On 9/9/21 3:16 PM, Philippe Mathieu-Daudé wrote:
> On 9/8/21 12:04 PM, Paolo Bonzini wrote:
>> From: Yang Zhong <yang.zh...@intel.com>
>>
>> Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
>> default enable sgx in the i386 platform.
>>
>> Signed-off-by: Yang Zhong <yang.zh...@intel.com>
>> Message-Id: <20210719112136.57018-32-yang.zh...@intel.com>
>> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
>> ---
>> backends/meson.build | 2 +-
>> configs/devices/i386-softmmu/default.mak | 1 +
>> hw/i386/Kconfig | 5 +++++
>> hw/i386/meson.build | 4 ++--
>> hw/i386/sgx-stub.c | 13 +++++++++++++
>> 5 files changed, 22 insertions(+), 3 deletions(-)
>> create mode 100644 hw/i386/sgx-stub.c
>> diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
>> new file mode 100644
>> index 0000000000..edf17c3309
>> --- /dev/null
>> +++ b/hw/i386/sgx-stub.c
>
> Ah, here comes the stub.
>
>> @@ -0,0 +1,13 @@
>> +#include "qemu/osdep.h"
>> +#include "hw/i386/pc.h"
>> +#include "hw/i386/sgx-epc.h"
>> +
>> +void pc_machine_init_sgx_epc(PCMachineState *pcms)
>> +{
>> + return;
>
> Nack.
>
> If an user tries to use sgx-epc.0.memdev=memid with a build with SGX
> not built in, you silently ignore the security request and keep booting
> the machine... Use something like:
>
> error_report("Support for SGX EPC not built-in");
> exit(EXIT_FAILURE);
>
> Or better pass an Error* argument to pc_machine_init_sgx_epc() to
> propagate the error.
If this get merged, please send a follow up patch to clean that.
>> +}
>> +
>> +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
>> +{
>> + return 1;
>
> No, this code is unreachable:
>
> g_assert_not_reached();
>
>> +}
>>
>
