-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve SGX labels #130
Comments
cpuid-SGX label is correct (note the cpuid part in label name). The fact that use of SGX requires more (BIOS support, opt-in enabling), does not make cpuid-SGX label void or false. If we want to see label "SGX can be used" then we need additional detection code somewhere. Extending related CPUID-based flags: End goal, i.e. to get label "SGX can be used": |
I agree with @okartau here. The CPUID feature source advertises capabilities as returned by the cpuid instruction. I think we should not change that. It is just a bit unfortunate that the sgx flag from this source is not necessarily very useful for the user. If this needs to be improved, we should probably implement a new feature source, e.g. using cpu flags (as suggested in #132) or something else. |
IMO, the title of this issue is valid and the improvement is justified: |
Probably so. I just tried to point out that the CPUID SGX label is correct and should not be changed (possibly only masked out), and, we need a new feature source (plugin) if we want to have SGX detection. |
@mythi: Is this feature still needed? What would be the use case for this? |
I currently don't have the need for this. This was more of a reminder/note that the current cpuid based label for SGX may not give the truth about node SGX capabilities. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Update cpuid from v1.2.2 to v1.2.3. Brings in SGX improvements and CPUID leaf 7 feature detection (VBMI2, VPOPCNTDQ, GFNI, VAES, AVX512BITALG, VPCLMULQDQ, AVX512BF16, AVX512VP2INTERSECT). Blacklist cpuid-SGX* (issue kubernetes-sigs#130). Signed-off-by: Antti Kervinen <antti.kervinen@intel.com>
Closes: kubernetes-sigs#321 Related: kubernetes-sigs#130 Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Closes: kubernetes-sigs#321 Related: kubernetes-sigs#130 Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
/reopen I'll be working on addressing this. |
@mythi: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Currently, the SGX label is added as true if the
cpuid
instruction says SGX is supported. However, it may be that the SGX leaf instructions are disabled from the feature control register making the label void (SXG=true but you cannot execute SGX enclaves).Additionally, SGX Launch control feature bit is necessary as the label.
The text was updated successfully, but these errors were encountered: