The SGX subsystem restricts access to a subset of enclave attributes to
provide additional security for an uncompromised kernel, e.g. to prevent
malware from using the PROVISIONKEY to ensure its nodes are running
inside a geniune SGX enclave and/or to obtain a stable fingerprint.
To prevent userspace from circumventing such restrictions by running an
enclave in a VM, KVM restricts guest access to privileged attributes by
default. Add a capability, KVM_CAP_SGX_ATTRIBUTE, that can be used by
userspace to grant a VM access to a priveleged attribute, with args[0]
holding a file handle to a valid SGX attribute file corresponding to
an attribute that is restricted by KVM (currently only PROVISIONKEY).
Cc: Andy Lutomirski <[email protected]>
Signed-off-by: Sean Christopherson <[email protected]>
---
Documentation/virtual/kvm/api.txt | 20 ++++++++++++++++++++
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/x86.c | 22 ++++++++++++++++++++++
include/uapi/linux/kvm.h | 1 +
4 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index 383b292966fa..b1c0ff4e9224 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -5013,6 +5013,26 @@ it hard or impossible to use it correctly. The availability of
KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 signals that those bugs are fixed.
Userspace should not try to use KVM_CAP_MANUAL_DIRTY_LOG_PROTECT.
+7.19 KVM_CAP_SGX_ATTRIBUTE
+
+Architectures: x86
+Parameters: args[0] is a file handle of a SGX attribute file in securityfs
+Returns: 0 on success, -EINVAL if the file handle is invalid or if a requested
+ attribute is not supported by KVM.
+
+The SGX subsystem restricts access to a subset of enclave attributes, e.g. the
+PROVISIONKEY, to provide additional security for an uncompromised kernel, e.g.
+to prevent malware from using the PROVISIONKEY to ensure its nodes are running
+inside a geniune SGX enclave and/or to obtain a stable system fingerprint.
+
+To prevent userspace from circumventing such restrictions by running an enclave
+in a VM, KVM prevents access to privileged attributes by default. Userspace
+can use KVM_CAP_SGX_ATTRIBUTE to grant a VM access to a priveleged attribute.
+args[0] must hold a file handle to a valid SGX attribute file corresponding to
+an attribute that is supported/restricted by KVM (currently only PROVISIONKEY).
+
+See Documentation/x86/sgx/2.Kernel-internals.rst for more details.
+
8. Other capabilities.
----------------------
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 73a0326a1968..73af09edb2fa 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -439,7 +439,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
/* cpuid 12.1.eax*/
const u32 kvm_cpuid_12_1_eax_sgx_features =
- SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | 0 /* PROVISIONKEY */ |
+ SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_PROVISIONKEY |
SGX_ATTR_EINITTOKENKEY | SGX_ATTR_KSS;
/* cpuid 12.1.ebx*/
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ec92c5534336..9144909d4a8e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -67,6 +67,8 @@
#include <asm/mshyperv.h>
#include <asm/hypervisor.h>
#include <asm/intel_pt.h>
+#include <asm/sgx.h>
+#include <asm/sgx_arch.h>
#include <clocksource/hyperv_timer.h>
#define CREATE_TRACE_POINTS
@@ -3090,6 +3092,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
case KVM_CAP_GET_MSR_FEATURES:
case KVM_CAP_MSR_PLATFORM_INFO:
case KVM_CAP_EXCEPTION_PAYLOAD:
+#ifdef CONFIG_INTEL_SGX_VIRTUALIZATION
+ case KVM_CAP_SGX_ATTRIBUTE:
+#endif
r = 1;
break;
case KVM_CAP_SYNC_REGS:
@@ -4626,6 +4631,23 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
kvm->arch.exception_payload_enabled = cap->args[0];
r = 0;
break;
+#ifdef CONFIG_INTEL_SGX_VIRTUALIZATION
+ case KVM_CAP_SGX_ATTRIBUTE: {
+ u64 allowed_attributes = 0;
+
+ r = sgx_set_attribute(&allowed_attributes, cap->args[0]);
+ if (r)
+ break;
+
+ /* KVM only supports the PROVISIONKEY privileged attribute. */
+ if ((allowed_attributes & SGX_ATTR_PROVISIONKEY) &&
+ !(allowed_attributes & ~SGX_ATTR_PROVISIONKEY))
+ kvm->arch.sgx_provisioning_allowed = true;
+ else
+ r = -EINVAL;
+ break;
+ }
+#endif
default:
r = -EINVAL;
break;
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 2fe12b40d503..b16708c2b6c9 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -993,6 +993,7 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_ARM_SVE 170
#define KVM_CAP_ARM_PTRAUTH_ADDRESS 171
#define KVM_CAP_ARM_PTRAUTH_GENERIC 172
+#define KVM_CAP_SGX_ATTRIBUTE 200
#ifdef KVM_CAP_IRQ_ROUTING
--
2.22.0
On Fri, Jul 26, 2019 at 10:52 PM Sean Christopherson
<[email protected]> wrote:
>
> The SGX subsystem restricts access to a subset of enclave attributes to
> provide additional security for an uncompromised kernel, e.g. to prevent
> malware from using the PROVISIONKEY to ensure its nodes are running
> inside a geniune SGX enclave and/or to obtain a stable fingerprint.
>
> To prevent userspace from circumventing such restrictions by running an
> enclave in a VM, KVM restricts guest access to privileged attributes by
> default. Add a capability, KVM_CAP_SGX_ATTRIBUTE, that can be used by
> userspace to grant a VM access to a priveleged attribute, with args[0]
> holding a file handle to a valid SGX attribute file corresponding to
> an attribute that is restricted by KVM (currently only PROVISIONKEY).
Looks good to me. Thanks!
> +can use KVM_CAP_SGX_ATTRIBUTE to grant a VM access to a priveleged attribute.
Spelling.