From: Sean Christopherson <sean.j.christopher...@intel.com>
Similar to other large Intel features such as VMX and TXT, SGX must be
explicitly enabled in IA32_FEATURE_CONTROL MSR to be truly usable.
Clear all SGX related capabilities if SGX is not fully enabled in
IA32_FEATURE_CONTROL or if the SGX1 instruction set isn't supported
(impossible on bare metal, theoretically possible in a VM if the VMM
is doing something weird).
Signed-off-by: Sean Christopherson <sean.j.christopher...@intel.com>
---
arch/x86/kernel/cpu/intel.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index fc3c07fe7df5..9bf8fe2c04ac 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -596,6 +596,30 @@ static void detect_tme(struct cpuinfo_x86 *c)
c->x86_phys_bits -= keyid_bits;
}
+static void detect_sgx(struct cpuinfo_x86 *c)
+{
+ bool unsupported = false;
+ unsigned long long fc;
+
+ rdmsrl(MSR_IA32_FEATURE_CONTROL, fc);
+ if (!(fc & FEATURE_CONTROL_LOCKED)) {
+ pr_err_once("sgx: IA32_FEATURE_CONTROL MSR is not locked\n");
+ unsupported = true;
+ } else if (!(fc & FEATURE_CONTROL_SGX_ENABLE)) {
+ pr_err_once("sgx: not enabled in IA32_FEATURE_CONTROL MSR\n");
+ unsupported = true;
+ } else if (!cpu_has(c, X86_FEATURE_SGX1)) {
+ pr_err_once("sgx: SGX1 instruction set not supported\n");
+ unsupported = true;
+ }
+
+ if (unsupported) {
+ setup_clear_cpu_cap(X86_FEATURE_SGX);
+ setup_clear_cpu_cap(X86_FEATURE_SGX1);
+ setup_clear_cpu_cap(X86_FEATURE_SGX2);
+ }
+}
+
static void init_intel_energy_perf(struct cpuinfo_x86 *c)
{
u64 epb;
@@ -763,6 +787,9 @@ static void init_intel(struct cpuinfo_x86 *c)
if (cpu_has(c, X86_FEATURE_TME))
detect_tme(c);
+ if (cpu_has(c, X86_FEATURE_SGX))
+ detect_sgx(c);
+
init_intel_energy_perf(c);
init_intel_misc_features(c);
--
2.19.1
