Oops.. Please ignore this patch :) Thanks, -Kai On 5/8/2017 5:24 PM, Kai Huang wrote:
even this bit is not set by BIOS, current ucode patch allows write to IA32_SGXLEPUBKEYHASHn. --- arch/x86/kvm/vmx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 1022295ba925..9e687ce45b48 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2254,12 +2254,20 @@ static void decache_tsc_multiplier(struct vcpu_vmx *vmx) vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio); } +#define UCODE_PATCH static bool cpu_sgx_lepubkeyhash_writable(void) { u64 val, sgx_lc_enabled_mask = (FEATURE_CONTROL_LOCKED | FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE); rdmsrl(MSR_IA32_FEATURE_CONTROL, val); +#ifdef UCODE_PATCH + /* + * current ucode patch can support write to IA32_SGXLEPUBKEYHASHn + * even if FEATURE_CONTROL[17] is not set. + */ + val |= FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE; +#endif return ((val & sgx_lc_enabled_mask) == sgx_lc_enabled_mask); }