Re: [PATCH v32 08/21] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections

From: Randy Dunlap
Date: Mon Jun 01 2020 - 11:15:36 EST


Hi,

Sorry I didn't respond to v31 with this so that it could
have been fixed in v32.

On 6/1/20 12:52 AM, Jarkko Sakkinen wrote:
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 2d3f963fd6f1..d246c6071e8d 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1948,6 +1948,22 @@ config X86_INTEL_TSX_MODE_AUTO
> side channel attacks- equals the tsx=auto command line parameter.
> endchoice
>
> +config INTEL_SGX
> + bool "Intel SGX"
> + depends on X86_64 && CPU_SUP_INTEL
> + depends on CRYPTO=y
> + depends on CRYPTO_SHA256=y
> + select SRCU
> + select MMU_NOTIFIER
> + help
> + Intel(R) SGX is a set of CPU instructions that can be used by
> + applications to set aside private regions of code and data, referred
> + to as enclaves. An enclave's private memory can only be accessed by
> + code running within the enclave. Accesses from outside the enclave,
> + including other enclaves, are disallowed by hardware.

Either the prompt
bool "Intel SGX"
or the help text should tell us what SGX means.
(Software Guard eXtensions)

> +
> + If unsure, say N.
> +
> config EFI
> bool "EFI runtime service support"
> depends on ACPI

thanks.
--
~Randy