On 12/04/21 06:21, Kai Huang wrote:
Note, KVM allows writes to the LE hash MSRs if IA32_FEATURE_CONTROL is
unlocked. This is technically not architectural behavior, but it's
roughly equivalent to the arch behavior of the MSRs being writable prior
to activating SGX[1]. Emulating SGX activation is feasible, but adds no
tangible benefits and would just create extra work for KVM and guest
firmware.
[1] SGX related bits in IA32_FEATURE_CONTROL cannot be set until SGX
is activated, e.g. by firmware. SGX activation is triggered by
setting bit 0 in MSR 0x7a. Until SGX is activated, the LE hash
MSRs are writable, e.g. to allow firmware to lock down the LE
root key with a non-Intel value.
I turned these into a comment in vmx_set_msr:
/*
* On real hardware, the LE hash MSRs are writable before
* the firmware sets bit 0 in MSR 0x7a ("activating" SGX),
* at which point SGX related bits in IA32_FEATURE_CONTROL
* become writable.
*
* KVM does not emulate SGX activation for simplicity, so
* allow writes to the LE hash MSRs if IA32_FEATURE_CONTROL
* is unlocked. This is technically not architectural
* behavior, but close enough.
*/
Paolo
