* Re: [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs
[not found] ` <20220309104050.18207-10-cathy.zhang@intel.com>
@ 2022-03-09 11:20 ` Borislav Petkov
2022-03-09 15:42 ` Dave Hansen
2022-03-10 5:15 ` Zhang, Cathy
0 siblings, 2 replies; 4+ messages in thread
From: Borislav Petkov @ 2022-03-09 11:20 UTC (permalink / raw)
To: Cathy Zhang; +Cc: linux-sgx, x86, dave.hansen, lkml
On all your patches for the future: don't forget to Cc LKML.
On Wed, Mar 09, 2022 at 06:40:48PM +0800, Cathy Zhang wrote:
> EUPDATESVN is the SGX instruction which allows enclave attestation
> to include information about updated microcode without a reboot.
>
> Microcode updates which affect SGX require two phases:
>
> 1. Do the main microcode update
> 2. Make the new CPUSVN available for enclave attestation via
> EUPDATESVN.
>
> Before a EUPDATESVN can succeed, all enclave pages (EPC) must be
> marked as unused in the SGX metadata (EPCM). This operation destroys
> all preexisting SGX enclave data and metadata. This is by design and
> mitigates the impact of vulnerabilities that may have compromised
> enclaves or the SGX hardware itself prior to the update.
>
> Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>
> ---
> arch/x86/include/asm/microcode.h | 5 ++++
> arch/x86/include/asm/sgx.h | 5 ++++
> arch/x86/kernel/cpu/microcode/core.c | 44 ++++++++++++++++++++++++++++
Why is all this code here at all?
What does that have *actually* to do with microcode loading?
AFAICT, you want to hook into microcode_check() which runs after the
microcode update and do your EUPDATESVN there...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs
2022-03-09 11:20 ` [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs Borislav Petkov
@ 2022-03-09 15:42 ` Dave Hansen
2022-03-09 15:48 ` Borislav Petkov
2022-03-10 5:15 ` Zhang, Cathy
1 sibling, 1 reply; 4+ messages in thread
From: Dave Hansen @ 2022-03-09 15:42 UTC (permalink / raw)
To: Borislav Petkov, Cathy Zhang; +Cc: linux-sgx, x86, lkml
On 3/9/22 03:20, Borislav Petkov wrote:
> AFAICT, you want to hook into microcode_check() which runs after the
> microcode update and do your EUPDATESVN there...
There's a little bit in the cover letter that _implies_ why EUPDATESVN
isn't called during the actual microcode update:
> This series implements the infrastructure needed to track and tear
> down bare-metal enclaves and then run EUPDATESVN. This is expected
> to be triggered by administrators via sysfs at some convenient time
> after a microcode update, probably by the microcode update tooling
> itself.
This allows the (non-destructive) ucode update and the destructive
EUPDATESVN procedure to happen at different times.
If we just want to make the ucode update itself call EUPDATESVN via
microcode_check(), that makes the ucode update itself destructive to SGX
enclaves. That's not the end of the world, but this series is going to
some amount of trouble (including new ABI) to avoid it.
Perhaps we need to hear more about why this is so much of an issue.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs
2022-03-09 15:42 ` Dave Hansen
@ 2022-03-09 15:48 ` Borislav Petkov
0 siblings, 0 replies; 4+ messages in thread
From: Borislav Petkov @ 2022-03-09 15:48 UTC (permalink / raw)
To: Dave Hansen; +Cc: Cathy Zhang, linux-sgx, x86, lkml
On Wed, Mar 09, 2022 at 07:42:21AM -0800, Dave Hansen wrote:
> There's a little bit in the cover letter that _implies_ why EUPDATESVN
> isn't called during the actual microcode update:
>
> > This series implements the infrastructure needed to track and tear
> > down bare-metal enclaves and then run EUPDATESVN. This is expected
> > to be triggered by administrators via sysfs at some convenient time
> > after a microcode update, probably by the microcode update tooling
> > itself.
>
> This allows the (non-destructive) ucode update and the destructive
> EUPDATESVN procedure to happen at different times.
Which means, that this has even less to do with the microcode loader.
That whole glue can be somewhere in arch/x86/...sgx/ land and be
completely independent.
> If we just want to make the ucode update itself call EUPDATESVN via
> microcode_check(), that makes the ucode update itself destructive to SGX
> enclaves. That's not the end of the world, but this series is going to
> some amount of trouble (including new ABI) to avoid it.
>
> Perhaps we need to hear more about why this is so much of an issue.
Yah, it all sounds weird.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs
2022-03-09 11:20 ` [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs Borislav Petkov
2022-03-09 15:42 ` Dave Hansen
@ 2022-03-10 5:15 ` Zhang, Cathy
1 sibling, 0 replies; 4+ messages in thread
From: Zhang, Cathy @ 2022-03-10 5:15 UTC (permalink / raw)
To: Borislav Petkov
Cc: linux-sgx@vger.kernel.org, x86@kernel.org, Hansen, Dave, lkml
> On all your patches for the future: don't forget to Cc LKML.
Thanks Boris! I will do it.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-10 5:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20220309104050.18207-1-cathy.zhang@intel.com>
[not found] ` <20220309104050.18207-10-cathy.zhang@intel.com>
2022-03-09 11:20 ` [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via sysfs Borislav Petkov
2022-03-09 15:42 ` Dave Hansen
2022-03-09 15:48 ` Borislav Petkov
2022-03-10 5:15 ` Zhang, Cathy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox