From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754321AbdK1Urh (ORCPT <rfc822;w@1wt.eu>);
        Tue, 28 Nov 2017 15:47:37 -0500
Received: from mga02.intel.com ([134.134.136.20]:53783 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753102AbdK1Urf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Nov 2017 15:47:35 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,468,1505804400"; 
   d="scan'208";a="154138893"
Date: Tue, 28 Nov 2017 22:47:34 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: platform-driver-x86@vger.kernel.org, x86@kernel.org,
        linux-kernel@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
        Len Brown <len.brown@intel.com>, Kyle Huey <me@kylehuey.com>,
        Haim Cohen <haim.cohen@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Jim Mattson <jmattson@google.com>,
        Grzegorz Andrejczuk <grzegorz.andrejczuk@intel.com>
Subject: Re: [PATCH v6 03/11] x86: define IA32_FEATURE_CONTROL.SGX_ENABLE
Message-ID: <20171128204734.gcz2y3pold4nyhxe@linux.intel.com>
References: <20171125193132.24321-1-jarkko.sakkinen@linux.intel.com>
 <20171125193132.24321-4-jarkko.sakkinen@linux.intel.com>
 <1511889198.9392.56.camel@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1511889198.9392.56.camel@intel.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Nov 28, 2017 at 09:13:18AM -0800, Sean Christopherson wrote:
> On Sat, 2017-11-25 at 21:29 +0200, Jarkko Sakkinen wrote:
> > From: Sean Christopherson <sean.j.christopherson@intel.com>
> > 
> > When IA32_FEATURE_CONTROL.SGX_ENABLE and IA32_FEATURE_CONTROL.LOCK are
> > set by the pre-boot firmware, SGX is usable by the OS.
> 
> This implies that only pre-boot firmware can write feature control, which is not
> true.  What about:
> 
>     SGX instructions (ENCLS and ENCLU) are usable if and only if SGX_ENABLE is
>     set in the IA32_FEATURE_CONTROL MSR and said MSR is locked.

You are correct, thanks. I'll fix this for v7.

/Jarkko