Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1231053imm; Wed, 20 Jun 2018 14:03:10 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI3NIPNfBskXdZ9LgFX0hSQIeAxZPnuFwIYfn3rRg6r0oM24EOfxbpg+2wbRyNzFp1ZQlsa X-Received: by 2002:a65:6008:: with SMTP id m8-v6mr20326535pgu.134.1529528590545; Wed, 20 Jun 2018 14:03:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529528590; cv=none; d=google.com; s=arc-20160816; b=EfVLIlQ4Gr/4FF9KgRtoWo19x//WTgoUI9qvNZfPtd4FFOS/pWwB7ncbOHKo15+iKZ jNkQi4s47jtwqzu8OXDuciZpIl88GE6GMm3GmI9g3PM6RWZPmpdokouyjscsSIK8oCrw Ek8UawqTzJly1AwvzC64uCD+VFJmiHIeqy2lHvH+jlK+tyYmL3lV1i/neKc6gMS11AUl HjFBfv0Yl4ocutU55Lu4izwYUC+2D1Hg+O4sB/5fpLIpnDNMOcP4VdN43xOb6K01G3no BO3qJzlvOW/5kdSjkfQAqzKFmAfg5z4EBtNbG6y6/ssMeFlXPYh/8AtqhcCu8hpBiVz3 8cTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=JN42YyZkdqrUuG8lMyl2DPE2UliXVmLFtPJkGQNSPgg=; b=LEQZIvh53AB/E/oWDdC9JcW45H5dkH592OEB+GvP0V6qimFaQoLhOZ8qn0LYG3YUQW kxAImsUSHPcxwNBVFKONmT5nga1mLQmvar8ZL/LXtvErRvbFOQkNqDBW7F8CoPn8aWlM JN3LunORxkU+6nxpeYU2JSTbXejtp1fYrHiKaKKIUQwOPuT0yYtLS2yBlhmVEFVy+x8i bc+d3DQa+jgIoMEbsn1Q7OFQwReWKNA1c2hfVlyGOLd8pAjB6DfwQAu5K1uMk5+8jM3u 7HQkIXE7xVOy9Wj7Vshr1UfYH+Z+pA0yUTCjK3KrLpJw8YjVTCtI8BgcssQpGeLZv2Ze Fflg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l1-v6si2570155pgb.187.2018.06.20.14.02.56; Wed, 20 Jun 2018 14:03:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933344AbeFTVCF (ORCPT + 99 others); Wed, 20 Jun 2018 17:02:05 -0400 Received: from mga18.intel.com ([134.134.136.126]:38425 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932690AbeFTVCE (ORCPT ); Wed, 20 Jun 2018 17:02:04 -0400 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Jun 2018 14:02:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,249,1526367600"; d="scan'208";a="234239676" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.135]) by orsmga005.jf.intel.com with ESMTP; 20 Jun 2018 14:01:59 -0700 Date: Wed, 20 Jun 2018 14:01:59 -0700 From: Sean Christopherson To: Jethro Beekman Cc: Nathaniel McCallum , luto@kernel.org, Neil Horman , jarkko.sakkinen@linux.intel.com, x86@kernel.org, platform-driver-x86@vger.kernel.org, linux-kernel@vger.kernel.org, mingo@redhat.com, intel-sgx-kernel-dev@lists.01.org, hpa@zytor.com, dvhart@infradead.org, tglx@linutronix.de, andy@infradead.org, Peter Jones Subject: Re: [intel-sgx-kernel-dev] [PATCH v11 13/13] intel_sgx: in-kernel launch enclave Message-ID: <20180620210158.GA24328@linux.intel.com> References: <20180608171216.26521-14-jarkko.sakkinen@linux.intel.com> <20180611115255.GC22164@hmswarspite.think-freely.org> <20180612174535.GE19168@hmswarspite.think-freely.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 20, 2018 at 11:39:00AM -0700, Jethro Beekman wrote: > On 2018-06-20 11:16, Jethro Beekman wrote: > > > This last bit is also repeated in different words in Table 35-2 and > > > Section 42.2.2. The MSRs are *not writable* before the write-lock bit > > > itself is locked. Meaning the MSRs are either locked with Intel's key > > > hash, or not locked at all. > > Actually, this might be a documentation bug. I have some test hardware and I > was able to configure the MSRs in the BIOS and then read the MSRs after boot > like this: > > MSR 0x3a 0x0000000000040005 > MSR 0x8c 0x20180620aaaaaaaa > MSR 0x8d 0x20180620bbbbbbbb > MSR 0x8e 0x20180620cccccccc > MSR 0x8f 0x20180620dddddddd > > Since this is not production hardware, it could also be a CPU bug of course. > > If it is indeed possible to configure AND lock the MSR values to non-Intel > values, I'm very much in favor of Nathaniels proposal to treat the launch > enclave like any other firmware blob. It's not a CPU or documentation bug (though the latter is arguable). SGX has an activation step that is triggered by doing a WRMSR(0x7a) with bit 0 set. Until SGX is activated, the SGX related bits in IA32_FEATURE_CONTROL cannot be set, i.e. SGX can't be enabled. But, the LE hash MSRs are fully writable prior to activation, e.g. to allow firmware to lock down the LE key with a non-Intel value. So yes, it's possible to lock the MSRs to a non-Intel value. The obvious caveat is that whatever blob is used to write the MSRs would need be executed prior to activation. As for the SDM, it's a documentation... omission? SGX activation is intentionally omitted from the SDM. The intended usage model is that firmware will always do the activation (if it wants SGX enabled), i.e. post-firmware software will only ever "see" SGX as disabled or in the fully activated state, and so the SDM doesn't describe SGX behavior prior to activation. I believe the activation process, or at least what is required from firmware, is documented in the BIOS writer's guide. > Jethro Beekman | Fortanix >