From: Jarkko Sakkinen <jarkko@kernel.org>
To: Vladis Dronov <vdronov@redhat.com>
Cc: linux-sgx@vger.kernel.org,
Dave Hansen <dave.hansen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
Date: Mon, 10 Mar 2025 11:44:32 +0200 [thread overview]
Message-ID: <Z860gFRrwI8Cxycq@kernel.org> (raw)
In-Reply-To: <20250309165805.8996-2-vdronov@redhat.com>
On Sun, Mar 09, 2025 at 05:58:06PM +0100, Vladis Dronov wrote:
> A kernel requires X86_FEATURE_SGX_LC to be able to create SGX enclaves.
> There is quite a number of hardware which has X86_FEATURE_SGX but not
> X86_FEATURE_SGX_LC. A kernel running on such a hardware does not create
> /dev/sgx* devices silently. Explicitly warn if X86_FEATURE_SGX_LC is not
> enabled to properly nofity a user about this condition.
~~~~~~
notify
>
> The X86_FEATURE_SGX_LC is a CPU feature that enables LE hash MSRs to be
> writable when running native enclaves, i.e. using a custom root key rather
> than the Intel proprietary key for enclave signing.
>
> Signed-off-by: Vladis Dronov <vdronov@redhat.com>
> ---
>
> an out-of-commit-message note:
>
> I've hit this issue myself and have spent some time researching where are
> my /dev/sgx* devices on an SGX-enabled hardware, so this is a bit personal.
>
> Links related:
> https://github.com/intel/linux-sgx/issues/837
> https://patchwork.kernel.org/project/platform-driver-x86/patch/20180827185507.17087-3-jarkko.sakkinen@linux.intel.com/
>
> arch/x86/kernel/cpu/sgx/driver.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c
> index 22b65a5f5ec6..df4fbfaa6616 100644
> --- a/arch/x86/kernel/cpu/sgx/driver.c
> +++ b/arch/x86/kernel/cpu/sgx/driver.c
> @@ -150,8 +150,10 @@ int __init sgx_drv_init(void)
> u64 xfrm_mask;
> int ret;
>
> - if (!cpu_feature_enabled(X86_FEATURE_SGX_LC))
> + if (!cpu_feature_enabled(X86_FEATURE_SGX_LC)) {
> + pr_err("SGX disabled: SGX launch control is not available.\n");
I think this should not be error, as the system is not failing.
Since it is informative, it should be info-level message.
> return -ENODEV;
> + }
>
> cpuid_count(SGX_CPUID, 0, &eax, &ebx, &ecx, &edx);
>
> --
> 2.48.1
>
BR, Jarkko
prev parent reply other threads:[~2025-03-10 9:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-09 16:58 [PATCH] x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Vladis Dronov
2025-03-10 9:44 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z860gFRrwI8Cxycq@kernel.org \
--to=jarkko@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=vdronov@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.