Commit 73916b6a authored by Kai Huang's avatar Kai Huang Committed by Borislav Petkov

x86/sgx: Add helper to update SGX_LEPUBKEYHASHn MSRs

Add a helper to update SGX_LEPUBKEYHASHn MSRs.  SGX virtualization also
needs to update those MSRs based on guest's "virtual" SGX_LEPUBKEYHASHn
before EINIT from guest.
Signed-off-by: default avatarKai Huang <kai.huang@intel.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Acked-by: default avatarDave Hansen <dave.hansen@intel.com>
Acked-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Link: https://lkml.kernel.org/r/dfb7cd39d4dd62ea27703b64afdd8bccb579f623.1616136308.git.kai.huang@intel.com
parent a67136b4
...@@ -495,7 +495,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, ...@@ -495,7 +495,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
void *token) void *token)
{ {
u64 mrsigner[4]; u64 mrsigner[4];
int i, j, k; int i, j;
void *addr; void *addr;
int ret; int ret;
...@@ -544,8 +544,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, ...@@ -544,8 +544,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
preempt_disable(); preempt_disable();
for (k = 0; k < 4; k++) sgx_update_lepubkeyhash(mrsigner);
wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + k, mrsigner[k]);
ret = __einit(sigstruct, token, addr); ret = __einit(sigstruct, token, addr);
......
...@@ -727,6 +727,22 @@ static bool __init sgx_page_cache_init(void) ...@@ -727,6 +727,22 @@ static bool __init sgx_page_cache_init(void)
return true; return true;
} }
/*
* Update the SGX_LEPUBKEYHASH MSRs to the values specified by caller.
* Bare-metal driver requires to update them to hash of enclave's signer
* before EINIT. KVM needs to update them to guest's virtual MSR values
* before doing EINIT from guest.
*/
void sgx_update_lepubkeyhash(u64 *lepubkeyhash)
{
int i;
WARN_ON_ONCE(preemptible());
for (i = 0; i < 4; i++)
wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0 + i, lepubkeyhash[i]);
}
static int __init sgx_init(void) static int __init sgx_init(void)
{ {
int ret; int ret;
......
...@@ -93,4 +93,6 @@ static inline int __init sgx_vepc_init(void) ...@@ -93,4 +93,6 @@ static inline int __init sgx_vepc_init(void)
} }
#endif #endif
void sgx_update_lepubkeyhash(u64 *lepubkeyhash);
#endif /* _X86_SGX_H */ #endif /* _X86_SGX_H */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment