]> www.infradead.org Git - nvme.git/commitdiff
x86/cpufeatures: Add Intel SGX hardware bits
authorSean Christopherson <sean.j.christopherson@intel.com>
Thu, 12 Nov 2020 22:01:14 +0000 (00:01 +0200)
committerBorislav Petkov <bp@suse.de>
Tue, 17 Nov 2020 13:36:13 +0000 (14:36 +0100)
Populate X86_FEATURE_SGX feature from CPUID and tie it to the Kconfig
option with disabled-features.h.

IA32_FEATURE_CONTROL.SGX_ENABLE must be examined in addition to the CPUID
bits to enable full SGX support.  The BIOS must both set this bit and lock
IA32_FEATURE_CONTROL for SGX to be supported (Intel SDM section 36.7.1).
The setting or clearing of this bit has no impact on the CPUID bits above,
which is why it needs to be detected separately.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Jethro Beekman <jethro@fortanix.com>
Link: https://lkml.kernel.org/r/20201112220135.165028-4-jarkko@kernel.org
arch/x86/include/asm/cpufeatures.h
arch/x86/include/asm/disabled-features.h
arch/x86/include/asm/msr-index.h

index dad350d42ecfbf3063c64138375e81591729b092..1181f5c7bbef83dce2a7ab9646078135990b5e7a 100644 (file)
 /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */
 #define X86_FEATURE_FSGSBASE           ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/
 #define X86_FEATURE_TSC_ADJUST         ( 9*32+ 1) /* TSC adjustment MSR 0x3B */
+#define X86_FEATURE_SGX                        ( 9*32+ 2) /* Software Guard Extensions */
 #define X86_FEATURE_BMI1               ( 9*32+ 3) /* 1st group bit manipulation extensions */
 #define X86_FEATURE_HLE                        ( 9*32+ 4) /* Hardware Lock Elision */
 #define X86_FEATURE_AVX2               ( 9*32+ 5) /* AVX2 instructions */
index 5861d34f977182983ab4d0834f109acaca323d0f..7947cb1782dafd1dc87ee94126be2e410d5f234a 100644 (file)
 # define DISABLE_ENQCMD (1 << (X86_FEATURE_ENQCMD & 31))
 #endif
 
+#ifdef CONFIG_X86_SGX
+# define DISABLE_SGX   0
+#else
+# define DISABLE_SGX   (1 << (X86_FEATURE_SGX & 31))
+#endif
+
 /*
  * Make sure to add features to the correct mask
  */
@@ -74,7 +80,7 @@
 #define DISABLED_MASK6 0
 #define DISABLED_MASK7 (DISABLE_PTI)
 #define DISABLED_MASK8 0
-#define DISABLED_MASK9 (DISABLE_SMAP)
+#define DISABLED_MASK9 (DISABLE_SMAP|DISABLE_SGX)
 #define DISABLED_MASK10        0
 #define DISABLED_MASK11        0
 #define DISABLED_MASK12        0
index 972a34d935059aa49d01db8f20c3e598fffb22ac..258d555d22f2867977930495858eb668b8f25e48 100644 (file)
 #define FEAT_CTL_LOCKED                                BIT(0)
 #define FEAT_CTL_VMX_ENABLED_INSIDE_SMX                BIT(1)
 #define FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX       BIT(2)
+#define FEAT_CTL_SGX_ENABLED                   BIT(18)
 #define FEAT_CTL_LMCE_ENABLED                  BIT(20)
 
 #define MSR_IA32_TSC_ADJUST             0x0000003b