On all your patches for the future: don't forget to Cc LKML.
On Wed, Mar 09, 2022 at 06:40:48PM +0800, Cathy Zhang wrote:
> EUPDATESVN is the SGX instruction which allows enclave attestation
> to include information about updated microcode without a reboot.
>
> Microcode updates which affect SGX require two phases:
>
> 1. Do the main microcode update
> 2. Make the new CPUSVN available for enclave attestation via
> EUPDATESVN.
>
> Before a EUPDATESVN can succeed, all enclave pages (EPC) must be
> marked as unused in the SGX metadata (EPCM). This operation destroys
> all preexisting SGX enclave data and metadata. This is by design and
> mitigates the impact of vulnerabilities that may have compromised
> enclaves or the SGX hardware itself prior to the update.
>
> Signed-off-by: Cathy Zhang <cathy.zhang@xxxxxxxxx>
> ---
> arch/x86/include/asm/microcode.h | 5 ++++
> arch/x86/include/asm/sgx.h | 5 ++++
> arch/x86/kernel/cpu/microcode/core.c | 44 ++++++++++++++++++++++++++++
Why is all this code here at all?
What does that have *actually* to do with microcode loading?
AFAICT, you want to hook into microcode_check() which runs after the
microcode update and do your EUPDATESVN there...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
