git.baikalelectronics.ru Git - kernel.git/commit

KVM: VMX: Add emulation of SGX Launch Control LE hash MSRs

Emulate the four Launch Enclave public key hash MSRs (LE hash MSRs) that
exist on CPUs that support SGX Launch Control (LC). SGX LC modifies the
behavior of ENCLS[EINIT] to use the LE hash MSRs when verifying the key
used to sign an enclave. On CPUs without LC support, the LE hash is
hardwired into the CPU to an Intel controlled key (the Intel key is also
the reset value of the LE hash MSRs). Track the guest's desired hash so
that a future patch can stuff the hash into the hardware MSRs when
executing EINIT on behalf of the guest, when those MSRs are writable in
host.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Message-Id: <c58ef601ddf88f3a113add837969533099b1364a.1618196135.git.kai.huang@intel.com>
[Add a comment regarding the MSRs being available until SGX is locked.
- Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

author	Sean Christopherson <sean.j.christopherson@intel.com>
	Mon, 12 Apr 2021 04:21:40 +0000 (16:21 +1200)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 20 Apr 2021 08:18:55 +0000 (04:18 -0400)
commit	89bdd23a5ac8bd17c50e1d2c72877f340789e781
tree	f0f514b3303c572d362898b41004166b37bcd902	tree \| snapshot
parent	6327813375b481732d285814350e47a6013f9069	commit \| diff

arch/x86/kvm/vmx/sgx.c		diff \| blob \| history
arch/x86/kvm/vmx/sgx.h		diff \| blob \| history
arch/x86/kvm/vmx/vmx.c		diff \| blob \| history
arch/x86/kvm/vmx/vmx.h		diff \| blob \| history