On Mon, Apr 25, 2016 at 01:01:24PM -0700, Andi Kleen wrote: > Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> writes: > > > > diff --git a/drivers/staging/intel_sgx/TODO b/drivers/staging/intel_sgx/TODO > > new file mode 100644 > > index 0000000..05f68c2 > > --- /dev/null > > +++ b/drivers/staging/intel_sgx/TODO > > @@ -0,0 +1,25 @@ > > +Documentation > > +============= > > + > > +* Improve Documents/x86/intel-sgx.txt based on the feedback and > > + questions that pop up. > > + > > +Internals > > +========= > > + > > +* Move structures needed by the allocator to arch/x86/include/asm/sgx.h > > +* Move EPC page allocation and eviction code to arch/x86/mm as they > > + will shared with virtualization code. > > +* Move enclave management functions to arch/x86/mm as they will be > > + shared with virtualization code. > > +* Use reserve_memtype() in order to add EPC to the PAT memtype list > > + with WB caching. > > +* Implement proper recovery code for the pager for cases when > > + ETRACK/EBLOCK/EWB fails instead of BUG_ON(). Probably the sanest > > + way to recover is to clear TCS PTEs, kick threads out of enclave > > + and remove EPC pages. > > +* Implement ACPI hot-lug for SGX. > > - Write proper patch descriptions. > > Especially how the "new VM" in 3/6 works needs a lot more explanation ... Agreed. I have now idea how to improve this given the feedback so far from you Andy and Greg. Thanks. It was hard to figure out the areas, which require more explanation before putting something out first. > - Add some test code Skylake, the only microarchitecture available at the moment supporting SGX, does not support IA32_SGXLEPUBKEYHASH* MSRs documented in Volume 3C of the Intel x86 SDM. There will be an Open Source SDK available in the near future. It comes with Launch Enclave [1] that generates automatically EINITTOKENs for debug enclaves. At the moment there is no process for signing producton enclaves with the Intel root of trust for Linux (there is a process for Windows). In order to write test code I would need to use the SDK at minimum to generate EINITTOKEN for the test enclave. [1] The source code is available but with Skylake you cannot sign your own Launch Enclave binary, which is of course possible in future when the MSRs become available for having you own root of trust. > -Andi /Jarkko _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel