summaryrefslogtreecommitdiff
path: root/tools/perf/scripts/python/stat-cpi.py
diff options
context:
space:
mode:
authorSean Christopherson <sean.j.christopherson@intel.com>2021-04-12 07:21:43 +0300
committerPaolo Bonzini <pbonzini@redhat.com>2021-04-20 11:18:56 +0300
commitfe7e948837f312d87853b3fce743795d1ae3715a (patch)
tree857091031011a85b50b8e1a04e06cff47b115993 /tools/perf/scripts/python/stat-cpi.py
parent72add915fbd5bf5c57deee3da5b2605e966ac199 (diff)
downloadlinux-fe7e948837f312d87853b3fce743795d1ae3715a.tar.xz
KVM: x86: Add capability to grant VM access to privileged SGX attribute
Add a capability, KVM_CAP_SGX_ATTRIBUTE, that can be used by userspace to grant a VM access to a priveleged attribute, with args[0] holding a file handle to a valid SGX attribute file. The SGX subsystem restricts access to a subset of enclave attributes to provide additional security for an uncompromised kernel, e.g. to prevent malware from using the PROVISIONKEY to ensure its nodes are running inside a geniune SGX enclave and/or to obtain a stable fingerprint. To prevent userspace from circumventing such restrictions by running an enclave in a VM, KVM restricts guest access to privileged attributes by default. Cc: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Kai Huang <kai.huang@intel.com> Message-Id: <0b099d65e933e068e3ea934b0523bab070cb8cea.1618196135.git.kai.huang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'tools/perf/scripts/python/stat-cpi.py')
0 files changed, 0 insertions, 0 deletions