As suggested by Borislav, disallow SGX if the PK MSRs are not writable. Link: https://patchwork.kernel.org/patch/11267757/#23072371 Cc: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> Suggested-by: Borislav Petkov <bp@xxxxxxxxx> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> --- Just a sanity check before merge, please ack that this is what you wanted. arch/x86/kernel/cpu/intel.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 06252c82b8f7..0d57e9666de0 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -600,7 +600,7 @@ static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c) if (!(fc & FEATURE_CONTROL_SGX_LE_WR)) { pr_info_once("sgx: The launch control MSRs are not writable\n"); - goto err_msrs_rdonly; + goto err_unsupported; } return; @@ -609,8 +609,6 @@ static void __maybe_unused detect_sgx(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_SGX); setup_clear_cpu_cap(X86_FEATURE_SGX1); setup_clear_cpu_cap(X86_FEATURE_SGX2); - -err_msrs_rdonly: setup_clear_cpu_cap(X86_FEATURE_SGX_LC); } -- 2.20.1
