From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: Re: [intel-sgx-kernel-dev] [PATCH 08/10] kvm: vmx: add guest's
 IA32_SGXLEPUBKEYHASHn runtime switch support
Date: Sat, 10 Jun 2017 15:23:06 +0300
Message-ID: <20170610122306.lfjshzepqxxyqj72@intel.com>
References: <58dcdb2d-6894-b0a3-8d6f-2ab752fd6d22@linux.intel.com>
 <CALCETrXG6KZEuxzDRwrAC5Wp=tCFaUBt4oPMQE40gdYB4p_A_Q@mail.gmail.com>
 <6ab7ec4e-e0fa-af47-11b2-f26edcb088fb@linux.intel.com>
 <CALCETrUcYfb8E2Ot=WhPH79bVNoPxyBX1ot02o_QvxVsLsQnMg@mail.gmail.com>
 <596dc1ad-eac7-798d-72e5-665eb7f3f2e4@linux.intel.com>
 <CALCETrXQCqtAGi2nvyB5_xndbaTymEk_XaVAX_EZUttUo2udCw@mail.gmail.com>
 <0b4697b9-0976-c8ad-e26f-4ff683318486@linux.intel.com>
 <ac08edb4-4f3b-443d-c301-1e6c8386c90b@linux.intel.com>
 <20170608123101.47pgsaovkgtdxaw4@intel.com>
 <46bdaa22-8e7d-738f-9dd0-840fe3327506@linux.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Andy Lutomirski <luto@kernel.org>,
        Kai Huang <kaih.linux@gmail.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Radim Krcmar <rkrcmar@redhat.com>,
        kvm list <kvm@vger.kernel.org>,
        "intel-sgx-kernel-dev@lists.01.org"
        <intel-sgx-kernel-dev@lists.01.org>, haim.cohen@intel.com
To: "Huang, Kai" <kai.huang@linux.intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mga06.intel.com ([134.134.136.31]:9618 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751581AbdFJMXL (ORCPT <rfc822;kvm@vger.kernel.org>);
        Sat, 10 Jun 2017 08:23:11 -0400
Content-Disposition: inline
In-Reply-To: <46bdaa22-8e7d-738f-9dd0-840fe3327506@linux.intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Fri, Jun 09, 2017 at 11:47:13AM +1200, Huang, Kai wrote:
> In my understanding, although you only allows one LE in kernel, but you
> won't limit who's LE can be run (basically kernel can run LE signed by
> anyone, but just one LE when kernel is running), so I don't see there is any
> limitation to KVM guests here.
> 
> But it may still be better if SGX driver can provide function like:
> 
>     int sgx_validate_sigstruct(struct sigstruct *sig);
> 
> for KVM to call, in case driver is changed (ex, to only allows LEs from some
> particular ones to run), but this is not necessary now. KVM changes can be
> done later when driver make the changes.
> 
> Andy,
> 
> Am I understanding correctly? Does this make sense to you?
> 
> Thanks,
> -Kai

Nope. I don't even understand the *beginnings* what that function would
do. I don't understand what the validation means here and what VMM would
do if that functions reports "success".

How that would work on a system where MSRs cannot be changed?

In that kind of system the host OS must generate EINITTOKEN for the LE
running on inside the guest and maintain completely virtualized MSR
values for the guest.

/Jarkko