Re: [PATCH v20 15/28] x86/sgx: Add the Linux SGX Enclave Driver

[Sean Christopherson]

On Wed, Jun 05, 2019 at 04:25:37PM -0500, Dr. Greg wrote:
> On Wed, Jun 05, 2019 at 07:52:19AM -0700, Sean Christopherson wrote:
> 
> Good afternoon to everyone.
> 
> > At this point I don't see the access control stuff impacting the LKM
> > decision.
> > 
> > Irrespetive of the access control thing, there are (at least) two issues
> > with using ACPI to probe the driver:
> > 
> >   - ACPI probing breaks if there are multiple device, i.e. when KVM adds
> >     a raw EPC device.  We could do something like probe the driver via
> >     ACPI but manually load the raw EPC device from core SGX code, but IMO
> >     taking that approach should be a concious decision.
> 
> If that is the case, I assume that ACPI probing will also be
> problematic for kernels that will be running on systems that have the
> SGX accelerator cards that Intel has announced in them.

Just to make sure we're all on the same page, by "multiple devices" I
was referring to multiple char devices in the kernel, not multiple EPC
"devices".

> We haven't seen a solid technical description regarding how SGX
> functionality is to be surfaced via these cards.  However, since the
> SDM/SGX specification indicates that multiple PRM/EPC's are supported,
> the logical assumption would be that each card would be surfaced as a
> separate EPC's.

I haven't seen the details for the cards, but for multi-socket systems
with multiple EPC sections, the ACPI tables will enumerate a single EPC
"device" without any size or location information.  I.e. ACPI can be
used to detect that the system has EPC, but software will need to use
CPUID to enumerate the number of sections and their size/location.