On Mon, 2025-08-11 at 12:06 +0300, Elena Reshetova wrote: > Currently, when SGX is compromised and the microcode update fix is applied, > the machine needs to be rebooted to invalidate old SGX crypto-assets and > make SGX be in an updated safe state. It's not friendly for the cloud. > > To avoid having to reboot, a new ENCLS[EUPDATESVN] is introduced to update > SGX environment at runtime. This process needs to be done when there's no > SGX users to make sure no compromised enclaves can survive from the update > and allow the system to regenerate crypto-assets. > > For now there's no counter to track the active SGX users of host enclave > and virtual EPC. Introduce such counter mechanism so that the EUPDATESVN > can be done only when there's no SGX users. > > Define placeholder functions sgx_inc/dec_usage_count() that are used to > increment and decrement such a counter. Also, wire the call sites for > these functions. Encapsulate the current sgx_(vepc_)open() to > __sgx_(vepc_)open() to make the new sgx_(vepc_)open() easy to read. > > The definition of the counter itself and the actual implementation of > sgx_inc/dec_usage_count() functions come next. > > Note: The EUPDATESVN, which may fail, will be done in > sgx_inc_usage_count(). Make it return 'int' to make subsequent patches > which implement EUPDATESVN easier to review. For now it always returns > success. > > Suggested-by: Sean Christopherson <sea...@google.com> > Reviewed-by: Jarkko Sakkinen <jar...@kernel.org> > Signed-off-by: Elena Reshetova <elena.reshet...@intel.com>
Reviewed-by: Kai Huang <kai.hu...@intel.com>
