> -----Original Message----- > From: Huang, Kai <[email protected]> > Sent: Thursday, August 14, 2025 12:36 PM > To: Reshetova, Elena <[email protected]>; Hansen, Dave > <[email protected]> > Cc: [email protected]; [email protected]; Scarlata, Vincent R > <[email protected]>; [email protected]; [email protected]; > Annapurve, Vishal <[email protected]>; [email protected]; > Mallick, Asit K <[email protected]>; Aktas, Erdem > <[email protected]>; Cai, Chong <[email protected]>; Bondarevska, > Nataliia <[email protected]>; [email protected]; Raynor, Scott > <[email protected]> > Subject: Re: [PATCH v14 4/5] x86/sgx: Implement ENCLS[EUPDATESVN] > > On Thu, 2025-08-14 at 10:34 +0300, Reshetova, Elena wrote: > > All running enclaves and cryptographic assets (such as internal SGX > > encryption keys) are assumed to be compromised whenever an SGX-related > > microcode update occurs. To mitigate this assumed compromise the new > > supervisor SGX instruction ENCLS[EUPDATESVN] can generate fresh > > cryptographic assets. > > > > Before executing EUPDATESVN, all SGX memory must be marked as unused. > This > > requirement ensures that no potentially compromised enclave survives the > > update and allows the system to safely regenerate cryptographic assets. > > > > Add the method to perform ENCLS[EUPDATESVN]. However, until the follow > up > > patch that wires calling sgx_update_svn() from sgx_inc_usage_count(), this > > code is not reachable. > > > > Reviewed-by: Jarkko Sakkinen <[email protected]> > > Signed-off-by: Elena Reshetova <[email protected]> > > Reviewed-by: Kai Huang <[email protected]> > > > > > + * Return: > > + * * %0: - Success or not supported > > + * * %-EAGAIN: - Can be safely retried, failure is due to lack > > of > > + * * entropy in RNG > > Nit: if another version is ever needed, I think it would be better to make > the text vertical aligned w/o the leading '-', i.e., > > * %-EAGAIN: - Can be .... > entropy in RNG. > > .. instead of > > * %-EAGAIN: - Can be .... > entropy in RNG.
OK, yes, this can be fixed, indeed. Thank you very much for your reviews, Kai!
