Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp7275949ybi;
        Wed, 5 Jun 2019 14:30:44 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzjyUS941cCR7ckCkFEn6cPfelHOu7iKjUURDyUuCXb71EslEkQQsEqPMdTKDVEV1+z3V8y
X-Received: by 2002:a65:6398:: with SMTP id h24mr1119962pgv.446.1559770244567;
        Wed, 05 Jun 2019 14:30:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559770244; cv=none;
        d=google.com; s=arc-20160816;
        b=WHrTpsR/xTy7vNgbAI03YR0+W+cfYEvJYB36jP7RIrEYCJaIXuLLfUVeDF/7NEscNu
         21xU86oxNl/ISuMDxikzu9i9Ga1kmjeKF/5gKSQ0Y2D7Sm5mOmj6p3xVDvS/vfYDChdG
         1vqWeskH9smOOWqxdT4fPndM1TfQTtBNe2RStBKqtHS31gTimdl8O7IXBI/5SP9cTJU3
         3ZnoPR2otk1SMjMXOeTAe9UbZYI8E76sMOB2ik3cBd/BL3tcU+yK89FdEpraL7Ly4Ntz
         4mTSVFsDoBMhcAYKC9vy/ZIqeoJ2Hfg6M9FIwaOQb5HwsK1+B1aUASArjHKhXkXKyseR
         v+Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:reply-to:message-id
         :subject:cc:to:from:date;
        bh=pdfQK0bco46P6e83UWTORQuO/yFzRSq4tx2OYoIoDD4=;
        b=UKRKe35oKxHgLe7xjdbQrnQFug3NKKL6BzrVhnbsoaIqSWUejgE7gwV72o+zT7h8yp
         8YP97djZlSOfRlfwHgCdVUIDY4oi2Vj6xSWvliUJ2k2LbNYfYD9EY7tog62LkA6xCmFK
         r3zRE81wKQ66Or62nUz14+4jjkZcUNyRvkJkisM+8DtRSBpYEUeR5gf7U4YmcdSQ8KcG
         wkDbhjEhLftpYFDRgPpagnMoVcOr1WB4HXAc7fDmbQe6FBMfGh3d9MSxK7I8mz9UO5mv
         h9x+sK120kVsz4GPCDjWin0ngdtF3u3xPyAXs5uD0xzGtr4aARYbsZSY64OfusJWPSbq
         U1Pw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 5si7382493plx.242.2019.06.05.14.30.27;
        Wed, 05 Jun 2019 14:30:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726556AbfFEV2x (ORCPT <rfc822;tluu11sec@gmail.com> + 99 others);
        Wed, 5 Jun 2019 17:28:53 -0400
Received: from wind.enjellic.com ([76.10.64.91]:34676 "EHLO wind.enjellic.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726461AbfFEV2w (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 5 Jun 2019 17:28:52 -0400
Received: from wind.enjellic.com (localhost [127.0.0.1])
        by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id x55LPbvS022703;
        Wed, 5 Jun 2019 16:25:37 -0500
Received: (from greg@localhost)
        by wind.enjellic.com (8.15.2/8.15.2/Submit) id x55LPbpR022702;
        Wed, 5 Jun 2019 16:25:37 -0500
Date:   Wed, 5 Jun 2019 16:25:37 -0500
From:   "Dr. Greg" <greg@enjellic.com>
To:     Sean Christopherson <sean.j.christopherson@intel.com>
Cc:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Jethro Beekman <jethro@fortanix.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        "akpm@linux-foundation.org" <akpm@linux-foundation.org>,
        "dave.hansen@intel.com" <dave.hansen@intel.com>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "serge.ayoun@intel.com" <serge.ayoun@intel.com>,
        "shay.katz-zamir@intel.com" <shay.katz-zamir@intel.com>,
        "haitao.huang@intel.com" <haitao.huang@intel.com>,
        "andriy.shevchenko@linux.intel.com" 
        <andriy.shevchenko@linux.intel.com>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "kai.svahn@intel.com" <kai.svahn@intel.com>,
        "bp@alien8.de" <bp@alien8.de>,
        "josh@joshtriplett.org" <josh@joshtriplett.org>,
        "luto@kernel.org" <luto@kernel.org>,
        "kai.huang@intel.com" <kai.huang@intel.com>,
        "rientjes@google.com" <rientjes@google.com>
Subject: Re: [PATCH v20 15/28] x86/sgx: Add the Linux SGX Enclave Driver
Message-ID: <20190605212536.GA22510@wind.enjellic.com>
Reply-To: "Dr. Greg" <greg@enjellic.com>
References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190417103938.7762-16-jarkko.sakkinen@linux.intel.com> <20190422215831.GL1236@linux.intel.com> <6dd981a7-0e38-1273-45c1-b2c0d8bf6fed@fortanix.com> <20190424002653.GB14422@linux.intel.com> <20190604201232.GA7775@linux.intel.com> <20190605142908.GD11331@linux.intel.com> <20190605145219.GC26328@linux.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190605145219.GC26328@linux.intel.com>
User-Agent: Mutt/1.4i
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Wed, 05 Jun 2019 16:25:37 -0500 (CDT)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 05, 2019 at 07:52:19AM -0700, Sean Christopherson wrote:

Good afternoon to everyone.

> At this point I don't see the access control stuff impacting the LKM
> decision.
> 
> Irrespetive of the access control thing, there are (at least) two issues
> with using ACPI to probe the driver:
> 
>   - ACPI probing breaks if there are multiple device, i.e. when KVM adds
>     a raw EPC device.  We could do something like probe the driver via
>     ACPI but manually load the raw EPC device from core SGX code, but IMO
>     taking that approach should be a concious decision.

If that is the case, I assume that ACPI probing will also be
problematic for kernels that will be running on systems that have the
SGX accelerator cards that Intel has announced in them.

We haven't seen a solid technical description regarding how SGX
functionality is to be surfaced via these cards.  However, since the
SDM/SGX specification indicates that multiple PRM/EPC's are supported,
the logical assumption would be that each card would be surfaced as a
separate EPC's.

The focus of this driver will be largely cloud based environments and
the accelerator cards are designed to fill the gap until multi-socket
SGX support is available, which has been 'real soon now' for about
three years.  So it would seem to be a requirement for the driver to
deal with these cards if it is to be relevant.

>   - ACPI probing means core SGX will consume resources for EPC management
>     even if there is no end consumer, e.g. the driver refuses to load due
>     to lack of FLC support.

It isn't relevant to these conversations but there will be a version
of this driver supported that runs on non-FLC platforms and that will
support full hardware root of trust via launch enclaves.

Have a good evening.

Dr. Greg

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"System Administration is a few hours of boredom followed by several
 moments of intense fear."
                                -- Tom ONeil