[PATCH v22 04/24] x86/cpu/intel: Detect SGX supprt

From: Jarkko Sakkinen
Date: Tue Sep 03 2019 - 10:27:45 EST

Next message: Jarkko Sakkinen: "[PATCH v22 05/24] x86/sgx: Add ENCLS architectural error codes"
Previous message: Alessio Balsini: "Re: [RFC][PATCH 00/13] SCHED_DEADLINE server infrastructure"
In reply to: Jarkko Sakkinen: "[PATCH v22 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX"
Next in thread: Jarkko Sakkinen: "[PATCH v22 05/24] x86/sgx: Add ENCLS architectural error codes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>

When the CPU supports SGX, check that the BIOS has enabled SGX and SGX1
opcodes are available. Otherwise, all the SGX related capabilities.

In addition, clear X86_FEATURE_SGX_LC also in the case when the launch
enclave are read-only. This way the feature bit reflects the level that
Linux supports the launch control.

Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Co-developed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/intel.c | 39 +++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 8d6d92ebeb54..777ea63b4f85 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -623,6 +623,42 @@ static void detect_tme(struct cpuinfo_x86 *c)
c->x86_phys_bits -= keyid_bits;
}

+static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c)
+{
+ unsigned long long fc;
+
+ rdmsrl(MSR_IA32_FEATURE_CONTROL, fc);
+ if (!(fc & FEATURE_CONTROL_LOCKED)) {
+ pr_err_once("sgx: The feature control MSR is not locked\n");
+ goto err_unsupported;
+ }
+
+ if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) {
+ pr_err_once("sgx: SGX is not enabled in IA32_FEATURE_CONTROL MSR\n");
+ goto err_unsupported;
+ }
+
+ if (!cpu_has(c, X86_FEATURE_SGX1)) {
+ pr_err_once("sgx: SGX1 instruction set is not supported\n");
+ goto err_unsupported;
+ }
+
+ if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) {
+ pr_info_once("sgx: The launch control MSRs are not writable\n");
+ goto err_msrs_rdonly;
+ }
+
+ return;
+
+err_unsupported:
+ setup_clear_cpu_cap(X86_FEATURE_SGX);
+ setup_clear_cpu_cap(X86_FEATURE_SGX1);
+ setup_clear_cpu_cap(X86_FEATURE_SGX2);
+
+err_msrs_rdonly:
+ setup_clear_cpu_cap(X86_FEATURE_SGX_LC);
+}
+
static void init_cpuid_fault(struct cpuinfo_x86 *c)
{
u64 msr;
@@ -760,6 +796,9 @@ static void init_intel(struct cpuinfo_x86 *c)
if (cpu_has(c, X86_FEATURE_TME))
detect_tme(c);

+ if (IS_ENABLED(CONFIG_INTEL_SGX) && cpu_has(c, X86_FEATURE_SGX))
+ detect_sgx(c);
+
init_intel_misc_features(c);
}

--
2.20.1

Next message: Jarkko Sakkinen: "[PATCH v22 05/24] x86/sgx: Add ENCLS architectural error codes"
Previous message: Alessio Balsini: "Re: [RFC][PATCH 00/13] SCHED_DEADLINE server infrastructure"
In reply to: Jarkko Sakkinen: "[PATCH v22 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX"
Next in thread: Jarkko Sakkinen: "[PATCH v22 05/24] x86/sgx: Add ENCLS architectural error codes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]