> On Tue, Mar 26, 2019 at 02:25:52PM -0700, Huang, Kai wrote:
> > >
> > > That being said, this in no way impacts KVM's ability to virtualize SGX, e.g.
> > > KVM can directly do CPUID and {RD,WR}MSR to probe the capabilities
> > > of the platform as needed.
> >
> > I am not following. KVM can do whatever it wants, but it cannot change
> > the fact that KVM guest cannot run intel enclave if platform's MSRs
> > are configured to 3rd party and locked.
> >
> > Or am I misunderstanding?
>
> What does that have to do with this patch? The only thing this patch does is
> clear a *software* bit that says "SGX LC is enabled" so that the kernel can
> make the reasonable assumption that the MSRs are writable when
> X86_FEATURE_SGX_LC=1.
Sorted out offline discussion with you. Will let you handle :)
Thanks,
-Kai
