x86/sgx: Add wrapper for SGX2 EMODT function
mainline inclusion from mainline-6.0-rc1 commit 09b38d0b category: feature bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I5USAM CVE: NA Intel-SIG: commit 09b38d0b x86/sgx: Add wrapper for SGX2 EMODT function. Backport for SGX EDMM support. -------------------------------- Add a wrapper for the EMODT ENCLS leaf function used to change the type of an enclave page as maintained in the SGX hardware's Enclave Page Cache Map (EPCM). EMODT: 1) Updates the EPCM page type of the enclave page. 2) Sets the MODIFIED bit in the EPCM entry of the enclave page. This bit is reset by the enclave by invoking ENCLU leaf function EACCEPT or EACCEPTCOPY. Access from within the enclave to the enclave page is not possible while the MODIFIED bit is set. After changing the enclave page type by issuing EMODT the kernel needs to collaborate with the hardware to ensure that no logical processor continues to hold a reference to the changed page. This is required to ensure no required security checks are circumvented and is required for the enclave's EACCEPT/EACCEPTCOPY to succeed. Ensuring that no references to the changed page remain is accomplished with the ETRACK flow. Signed-off-by:Reinette Chatre <reinette.chatre@intel.com> Signed-off-by:
Loading
Please sign in to comment