diff options
| author | Sean Christopherson <sean.j.christopherson@intel.com> | 2021-03-19 10:22:58 +0300 |
|---|---|---|
| committer | Borislav Petkov <bp@suse.de> | 2021-04-06 10:43:41 +0300 |
| commit | 332bfc7becf479de8a55864cc5ed0024baea28aa (patch) | |
| tree | 5cae589db8171a7f4a408c37b7f38695631a6147 /arch/x86/kernel/jailhouse.c | |
| parent | 540745ddbc70eabdc7dbd3fcc00fe4fb17cd59ba (diff) | |
| download | linux-332bfc7becf479de8a55864cc5ed0024baea28aa.tar.xz | |
x86/cpu/intel: Allow SGX virtualization without Launch Control support
The kernel will currently disable all SGX support if the hardware does
not support launch control. Make it more permissive to allow SGX
virtualization on systems without Launch Control support. This will
allow KVM to expose SGX to guests that have less-strict requirements on
the availability of flexible launch control.
Improve error message to distinguish between three cases. There are two
cases where SGX support is completely disabled:
1) SGX has been disabled completely by the BIOS
2) SGX LC is locked by the BIOS. Bare-metal support is disabled because
of LC unavailability. SGX virtualization is unavailable (because of
Kconfig).
One where it is partially available:
3) SGX LC is locked by the BIOS. Bare-metal support is disabled because
of LC unavailability. SGX virtualization is supported.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Link: https://lkml.kernel.org/r/b3329777076509b3b601550da288c8f3c406a865.1616136308.git.kai.huang@intel.com
Diffstat (limited to 'arch/x86/kernel/jailhouse.c')
0 files changed, 0 insertions, 0 deletions