[PATCH v22 04/24] x86/cpu/intel: Detect SGX supprt

Tue, 03 Sep 2019 07:27:55 -0700 

From: Sean Christopherson <[email protected]>

When the CPU supports SGX, check that the BIOS has enabled SGX and SGX1
opcodes are available. Otherwise, all the SGX related capabilities.

In addition, clear X86_FEATURE_SGX_LC also in the case when the launch
enclave are read-only. This way the feature bit reflects the level that
Linux supports the launch control.

Signed-off-by: Sean Christopherson <[email protected]>
Co-developed-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
---
 arch/x86/kernel/cpu/intel.c | 39 +++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 8d6d92ebeb54..777ea63b4f85 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -623,6 +623,42 @@ static void detect_tme(struct cpuinfo_x86 *c)
        c->x86_phys_bits -= keyid_bits;
 }
 
+static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c)
+{
+       unsigned long long fc;
+
+       rdmsrl(MSR_IA32_FEATURE_CONTROL, fc);
+       if (!(fc & FEATURE_CONTROL_LOCKED)) {
+               pr_err_once("sgx: The feature control MSR is not locked\n");
+               goto err_unsupported;
+       }
+
+       if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) {
+               pr_err_once("sgx: SGX is not enabled in IA32_FEATURE_CONTROL 
MSR\n");
+               goto err_unsupported;
+       }
+
+       if (!cpu_has(c, X86_FEATURE_SGX1)) {
+               pr_err_once("sgx: SGX1 instruction set is not supported\n");
+               goto err_unsupported;
+       }
+
+       if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) {
+               pr_info_once("sgx: The launch control MSRs are not writable\n");
+               goto err_msrs_rdonly;
+       }
+
+       return;
+
+err_unsupported:
+       setup_clear_cpu_cap(X86_FEATURE_SGX);
+       setup_clear_cpu_cap(X86_FEATURE_SGX1);
+       setup_clear_cpu_cap(X86_FEATURE_SGX2);
+
+err_msrs_rdonly:
+       setup_clear_cpu_cap(X86_FEATURE_SGX_LC);
+}
+
 static void init_cpuid_fault(struct cpuinfo_x86 *c)
 {
        u64 msr;
@@ -760,6 +796,9 @@ static void init_intel(struct cpuinfo_x86 *c)
        if (cpu_has(c, X86_FEATURE_TME))
                detect_tme(c);
 
+       if (IS_ENABLED(CONFIG_INTEL_SGX) && cpu_has(c, X86_FEATURE_SGX))
+               detect_sgx(c);
+
        init_intel_misc_features(c);
 }
 
-- 
2.20.1

Reply via email to