Re: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

On 5/14/25 00:32, Reshetova, Elena wrote: >> This was the recent discussion I am aware we had on this matter: >> https://lkml.org/lkml/2024/2/5/1595 >> The measurements were done for older platform (skylake), but I am not >> aware of any architectural changes since that time to improve this. > And

RE: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

> > >>> +static bool sgx_has_eupdatesvn; > > >> > > >> We have CPUID "caches" of sorts. Why open code this? > > > > > > You mean X86_FEATURE_*? > > > > Yes. > > > > > SGX CPUID is only defined in SGX code currently (btw, I am not sure > > > why they are made special) so it doesn’t support this. > >

RE: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

> On Wed, May 07, 2025 at 02:14:00PM +0300, Elena Reshetova wrote: > > > diff --git a/arch/x86/kernel/cpu/sgx/driver.c > b/arch/x86/kernel/cpu/sgx/driver.c > > index 7f8d1e11dbee..669e44d61f9f 100644 > > --- a/arch/x86/kernel/cpu/sgx/driver.c > > +++ b/arch/x86/kernel/cpu/sgx/driver.c > > @@ -19,6

RE: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

> >>> +static bool sgx_has_eupdatesvn; > >> > >> We have CPUID "caches" of sorts. Why open code this? > > > > You mean X86_FEATURE_*? > > Yes. > > > SGX CPUID is only defined in SGX code currently (btw, I am not sure > > why they are made special) so it doesn’t support this. > > It's only used i

Re: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

On Wed, May 07, 2025 at 02:14:00PM +0300, Elena Reshetova wrote: > diff --git a/arch/x86/kernel/cpu/sgx/driver.c > b/arch/x86/kernel/cpu/sgx/driver.c > index 7f8d1e11dbee..669e44d61f9f 100644 > --- a/arch/x86/kernel/cpu/sgx/driver.c > +++ b/arch/x86/kernel/cpu/sgx/driver.c > @@ -19,6 +19,10 @@

RE: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

Thank you very much for your detailed review, Dave! Responses inline below. > On 5/7/25 04:14, Elena Reshetova wrote: > > In case an SGX vulnerability is discovered and TCB recovery > > for SGX is triggered, Intel specifies a process that must be > > followed for a given vulnerability. Steps to

Re: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

On 5/8/25 07:07, Reshetova, Elena wrote: ... >> Actually, I think I wrote changelogs for this once upon a time. Could >> you please go dig those up and use them? > > Could you please suggest where can I find them? Was it for the previous > submission done by Cathy? Yes. There were also some long

Re: [PATCH v4 1/1] x86/sgx: Enable automatic SVN updates for SGX enclaves

On 5/7/25 04:14, Elena Reshetova wrote: > In case an SGX vulnerability is discovered and TCB recovery > for SGX is triggered, Intel specifies a process that must be > followed for a given vulnerability. Steps to mitigate can vary > based on vulnerability type, affected components, etc. > In some ca