| Message ID | 20170508052434.3627-12-kai.huang@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Oops.. Please ignore this patch :) Thanks, -Kai On 5/8/2017 5:24 PM, Kai Huang wrote: > even this bit is not set by BIOS, current ucode patch allows write to > IA32_SGXLEPUBKEYHASHn. > --- > arch/x86/kvm/vmx.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 1022295ba925..9e687ce45b48 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -2254,12 +2254,20 @@ static void decache_tsc_multiplier(struct vcpu_vmx *vmx) > vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio); > } > > +#define UCODE_PATCH > static bool cpu_sgx_lepubkeyhash_writable(void) > { > u64 val, sgx_lc_enabled_mask = (FEATURE_CONTROL_LOCKED | > FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE); > > rdmsrl(MSR_IA32_FEATURE_CONTROL, val); > +#ifdef UCODE_PATCH > + /* > + * current ucode patch can support write to IA32_SGXLEPUBKEYHASHn > + * even if FEATURE_CONTROL[17] is not set. > + */ > + val |= FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE; > +#endif > > return ((val & sgx_lc_enabled_mask) == sgx_lc_enabled_mask); > } >
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 1022295ba925..9e687ce45b48 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2254,12 +2254,20 @@ static void decache_tsc_multiplier(struct vcpu_vmx *vmx) vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio); } +#define UCODE_PATCH static bool cpu_sgx_lepubkeyhash_writable(void) { u64 val, sgx_lc_enabled_mask = (FEATURE_CONTROL_LOCKED | FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE); rdmsrl(MSR_IA32_FEATURE_CONTROL, val); +#ifdef UCODE_PATCH + /* + * current ucode patch can support write to IA32_SGXLEPUBKEYHASHn + * even if FEATURE_CONTROL[17] is not set. + */ + val |= FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE; +#endif return ((val & sgx_lc_enabled_mask) == sgx_lc_enabled_mask); }