x86/sgx: Implement ENCLS[EUPDATESVN] - user/sven/linux.git

diff options

author	Elena Reshetova <elena.reshetova@intel.com>	2025-10-16 16:11:07 +0300
committer	Dave Hansen <dave.hansen@linux.intel.com>	2025-10-16 14:42:09 -0700
commit	4e75697faa7af5a254def4c0939d06d0f5b9ed17 (patch)
tree	618c450c5e56ba89a90d55e8318498fe6fb23845 /drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c
parent	7b502832ee69274ce88faa5d64a339f8760b50bf (diff)

x86/sgx: Implement ENCLS[EUPDATESVN]

All running enclaves and cryptographic assets (such as internal SGX encryption keys) are assumed to be compromised whenever an SGX-related microcode update occurs. To mitigate this assumed compromise the new supervisor SGX instruction ENCLS[EUPDATESVN] can generate fresh cryptographic assets. Before executing EUPDATESVN, all SGX memory must be marked as unused. This requirement ensures that no potentially compromised enclave survives the update and allows the system to safely regenerate cryptographic assets. Add the method to perform ENCLS[EUPDATESVN]. However, until the follow up patch that wires calling sgx_update_svn() from sgx_inc_usage_count(), this code is not reachable. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Kai Huang <kai.huang@intel.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Nataliia Bondarevska <bondarn@google.com>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: