Remove struct sgx_einittoken as it is no longer required. Only size of the microarchitectural structure is needed by the kernel. Cc: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> --- arch/x86/kernel/cpu/sgx/arch.h | 54 +-------------------------------- arch/x86/kernel/cpu/sgx/encls.h | 5 ++- arch/x86/kernel/cpu/sgx/ioctl.c | 14 ++++----- 3 files changed, 9 insertions(+), 64 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/arch.h b/arch/x86/kernel/cpu/sgx/arch.h index 98836ab3eeaf..ddae55e9d4d8 100644 --- a/arch/x86/kernel/cpu/sgx/arch.h +++ b/arch/x86/kernel/cpu/sgx/arch.h @@ -338,58 +338,6 @@ struct sgx_sigstruct { u8 q2[SGX_MODULUS_SIZE]; } __packed; -#define SGX_EINITTOKEN_RESERVED1_SIZE 11 -#define SGX_EINITTOKEN_RESERVED2_SIZE 32 -#define SGX_EINITTOKEN_RESERVED3_SIZE 32 -#define SGX_EINITTOKEN_RESERVED4_SIZE 24 - -/** - * struct sgx_einittoken - a token permitting to launch an enclave - * @valid: one if valid and zero if invalid - * @attributes: attributes for enclave - * @xfrm: XSave-Feature Request Mask (subset of XCR0) - * @mrenclave: SHA256-hash of the enclave contents - * @mrsigner: SHA256-hash of the public key used to sign the - * SIGSTRUCT - * @le_cpusvn: a value that reflects the SGX implementation - * running in in the CPU - * @le_isvprodid: a user-defined value that is used in key - * derivation - * @le_isvsvn: a user-defined value that is used in key - * derivation - * @le_keyed_miscselect: LE's miscselect masked with the token keys - * miscselect - * @le_keyed_attributes: LE's attributes masked with the token keys - * attributes - * @le_keyed_xfrm: LE's XFRM masked with the token keys xfrm - * @salt: random salt for wear-out protection - * @mac: CMAC over the preceding fields - * - * An enclave with EINITTOKENKEY attribute can access a key with the same name - * by using ENCLS(EGETKEY) and use this to sign cryptographic tokens that can - * be passed to ENCLS(EINIT) to permit the launch of other enclaves. This is - * the only viable way to launch enclaves if IA32_SGXLEPUBKEYHASHn MSRs are - * locked assuming that there is a Launch Enclave (LE) available that can be - * used for generating these tokens. - */ -struct sgx_einittoken { - u32 valid; - u32 reserved1[SGX_EINITTOKEN_RESERVED1_SIZE]; - u64 attributes; - u64 xfrm; - u8 mrenclave[32]; - u8 reserved2[SGX_EINITTOKEN_RESERVED2_SIZE]; - u8 mrsigner[32]; - u8 reserved3[SGX_EINITTOKEN_RESERVED3_SIZE]; - u8 le_cpusvn[16]; - u16 le_isvprodid; - u16 le_isvsvn; - u8 reserved4[SGX_EINITTOKEN_RESERVED4_SIZE]; - u32 le_keyed_miscselect; - u64 le_keyed_attributes; - u64 le_keyed_xfrm; - u8 salt[32]; - u8 mac[16]; -} __packed __aligned(512); +#define SGX_LAUNCH_TOKEN_SIZE 304 #endif /* _ASM_X86_SGX_ARCH_H */ diff --git a/arch/x86/kernel/cpu/sgx/encls.h b/arch/x86/kernel/cpu/sgx/encls.h index 30132edddcd6..b4c27d8bd2ac 100644 --- a/arch/x86/kernel/cpu/sgx/encls.h +++ b/arch/x86/kernel/cpu/sgx/encls.h @@ -186,10 +186,9 @@ static inline int __eadd(struct sgx_pageinfo *pginfo, void *addr) return __encls_2(EADD, pginfo, addr); } -static inline int __einit(void *sigstruct, struct sgx_einittoken *einittoken, - void *secs) +static inline int __einit(void *sigstruct, void *token, void *secs) { - return __encls_ret_3(EINIT, sigstruct, secs, einittoken); + return __encls_ret_3(EINIT, sigstruct, secs, token); } static inline int __eremove(void *addr) diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index 2880ed4745b6..eaae533578b9 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -595,8 +595,7 @@ static void sgx_update_lepubkeyhash_msrs(u64 *lepubkeyhash, bool enforce) } } -static int sgx_einit(struct sgx_sigstruct *sigstruct, - struct sgx_einittoken *token, +static int sgx_einit(struct sgx_sigstruct *sigstruct, void *token, struct sgx_epc_page *secs, u64 *lepubkeyhash) { int ret; @@ -616,7 +615,7 @@ static int sgx_einit(struct sgx_sigstruct *sigstruct, } static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, - struct sgx_einittoken *token) + void *token) { u64 mrsigner[4]; int ret; @@ -694,10 +693,10 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, */ static long sgx_ioc_enclave_init(struct sgx_encl *encl, void __user *arg) { - struct sgx_einittoken *einittoken; struct sgx_sigstruct *sigstruct; struct sgx_enclave_init einit; struct page *initp_page; + void *token; int ret; if (!(atomic_read(&encl->flags) & SGX_ENCL_CREATED)) @@ -711,9 +710,8 @@ static long sgx_ioc_enclave_init(struct sgx_encl *encl, void __user *arg) return -ENOMEM; sigstruct = kmap(initp_page); - einittoken = (struct sgx_einittoken *) - ((unsigned long)sigstruct + PAGE_SIZE / 2); - memset(einittoken, 0, sizeof(*einittoken)); + token = (void *)((unsigned long)sigstruct + PAGE_SIZE / 2); + memset(token, 0, SGX_LAUNCH_TOKEN_SIZE); if (copy_from_user(sigstruct, (void __user *)einit.sigstruct, sizeof(*sigstruct))) { @@ -721,7 +719,7 @@ static long sgx_ioc_enclave_init(struct sgx_encl *encl, void __user *arg) goto out; } - ret = sgx_encl_init(encl, sigstruct, einittoken); + ret = sgx_encl_init(encl, sigstruct, token); out: kunmap(initp_page); -- 2.25.0