Hi Boris,
Thanks for helping review!
> -----Original Message-----
> From: Borislav Petkov <bp@xxxxxxxxx>
> Sent: Friday, April 1, 2022 10:30 PM
> To: Zhang, Cathy <cathy.zhang@xxxxxxxxx>
> Cc: linux-sgx@xxxxxxxxxxxxxxx; x86@xxxxxxxxxx; jarkko@xxxxxxxxxx; Chatre,
> Reinette <reinette.chatre@xxxxxxxxx>; Hansen, Dave
> <dave.hansen@xxxxxxxxx>; Raj, Ashok <ashok.raj@xxxxxxxxx>
> Subject: Re: [RFC PATCH v3 09/10] x86/cpu: Call ENCLS[EUPDATESVN]
> procedure in microcode update
>
> On Fri, Apr 01, 2022 at 10:24:08PM +0800, Cathy Zhang wrote:
> > @@ -2086,6 +2087,14 @@ void microcode_check(void)
> >
> > perf_check_microcode();
> >
> > + /*
> > + * SGX related microcode update requires EUPDATESVN to update
> CPUSVN, which
> > + * will destroy all enclaves to ensure EPC is not in use. If SGX is
> configured
> > + * and EUPDATESVN is supported, call the EUPDATESVN procecure.
> > + */
> > + if (IS_ENABLED(CONFIG_X86_SGX) && (cpuid_eax(SGX_CPUID) &
> > +SGX_CPUID_EUPDATESVN))
>
> Stick all that above...
The comment is re-written as follows:
/*
* SGX attestation incorporates the microcode versions of all processors
* on the system and is affected by microcode updates. So, update SGX
* attestation metric (called CPUSVN) to ensure enclaves attest to the
* new version after microcode update.
*/
>
> > + update_cpusvn_intel();
>
> ...inside this function so that you have only the call here. Inside the function
> you can do all the ifdeffery, checking and commenting and so on. Just like
> perf_check_microcode() does.
>
Thanks for showing me the example! I've referred.
> Thx.
>
> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette
