Commit fb49a270 authored by Jarkko Sakkinen's avatar Jarkko Sakkinen Committed by Zheng Zengkai
Browse files

x86/sgx: Add SGX_IOC_ENCLAVE_INIT 

mainline inclusion
from mainline-v5.11-rc1
commit 9d0c151b
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI


CVE: NA

--------------------------------

Enclaves have two basic states. They are either being built and are
malleable and can be modified by doing things like adding pages. Or,
they are locked down and not accepting changes. They can only be run
after they have been locked down. The ENCLS[EINIT] function induces the
transition from being malleable to locked-down.

Add an ioctl() that performs ENCLS[EINIT]. After this, new pages can
no longer be added with ENCLS[EADD]. This is also the time where the
enclave can be measured to verify its integrity.

Intel-SIG: commit 9d0c151b x86/sgx: Add SGX_IOC_ENCLAVE_INIT
Backport for SGX Foundations support

Co-developed-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Tested-by: default avatarJethro Beekman <jethro@fortanix.com>
Link: https://lkml.kernel.org/r/20201112220135.165028-15-jarkko@kernel.org


Signed-off-by: Fan Du <fan.du@intel.com> #openEuler_contributor
Signed-off-by: default avatarLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: default avatarBamvor Zhang <bamvor.zhang@suse.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 96509be6
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment