x86/cpu/intel: Add a nosgx kernel parameter

Add a kernel parameter to disable SGX kernel support and document it.

 [ bp: Massage. ]

Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Acked-by: Jethro Beekman <jethro@fortanix.com>
Tested-by: Sean Christopherson <sean.j.christopherson@intel.com>
Link: https://lkml.kernel.org/r/20201112220135.165028-9-jarkko@kernel.org

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 526d65d8573a4c448923c606e7f7e36e494740d1..42d1528a5b606e3875bd1ab0cc399f278e1dd896 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3368,6 +3368,8 @@
 
        nosep           [BUGS=X86-32] Disables x86 SYSENTER/SYSEXIT support.
 
+       nosgx           [X86-64,SGX] Disables Intel SGX kernel support.
+
        nosmp           [SMP] Tells an SMP kernel to act as a UP kernel,
                        and disable the IO APIC.  legacy for "maxcpus=0".
 

diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index d38e973250186c92424bb11bfcf7d22b9461228d..3b1b01f2b248a57cd0dee06fbd35077e42ed1a76 100644 (file)
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -99,6 +99,15 @@ static void clear_sgx_caps(void)
        setup_clear_cpu_cap(X86_FEATURE_SGX_LC);
 }
 
+static int __init nosgx(char *str)
+{
+       clear_sgx_caps();
+
+       return 0;
+}
+
+early_param("nosgx", nosgx);
+
 void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
 {
        bool tboot = tboot_enabled();