RE: [PATCH v11 5/5] x86/sgx: Enable automatic SVN updates for SGX enclaves

From: Reshetova, Elena
Date: Fri Aug 08 2025 - 07:06:27 EST

Next message: Daniel Stone: "Re: [PATCH v2] drm/panfrost: Print RSS for tiler heap BO's in debugfs GEMS file"
Previous message: Colin King (gmail): "Re: selftests/futex: issue with -g option help text"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Huang, Kai <kai.huang@xxxxxxxxx>
> Sent: Thursday, August 7, 2025 3:24 AM
> To: Reshetova, Elena <elena.reshetova@xxxxxxxxx>; Hansen, Dave
> <dave.hansen@xxxxxxxxx>
> Cc: seanjc@xxxxxxxxxx; mingo@xxxxxxxxxx; Scarlata, Vincent R
> <vincent.r.scarlata@xxxxxxxxx>; x86@xxxxxxxxxx; jarkko@xxxxxxxxxx;
> Annapurve, Vishal <vannapurve@xxxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx;
> Mallick, Asit K <asit.k.mallick@xxxxxxxxx>; Aktas, Erdem
> <erdemaktas@xxxxxxxxxx>; Cai, Chong <chongc@xxxxxxxxxx>; Bondarevska,
> Nataliia <bondarn@xxxxxxxxxx>; linux-sgx@xxxxxxxxxxxxxxx; Raynor, Scott
> <scott.raynor@xxxxxxxxx>
> Subject: Re: [PATCH v11 5/5] x86/sgx: Enable automatic SVN updates for SGX
> enclaves
>
> On Wed, 2025-08-06 at 11:11 +0300, Elena Reshetova wrote:
> > == Background ==
> >
> > ENCLS[EUPDATESVN] is a new SGX instruction [1] which allows enclave
> > attestation to include information about updated microcode SVN without a
> > reboot. Before an EUPDATESVN operation can be successful, all SGX memory
> > (aka. EPC) must be marked as “unused” in the SGX hardware metadata
> > (aka.EPCM). This requirement ensures that no compromised enclave can
> > survive the EUPDATESVN procedure and provides an opportunity to generate
> > new cryptographic assets.
> >
> > == Solution ==
> >
> > Attempt to execute ENCLS[EUPDATESVN] every time the first file descriptor
> > is obtained via sgx_(vepc_)open(). In the most common case the microcode
> > SVN is already up-to-date, and the operation succeeds without updating SVN.
>
> A newline here would be helpful.

OK

>
> > Note: while in such cases the underlying CR_BASE_KEY is regenrated, it does
> ^ case, since it's just one case, right?
>
> CR_BASE_KEY comes out of blue. And the odd is the SDM actually uses
> CR_BASE_PK AFAICT, so it could bring some confusion.
>
> Perhaps just "crypto-assets" in general?

Sure, will fix both.

>
> > not affect enclaves' visible keys obtained via EGETKEY instruction.
> >
> > If it fails with any other error code than SGX_INSUFFICIENT_ENTROPY, this
> > is considered unexpected and the *open() returns an error. This should not
> > happen in practice.
> >
> > On contrary, SGX_INSUFFICIENT_ENTROPY might happen due
> > to a pressure on the system's DRNG (RDSEED) and therefore the *open() can
> > be safely retried to allow normal enclave operation.
>
> please check text wrap.

Yes, will do.

Next message: Daniel Stone: "Re: [PATCH v2] drm/panfrost: Print RSS for tiler heap BO's in debugfs GEMS file"
Previous message: Colin King (gmail): "Re: selftests/futex: issue with -g option help text"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]