On Fri, Jun 09, 2017 at 11:47:13AM +1200, Huang, Kai wrote: > In my understanding, although you only allows one LE in kernel, but you > won't limit who's LE can be run (basically kernel can run LE signed by > anyone, but just one LE when kernel is running), so I don't see there is any > limitation to KVM guests here. > > But it may still be better if SGX driver can provide function like: > > int sgx_validate_sigstruct(struct sigstruct *sig); > > for KVM to call, in case driver is changed (ex, to only allows LEs from some > particular ones to run), but this is not necessary now. KVM changes can be > done later when driver make the changes. > > Andy, > > Am I understanding correctly? Does this make sense to you? > > Thanks, > -Kai Nope. I don't even understand the *beginnings* what that function would do. I don't understand what the validation means here and what VMM would do if that functions reports "success". How that would work on a system where MSRs cannot be changed? In that kind of system the host OS must generate EINITTOKEN for the LE running on inside the guest and maintain completely virtualized MSR values for the guest. /Jarkko
