| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YiiNPWdsYtWiULZm@zn.tnic>
Date: Wed, 9 Mar 2022 12:20:16 +0100
From: Borislav Petkov <bp@...en8.de>
To: Cathy Zhang <cathy.zhang@...el.com>
Cc: linux-sgx@...r.kernel.org, x86@...nel.org, dave.hansen@...el.com,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 09/11] x86/microcode: Expose EUPDATESVN procedure via
sysfs
On all your patches for the future: don't forget to Cc LKML.
On Wed, Mar 09, 2022 at 06:40:48PM +0800, Cathy Zhang wrote:
> EUPDATESVN is the SGX instruction which allows enclave attestation
> to include information about updated microcode without a reboot.
>
> Microcode updates which affect SGX require two phases:
>
> 1. Do the main microcode update
> 2. Make the new CPUSVN available for enclave attestation via
> EUPDATESVN.
>
> Before a EUPDATESVN can succeed, all enclave pages (EPC) must be
> marked as unused in the SGX metadata (EPCM). This operation destroys
> all preexisting SGX enclave data and metadata. This is by design and
> mitigates the impact of vulnerabilities that may have compromised
> enclaves or the SGX hardware itself prior to the update.
>
> Signed-off-by: Cathy Zhang <cathy.zhang@...el.com>
> ---
> arch/x86/include/asm/microcode.h | 5 ++++
> arch/x86/include/asm/sgx.h | 5 ++++
> arch/x86/kernel/cpu/microcode/core.c | 44 ++++++++++++++++++++++++++++
Why is all this code here at all?
What does that have *actually* to do with microcode loading?
AFAICT, you want to hook into microcode_check() which runs after the
microcode update and do your EUPDATESVN there...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists