hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a824c44e4b
sst-linux/arch/x86/kernel/cpu
History
Vladis Dronov 34988d2e0c x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled 
[ Upstream commit 65be5c95d08eedda570a6c888a12384c77fe7614 ]

The kernel requires X86_FEATURE_SGX_LC to be able to create SGX enclaves,
not just X86_FEATURE_SGX.

There is quite a number of hardware which has X86_FEATURE_SGX but not
X86_FEATURE_SGX_LC. A kernel running on such hardware does not create
the /dev/sgx_enclave file and does so silently.

Explicitly warn if X86_FEATURE_SGX_LC is not enabled to properly notify
users that the kernel disabled the SGX driver.

The X86_FEATURE_SGX_LC, a.k.a. SGX Launch Control, is a CPU feature
that enables LE (Launch Enclave) hash MSRs to be writable (with
additional opt-in required in the 'feature control' MSR) when running
enclaves, i.e. using a custom root key rather than the Intel proprietary
key for enclave signing.

I've hit this issue myself and have spent some time researching where
my /dev/sgx_enclave file went on SGX-enabled hardware.

Related links:

  https://github.com/intel/linux-sgx/issues/837
  https://patchwork.kernel.org/project/platform-driver-x86/patch/20180827185507.17087-3-jarkko.sakkinen@linux.intel.com/

[ mingo: Made the error message a bit more verbose, and added other cases
         where the kernel fails to create the /dev/sgx_enclave device node. ]

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Kai Huang <kai.huang@intel.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20250309172215.21777-2-vdronov@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-04-10 14:33:39 +02:00
..
mce
microcode x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes 2025-03-28 21:58:56 +01:00
mtrr
resctrl x86/resctrl: Avoid overflow in MB settings in bw_validate() 2024-11-01 01:55:57 +01:00
sgx x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled 2025-04-10 14:33:39 +02:00
.gitignore
acrn.c
amd.c x86/barrier: Do not serialize MSR accesses on AMD 2024-12-14 19:53:13 +01:00
aperfmperf.c
bugs.c cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS 2025-03-13 12:53:11 +01:00
cacheinfo.c x86/cacheinfo: Validate CPUID leaf 0x2 EDX output 2025-03-13 12:53:13 +01:00
centaur.c
common.c x86: make get_cpu_vendor() accessible from Xen code 2024-12-19 18:08:57 +01:00
cpu.h
cpuid-deps.c
cyrix.c x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems 2025-03-07 16:56:47 +01:00
feat_ctl.c
hygon.c x86/barrier: Do not serialize MSR accesses on AMD 2024-12-14 19:53:13 +01:00
hypervisor.c
intel_epb.c
intel_pconfig.c
intel.c x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 2025-03-13 12:53:14 +01:00
Makefile
match.c
mkcapflags.sh
mshyperv.c clockevents/drivers/i8253: Fix stop sequence for timer 0 2025-03-28 21:58:48 +01:00
perfctr-watchdog.c
powerflags.c
proc.c
rdrand.c
scattered.c
topology.c
transmeta.c
tsx.c
umc.c
umwait.c
vmware.c
vortex.c
zhaoxin.c