Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2255889ybi; Sat, 13 Jul 2019 10:10:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqz//MkfkUQYj7M+tV496GVfRCK/gM4NBeS5ZtZhoArICmV6iL/ZvTs9uWyV/Dvw0SpfEJzI X-Received: by 2002:a17:90a:6097:: with SMTP id z23mr19354108pji.75.1563037829373; Sat, 13 Jul 2019 10:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563037829; cv=none; d=google.com; s=arc-20160816; b=qxCYHLQOFZcBTIIwrH9tRMc/Xu+0PPDJmeysM1HASnNVU2JzRHSOZYvtTZwaDh0MuM xIueMfP67u8gl28qDa4vVKe0YKlnseBCJXFaUUeLTaKa3yCe4cUDs57ZhmgqF8FEt8y6 J5CtmBML27jowF+/A0IuVSWaHhSk3Ycja4HcacbQq3okmCTCMB0VVFsmqSJtC5MNcXpg nsXaZROuKnu7qKKWCklj18vDD987JA28Ls+YksWGBQ1HNSL/+8gGE3I75FnM4JnidplZ 75OuQBDhEMI7qWgPQ5aNempItwa5S52H40lByWNpPCyXNlZb2+rO+Ekje8X15tKfC77L PcwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=GfUw8KrfX2mRI6IOOC3LMMcIwTQycqzvc+hzdqWRHy8=; b=qyZF1Ei20Hv/yf/lDcbu7EJQBZC4CMhAdJ+if9DkzPKFTec+XzZf8tns2YV8aRvN/n rti5fPGQTBqlCHbkTPhNcn6XDDXDHwIroCeJI50gtrDltqvGIymd2nqjSQigHdzHDw0O lAolIPHqUvXIfOFCRt5UX0YuXggDdRuyWXKjbx19cJKyf1N/gY74QC6hS9KLPOXhFHzp KenZztTqrHr2jjcCFfKM96WexxnliDk2qVxxradj99664eLPVm43TPSzgUPA1jESG1PV L+SM+TIvkdbIobZ+OOEt7N4aTrYWVY+N9m9uSH9P2uG3WNlbRbrd0TpvT9DHX9d8yJsN xl2Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 91si10988772plb.39.2019.07.13.10.10.12; Sat, 13 Jul 2019 10:10:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728123AbfGMRJH (ORCPT + 99 others); Sat, 13 Jul 2019 13:09:07 -0400 Received: from mga09.intel.com ([134.134.136.24]:33964 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727939AbfGMRJH (ORCPT ); Sat, 13 Jul 2019 13:09:07 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Jul 2019 10:09:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,487,1557212400"; d="scan'208";a="341981154" Received: from hbriegel-mobl.ger.corp.intel.com (HELO localhost) ([10.252.50.48]) by orsmga005.jf.intel.com with ESMTP; 13 Jul 2019 10:08:56 -0700 From: Jarkko Sakkinen To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org Cc: akpm@linux-foundation.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com, cedric.xing@intel.com, Haim Cohen , Jarkko Sakkinen Subject: [PATCH v21 05/28] x86/msr: Add SGX Launch Control MSR definitions Date: Sat, 13 Jul 2019 20:07:41 +0300 Message-Id: <20190713170804.2340-6-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190713170804.2340-1-jarkko.sakkinen@linux.intel.com> References: <20190713170804.2340-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson Add a new IA32_FEATURE_CONTROL bit, SGX_LE_WR. When set, SGX_LE_WR allows software to write the SGXLEPUBKEYHASH MSRs (see below). The The existence of the bit is enumerated by CPUID as X86_FEATURE_SGX_LC. Like all other flags in IA32_FEATURE_CONTROL, the MSR must be locked for SGX_LE_WR to take effect. Add four MSRs, SGXLEPUBKEYHASH{0,1,2,3}, or in human readable form, the SGX Launch Enclave Public Key Hash MSRs. These MSRs correspond to the key that is used by the CPU to determine whether or not to allow software to enter an enclave. When ENCLS[EINIT] is executed, which is a prerequisite to entering the enclave, the CPU compares the key (technically its hash) used to sign the enclave with the key hash stored in the MSRs, and will reject EINIT if the keys do not match. Enclaves can also be blessed by proxy, in which case a Launch Enclave generates and signs an EINIT TOKEN. If a valid token is provided, ENCLS[EINIT] compares the signer of the token against the MSRs instead of the signer of the enclave. The SGXLEPUBKEYHASH MSRs only exist on CPUs that support SGX Launch Control, enumerated by X86_FEATURE_SGX_LC. CPUs without Launch Control use a hardcoded key for the ENCLS[EINIT] checks. An internal hardcoded key is also used as the reset value for the hash MSRs when they exist. As a final note, the SGX_LEPUBKEYHASH MSRs can also be written by pre-boot firmware prior to activating SGX (SGX activation is done by setting bit 0 in MSR 0x7A). Thus, firmware can lock the MSRs to a non-Intel value by writing the MSRs and locking IA32_FEATURE_CONTROL without setting SGX_LE_WR. Signed-off-by: Sean Christopherson Co-developed-by: Haim Cohen Signed-off-by: Haim Cohen Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/msr-index.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index c006ba8187aa..24da5800b1c6 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -542,6 +542,7 @@ #define FEATURE_CONTROL_LOCKED (1<<0) #define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX (1<<1) #define FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX (1<<2) +#define FEATURE_CONTROL_SGX_LE_WR (1<<17) #define FEATURE_CONTROL_SGX_ENABLE (1<<18) #define FEATURE_CONTROL_LMCE (1<<20) @@ -555,6 +556,12 @@ #define MSR_IA32_UCODE_WRITE 0x00000079 #define MSR_IA32_UCODE_REV 0x0000008b +/* Intel SGX Launch Enclave Public Key Hash MSRs */ +#define MSR_IA32_SGXLEPUBKEYHASH0 0x0000008C +#define MSR_IA32_SGXLEPUBKEYHASH1 0x0000008D +#define MSR_IA32_SGXLEPUBKEYHASH2 0x0000008E +#define MSR_IA32_SGXLEPUBKEYHASH3 0x0000008F + #define MSR_IA32_SMM_MONITOR_CTL 0x0000009b #define MSR_IA32_SMBASE 0x0000009e -- 2.20.1