On Tue, Feb 09, 2021 at 11:18:13PM +0200, Jarkko Sakkinen wrote:
> On Mon, Feb 08, 2021 at 11:54:09PM +1300, Kai Huang wrote:
> > From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> >
> > Add a misc device /dev/sgx_vepc to allow userspace to allocate "raw" EPC
> > without an associated enclave. The intended and only known use case for
> > raw EPC allocation is to expose EPC to a KVM guest, hence the 'vepc'
> > moniker, virt.{c,h} files and X86_SGX_KVM Kconfig.
>
> This commit message does give existential background for having vEPC.
> I.e. everything below this paragraph is "good enough" to make the case
> for SGX subsystem controlled vEPC.
>
> However, it does not give any existential background for /dev/sgx_vpec.
> Even with differing internals you could just as well make the whole
> thing as subfunction of /dev/sgx_enclave. It's perfectly doable. It
> does not really matter how much the same internals are used (e.g.
> sgx_encl).
>
> Without that clearly documented, it would be unwise to merge this.
E.g.
- Have ioctl() to turn opened fd as vEPC.
- If FLC is disabled, you could only use the fd for creating vEPC.
Quite easy stuff to implement.
/Jarkko
