RE: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]

From: Reshetova, Elena
Date: Thu Aug 14 2025 - 07:51:46 EST

Next message: Philipp Stanner: "Re: [PATCH] drm/sched: Prevent stopped entities from being added to the run queue."
Previous message: Gustavo A. R. Silva: "Re: [PATCH][next] pwm: cros-ec: Avoid -Wflex-array-member-not-at-end warnings"
In reply to: Huang, Kai: "Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]"
Next in thread: Huang, Kai: "Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Huang, Kai <kai.huang@xxxxxxxxx>
> Sent: Thursday, August 14, 2025 12:36 PM
> To: Reshetova, Elena <elena.reshetova@xxxxxxxxx>; Hansen, Dave
> <dave.hansen@xxxxxxxxx>
> Cc: seanjc@xxxxxxxxxx; mingo@xxxxxxxxxx; Scarlata, Vincent R
> <vincent.r.scarlata@xxxxxxxxx>; x86@xxxxxxxxxx; jarkko@xxxxxxxxxx;
> Annapurve, Vishal <vannapurve@xxxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx;
> Mallick, Asit K <asit.k.mallick@xxxxxxxxx>; Aktas, Erdem
> <erdemaktas@xxxxxxxxxx>; Cai, Chong <chongc@xxxxxxxxxx>; Bondarevska,
> Nataliia <bondarn@xxxxxxxxxx>; linux-sgx@xxxxxxxxxxxxxxx; Raynor, Scott
> <scott.raynor@xxxxxxxxx>
> Subject: Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]
>
> On Thu, 2025-08-14 at 10:34 +0300, Reshetova, Elena wrote:
> > All running enclaves and cryptographic assets (such as internal SGX
> > encryption keys) are assumed to be compromised whenever an SGX-related
> > microcode update occurs. To mitigate this assumed compromise the new
> > supervisor SGX instruction ENCLS[EUPDATESVN] can generate fresh
> > cryptographic assets.
> >
> > Before executing EUPDATESVN, all SGX memory must be marked as unused.
> This
> > requirement ensures that no potentially compromised enclave survives the
> > update and allows the system to safely regenerate cryptographic assets.
> >
> > Add the method to perform ENCLS[EUPDATESVN]. However, until the follow
> up
> > patch that wires calling sgx_update_svn() from sgx_inc_usage_count(), this
> > code is not reachable.
> >
> > Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> > Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
>
> Reviewed-by: Kai Huang <kai.huang@xxxxxxxxx>
>
> >
> > + * Return:
> > + * * %0: - Success or not supported
> > + * * %-EAGAIN: - Can be safely retried, failure is due to lack of
> > + * * entropy in RNG
>
> Nit: if another version is ever needed, I think it would be better to make
> the text vertical aligned w/o the leading '-', i.e.,
>
> * %-EAGAIN: - Can be ....
> entropy in RNG.
>
> .. instead of
>
> * %-EAGAIN: - Can be ....
> entropy in RNG.

OK, yes, this can be fixed, indeed.

Thank you very much for your reviews, Kai!

Next message: Philipp Stanner: "Re: [PATCH] drm/sched: Prevent stopped entities from being added to the run queue."
Previous message: Gustavo A. R. Silva: "Re: [PATCH][next] pwm: cros-ec: Avoid -Wflex-array-member-not-at-end warnings"
In reply to: Huang, Kai: "Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]"
Next in thread: Huang, Kai: "Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]