On Wed, Apr 9, 2025 at 7:07 PM Dave Hansen <dave.han...@intel.com> wrote: > > On 4/9/25 09:55, Vladis Dronov wrote: > ... > > Fix this by adding "-mno-avx" to ENCL_CFLAGS in Makefile. Add some comments > > about this to code locations where enclave's xfrm field is set. > > > > Suggested-by: Dave Hansen <dave.han...@linux.intel.com> > > Signed-off-by: Vladis Dronov <vdro...@redhat.com> > > First of all, this looks fine to me: > > Acked-by: Dave Hansen <dave.han...@linux.intel.com> > > The code comments are fine. I'm much less picky about selftests. > > I'm also open to other solutions here. We could, for instance, set > xfrm=7 to allow AVX2 instructions (which are generated by > "--with-arch_64=x86-64-v3") or use some compiler flags other than > "-mno-avx". > > But "-mno-avx" does seem good to me. >
Thank you for the ACK, Dave. I've tested an enclave with xfrm=7 and it errors out at the AVX512 instruction (namely, vmovdqa64) in the same way. So if there is a compiler built with "--with-arch_64=x86-64-v4" in some future, we would get into the exact same situation. So I believe a solution when we disable extended instruction sets in an enclave as one covering all future cases.
