
No, it refers to the server, it's explained in the blog post, it's quite an interesting read |
|
Thanks @keszybz for submitting the patch. I would still prefer 0666 as default:
BTW, SGX itself does not depend on ME as some may deduce from some implementations for client use cases that enclaves need use service from ME, such as trusted counters. |
Closes #18669.
This creates a "well known" for sgx_enclave ownership. By doing this here we
avoid the risk that various projects making use of the device will provide
similar-but-slightly-incompatible installation instructions, in particular
using different group names.
ACLs are actually a better approach to grant access to users, but not in all
cases, so we want to provide a standard group anyway.
Mode is 0o660, not 0o666 because this is very new code and distributions are
likely to not want to give full access to all users. This might change in the
future, but being conservative is a good default in the beginning.
Rules for /dev/sgx_provision will be provided by libsg-ae-pce:
intel/linux-sgx#678.