Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1566527ybz; Thu, 30 Apr 2020 01:27:54 -0700 (PDT) X-Google-Smtp-Source: APiQypJWsn7YZy/NEMCVy0v+jsXAVhpG8ejKDo6pM6UonVlUShoSem8eP9G3quib9JFKNTtjBrIs X-Received: by 2002:a17:906:8152:: with SMTP id z18mr1617738ejw.4.1588235274280; Thu, 30 Apr 2020 01:27:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588235274; cv=none; d=google.com; s=arc-20160816; b=QaJUvjlaI8TAkuagYL65qNIONsTpWATK0Y2/D4XakHzs4YhwkFrTC/cwIRCo66Z+mB uIyQDFgWIigG19HZXQrm0JdjJ4dgdo5fTxz9oW3K1YLxafveBRzhTcnud0ie0DRHhao6 UCtPPoXmEZsAkwHZlCUjv21JObGv4NcZ/V0SXqe4wtmFcf3ERw1CQwjrZBbIaiDnsGQE crtL3r58BEY5YVYk0dvAcqP1bVh6Zdpd35qaWj2fkA1LxM0s/wscTQ9sWPmSiuLuaM7E bGK7MtfEbZ0RBdZXTuyPmLfc+/T463ucS8wOb1IX/q+VYGbMkPfi/uuQPjTQrXn3/SjZ xIKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=kpuWrsTXSLaydun5mh5eXFrxA0xVYiMZEmOZrnhcmP8=; b=ys+IJtrGtLyow7Gmxk2NtU64FefriKtjkb6ds3VaQfnpXkjS+hMQUgz6oz3fafHUSd XF3+WuGkgDVzvVG0/KiTGtPeNJt783mFu9KxG7cc76mFv0J7/zNCr6VEaI1smt9VG2G5 8BL58zLlp084eE5OVfjqFAbG4Lki8ZS6AV9uX848l8+L2eLtFlhxHppj36Armqpxjo8J jkEiuxdB6TWrO0BVa/K7YvoRf5jDyTagrSPKDtSJzR14EkcEhF0PcIDeWPjjxYSKqQio G4f/iRnIpYPefjcHt995YjizvS3mnCqiciSU7pZyqvUjygpTXwiY8KfC42OAYAGN/kuA TG/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lc17si5293119ejb.413.2020.04.30.01.27.30; Thu, 30 Apr 2020 01:27:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726658AbgD3IXm (ORCPT + 99 others); Thu, 30 Apr 2020 04:23:42 -0400 Received: from mga02.intel.com ([134.134.136.20]:1644 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726531AbgD3IXm (ORCPT ); Thu, 30 Apr 2020 04:23:42 -0400 IronPort-SDR: R97pwFDK+xNwl81j/ZLTw6OqRp+U2qLwPspqgGJ549wRH9rXa5CmLgZWYC4se7OWoIvDjiVZ1N +u4sCm1/20pw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Apr 2020 01:23:41 -0700 IronPort-SDR: 36p3/H3GepOLsOJEQt0w0FBY0ss06P1xezuXnKqxyXQBc+HUgDEi1e/HICvGtWCGRK6kmF06/F 6HphBVn0Ibuw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,334,1583222400"; d="scan'208";a="258225161" Received: from smirnovi-mobl.ccr.corp.intel.com (HELO localhost) ([10.252.55.1]) by orsmga003.jf.intel.com with ESMTP; 30 Apr 2020 01:23:34 -0700 Date: Thu, 30 Apr 2020 11:23:28 +0300 From: Jarkko Sakkinen To: Jethro Beekman Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org, akpm@linux-foundation.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com, cedric.xing@intel.com, puiterwijk@redhat.com Subject: Re: [PATCH v29 00/20] Intel SGX foundations Message-ID: <20200430082328.GA6387@linux.intel.com> References: <20200421215316.56503-1-jarkko.sakkinen@linux.intel.com> <07c1a36c-cebc-3a65-6f92-4a5498fcc369@fortanix.com> <20200430034651.GB31820@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 30, 2020 at 09:19:48AM +0200, Jethro Beekman wrote: > On 2020-04-30 05:46, Jarkko Sakkinen wrote: > > On Wed, Apr 29, 2020 at 05:27:48PM +0200, Jethro Beekman wrote: > >> On 2020-04-21 23:52, Jarkko Sakkinen wrote: > >>> Intel(R) SGX is a set of CPU instructions that can be used by applications > >>> to set aside private regions of code and data. The code outside the enclave > >>> is disallowed to access the memory inside the enclave by the CPU access > >>> control. > >>> > >>> There is a new hardware unit in the processor called Memory Encryption > >>> Engine (MEE) starting from the Skylake microacrhitecture. BIOS can define > >>> one or many MEE regions that can hold enclave data by configuring them with > >>> PRMRR registers. > >>> > >>> The MEE automatically encrypts the data leaving the processor package to > >>> the MEE regions. The data is encrypted using a random key whose life-time > >>> is exactly one power cycle. > >>> > >>> The current implementation requires that the firmware sets > >>> IA32_SGXLEPUBKEYHASH* MSRs as writable so that ultimately the kernel can > >>> decide what enclaves it wants run. The implementation does not create > >>> any bottlenecks to support read-only MSRs later on. > >>> > >>> You can tell if your CPU supports SGX by looking into /proc/cpuinfo: > >>> > >>> cat /proc/cpuinfo | grep sgx > >> > >> Let's merge this. > > > > So can I tag reviewed-by's? > > > > No, but you already have my tested-by's. > > If it helps I can try to review some patches, but 1) I know nothing > about kernel coding guidelines and best practices and 2) I know little > about most kernel internals, so I won't be able to review every patch. Ackd-by *acknowledges* that the patches work for you. I think that would be then the correct choice for the driver patch and patches before that. Lets go with that if that is cool for you of course. Did you run the selftest only or possibly also some internal Fortanix tests? /Jarkko