| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a56bc12f6c60107c935db31d7330d28980ac4d5a.camel@intel.com>
Date: Tue, 30 Jul 2024 11:57:39 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "seanjc@...gle.com" <seanjc@...gle.com>, "bp@...en8.de" <bp@...en8.de>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "hpa@...or.com"
<hpa@...or.com>, "wangyuli@...ontech.com" <wangyuli@...ontech.com>,
"tglx@...utronix.de" <tglx@...utronix.de>, "mingo@...hat.com"
<mingo@...hat.com>, "xiangzelong@...ontech.com" <xiangzelong@...ontech.com>
CC: "baimingcong@...ontech.com" <baimingcong@...ontech.com>,
"linux-sgx@...r.kernel.org" <linux-sgx@...r.kernel.org>, "jarkko@...nel.org"
<jarkko@...nel.org>, "x86@...nel.org" <x86@...nel.org>,
"guanwentao@...ontech.com" <guanwentao@...ontech.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"haitao.huang@...ux.intel.com" <haitao.huang@...ux.intel.com>,
"wubo@...ontech.com" <wubo@...ontech.com>
Subject: Re: [PATCH] x86/cpufeatures: SGX: Adjust the error message when BIOS
does not support SGX
On Tue, 2024-07-30 at 10:49 +0800, WangYuli wrote:
> When SGX is not supported by the BIOS, we still output the error
> 'SGX disabled by BIOS', which can be confusing since there might not be
> an SGX-related option in the BIOS settings.
+linux-sgx list, Jarkko, Haitao.
This message is only printed when SGX is reported in CPUID but is not
enabled in the FEAT_CTL MSR. I can only recall this can happen when the
BIOS actually provides an option for the user to turn on/off SGX, in
which case the current message is correct.
I could be wrong, but I don't recall I have met any machine that doesn't
have any SGX option in the BIOS but still reports SGX in the CPUID. Can
you confirm this is the case?
I don't see this is mentioned in the github link below which reports this
issue. In fact, it says:
非bug,主板bios关闭了SGX,正常内核提醒
.. which is
Not bug, the motherboard BIOS disabled SGX, normal kernel
message
And the link also shows this issue is "closed".
Please clarify.
>
> As a kernel, it's difficult for us to distinguish between the BIOS not
> supporting SGX and the BIOS supporting SGX but it's disabled.
>
> Therefore, we should update the error message to
> 'SGX disabled or unsupported by BIOS' to make it easier for those reading
> kernel logs to understand what's happening.
>
> Reported-by: Bo Wu <wubo@...ontech.com>
> Link: https://github.com/linuxdeepin/developer-center/issues/10032
> Signed-off-by: Zelong Xiang <xiangzelong@...ontech.com>
> Signed-off-by: WangYuli <wangyuli@...ontech.com>
> ---
> arch/x86/kernel/cpu/feat_ctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
> index 1640ae76548f..4a4118784c13 100644
> --- a/arch/x86/kernel/cpu/feat_ctl.c
> +++ b/arch/x86/kernel/cpu/feat_ctl.c
> @@ -188,7 +188,7 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
> update_sgx:
> if (!(msr & FEAT_CTL_SGX_ENABLED)) {
> if (enable_sgx_kvm || enable_sgx_driver)
> - pr_err_once("SGX disabled by BIOS.\n");
> + pr_err_once("SGX disabled or unsupported by BIOS.\n");
> clear_cpu_cap(c, X86_FEATURE_SGX);
> return;
> }
Powered by blists - more mailing lists