On 7/14/22 06:19, Haitao Huang wrote: > > I think you need add this change in arch/x86/kernel/cpu/sgx/ioctl.c, > inside sgx_encl_create function: > > - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | > SGX_ATTR_KSS; > + encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | > SGX_ATTR_KSS | SGX_ATTR_ASYNC_EXIT_NOTIFY; > > Otherwise, EINIT ioctl fails with this new attribute set in enclave secs. Makes sense. I'll add it there. I also just realized we need to update arch/x86/kvm/cpuid.c as well. It keeps a complete list of guest-available SGX attributes.
