hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a824c44e4b
sst-linux/arch/x86/kernel
History
Vladis Dronov 34988d2e0c x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled 
[ Upstream commit 65be5c95d08eedda570a6c888a12384c77fe7614 ]

The kernel requires X86_FEATURE_SGX_LC to be able to create SGX enclaves,
not just X86_FEATURE_SGX.

There is quite a number of hardware which has X86_FEATURE_SGX but not
X86_FEATURE_SGX_LC. A kernel running on such hardware does not create
the /dev/sgx_enclave file and does so silently.

Explicitly warn if X86_FEATURE_SGX_LC is not enabled to properly notify
users that the kernel disabled the SGX driver.

The X86_FEATURE_SGX_LC, a.k.a. SGX Launch Control, is a CPU feature
that enables LE (Launch Enclave) hash MSRs to be writable (with
additional opt-in required in the 'feature control' MSR) when running
enclaves, i.e. using a custom root key rather than the Intel proprietary
key for enclave signing.

I've hit this issue myself and have spent some time researching where
my /dev/sgx_enclave file went on SGX-enabled hardware.

Related links:

  https://github.com/intel/linux-sgx/issues/837
  https://patchwork.kernel.org/project/platform-driver-x86/patch/20180827185507.17087-3-jarkko.sakkinen@linux.intel.com/

[ mingo: Made the error message a bit more verbose, and added other cases
         where the kernel fails to create the /dev/sgx_enclave device node. ]

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Kai Huang <kai.huang@intel.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20250309172215.21777-2-vdronov@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-04-10 14:33:39 +02:00
..
acpi
apic x86/apic: Always explicitly disarm TSC-deadline timer 2024-10-22 15:56:50 +02:00
cpu x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled 2025-04-10 14:33:39 +02:00
fpu x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures 2025-04-10 14:33:31 +02:00
kprobes
.gitignore
alternative.c
amd_gart_64.c x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros 2024-04-27 17:07:06 +02:00
amd_nb.c x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() 2025-03-13 12:53:11 +01:00
aperture_64.c
apm_32.c
asm-offsets_32.c
asm-offsets_64.c
asm-offsets.c
audit_64.c
bootflag.c
cfi.c
check.c
cpuid.c
crash_core_32.c
crash_core_64.c
crash_dump_32.c
crash_dump_64.c
crash.c
devicetree.c x86/of: Return consistent error type from x86_of_pci_irq_enable() 2024-08-03 08:48:53 +02:00
doublefault_32.c
dumpstack_32.c
dumpstack_64.c
dumpstack.c x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment 2025-04-10 14:33:35 +02:00
e820.c
early_printk.c
early-quirks.c
ebda.c
eisa.c
espfix_64.c
ftrace_32.S
ftrace_64.S
ftrace.c
head32.c
head64.c x86/head/64: Move the __head definition to <asm/init.h> 2024-04-27 17:07:07 +02:00
head_32.S
head_64.S
hpet.c
hw_breakpoint.c
i8237.c
i8253.c x86/i8253: Disable PIT timer 0 when not in use 2025-02-21 13:50:12 +01:00
i8259.c
idt.c
io_delay.c
ioport.c
irq_32.c
irq_64.c
irq_work.c
irq.c x86/irq: Define trace events conditionally 2025-03-28 21:58:53 +01:00
irqflags.S
irqinit.c
itmt.c
jailhouse.c
jump_label.c
kdebugfs.c
kexec-bzimage64.c
kgdb.c
ksysfs.c
kvm.c
kvmclock.c
ldt.c
machine_kexec_32.c
machine_kexec_64.c x86/kexec: Allocate PGD for x86_64 transition page tables separately 2025-02-21 13:49:33 +01:00
Makefile
mmconf-fam10h_64.c
module.c
mpparse.c
msr.c
nmi_selftest.c
nmi.c
paravirt-spinlocks.c
paravirt.c
pci-dma.c
pcspeaker.c
perf_regs.c
platform-quirks.c x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() 2024-04-27 17:07:10 +02:00
pmem.c
probe_roms.c
process_32.c
process_64.c x86/cpu: Fix check for RDPKRU in __show_regs() 2024-05-02 16:29:27 +02:00
process.c x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() 2025-04-10 14:33:30 +02:00
process.h
ptrace.c
pvclock.c
quirks.c
reboot_fixups_32.c
reboot.c
relocate_kernel_32.S
relocate_kernel_64.S
resource.c
rethook.c
rtc.c
setup_percpu.c
setup.c
sev_verify_cbit.S
sev-shared.c x86/sev: Move early startup code into .head.text section 2024-04-27 17:07:07 +02:00
sev.c x86/sev: Move early startup code into .head.text section 2024-04-27 17:07:07 +02:00
signal_compat.c
signal.c
smp.c
smpboot.c
stacktrace.c
static_call.c x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 2025-02-21 13:50:09 +01:00
step.c
sys_ia32.c
sys_x86_64.c
tboot.c
time.c x86: stop playing stack games in profile_pc() 2024-07-05 09:31:51 +02:00
tls.c
tls.h
topology.c
trace_clock.c
trace.c
tracepoint.c
traps.c
tsc_msr.c
tsc_sync.c x86/tsc: Trust initial offset in architectural TSC-adjust MSRs 2024-06-12 11:02:54 +02:00
tsc.c
umip.c
unwind_frame.c
unwind_guess.c
unwind_orc.c
uprobes.c
verify_cpu.S
vm86_32.c
vmlinux.lds.S
vsmp_64.c
x86_init.c