Re: [PATCH v30 04/20] x86/sgx: Add SGX microarchitectural data structures

From: Sean Christopherson
Date: Wed May 20 2020 - 17:04:44 EST


On Wed, May 20, 2020 at 08:47:45PM +0200, Borislav Petkov wrote:
> On Fri, May 15, 2020 at 03:43:54AM +0300, Jarkko Sakkinen wrote:
> > +/**
> > + * struct sgx_sigstruct_header - defines author of the enclave
> > + * @header1: constant byte string
> > + * @vendor: must be either 0x0000 or 0x8086
>
> Out of pure curiosity: what is that about?
>
> Nothing in the patchset enforces this, so hw does? If so, why?

Yes, enforced by hardware during EINIT.

> Are those vendor IDs going to be assigned by someone or what's up?

No, the field has no real meaning or value, and there is no (and never was
any) intent to use it to create an OEM registry or anything of that nature.

It's effectively a reserved-0 field that happens to allow 0x8086 because of
legacy behavior within Intel's signing sytem. Intel signed enclaves
currently populate it with 0x8086, but future enclaves may change the vendor
to 0x0 just to avoid confusion. In short, software should ignore the field.