| Message ID | 20250309165805.8996-2-vdronov@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled | expand |
On Sun, Mar 09, 2025 at 05:58:06PM +0100, Vladis Dronov wrote: > A kernel requires X86_FEATURE_SGX_LC to be able to create SGX enclaves. > There is quite a number of hardware which has X86_FEATURE_SGX but not > X86_FEATURE_SGX_LC. A kernel running on such a hardware does not create > /dev/sgx* devices silently. Explicitly warn if X86_FEATURE_SGX_LC is not > enabled to properly nofity a user about this condition. ~~~~~~ notify > > The X86_FEATURE_SGX_LC is a CPU feature that enables LE hash MSRs to be > writable when running native enclaves, i.e. using a custom root key rather > than the Intel proprietary key for enclave signing. > > Signed-off-by: Vladis Dronov <vdronov@redhat.com> > --- > > an out-of-commit-message note: > > I've hit this issue myself and have spent some time researching where are > my /dev/sgx* devices on an SGX-enabled hardware, so this is a bit personal. > > Links related: > https://github.com/intel/linux-sgx/issues/837 > https://patchwork.kernel.org/project/platform-driver-x86/patch/20180827185507.17087-3-jarkko.sakkinen@linux.intel.com/ > > arch/x86/kernel/cpu/sgx/driver.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c > index 22b65a5f5ec6..df4fbfaa6616 100644 > --- a/arch/x86/kernel/cpu/sgx/driver.c > +++ b/arch/x86/kernel/cpu/sgx/driver.c > @@ -150,8 +150,10 @@ int __init sgx_drv_init(void) > u64 xfrm_mask; > int ret; > > - if (!cpu_feature_enabled(X86_FEATURE_SGX_LC)) > + if (!cpu_feature_enabled(X86_FEATURE_SGX_LC)) { > + pr_err("SGX disabled: SGX launch control is not available.\n"); I think this should not be error, as the system is not failing. Since it is informative, it should be info-level message. > return -ENODEV; > + } > > cpuid_count(SGX_CPUID, 0, &eax, &ebx, &ecx, &edx); > > -- > 2.48.1 > BR, Jarkko
diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c index 22b65a5f5ec6..df4fbfaa6616 100644 --- a/arch/x86/kernel/cpu/sgx/driver.c +++ b/arch/x86/kernel/cpu/sgx/driver.c @@ -150,8 +150,10 @@ int __init sgx_drv_init(void) u64 xfrm_mask; int ret; - if (!cpu_feature_enabled(X86_FEATURE_SGX_LC)) + if (!cpu_feature_enabled(X86_FEATURE_SGX_LC)) { + pr_err("SGX disabled: SGX launch control is not available.\n"); return -ENODEV; + } cpuid_count(SGX_CPUID, 0, &eax, &ebx, &ecx, &edx);
A kernel requires X86_FEATURE_SGX_LC to be able to create SGX enclaves. There is quite a number of hardware which has X86_FEATURE_SGX but not X86_FEATURE_SGX_LC. A kernel running on such a hardware does not create /dev/sgx* devices silently. Explicitly warn if X86_FEATURE_SGX_LC is not enabled to properly nofity a user about this condition. The X86_FEATURE_SGX_LC is a CPU feature that enables LE hash MSRs to be writable when running native enclaves, i.e. using a custom root key rather than the Intel proprietary key for enclave signing. Signed-off-by: Vladis Dronov <vdronov@redhat.com> --- an out-of-commit-message note: I've hit this issue myself and have spent some time researching where are my /dev/sgx* devices on an SGX-enabled hardware, so this is a bit personal. Links related: https://github.com/intel/linux-sgx/issues/837 https://patchwork.kernel.org/project/platform-driver-x86/patch/20180827185507.17087-3-jarkko.sakkinen@linux.intel.com/ arch/x86/kernel/cpu/sgx/driver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)