FLC not detected in-kernel driver in VMs

[jmechalas]

I am not able to get KVM-based VMs to detect FLC support when using the in-kernel driver (say, as part of the Intel SGX DCAP package). No matter what combination of arguments I provide to QEMU (-cpu host, -cpu host,+sgxlc, -cpu <model>,+sgx,+sgxlc e.g. Skylake-Server), the guest OS fails to detect FLC when the DCAP driver is loaded:

[    2.213182] intel_sgx: intel_sgx: FLC feature is not supported on the platform!

This is despite the fact that CPUID in the guest shows that FLC is supported.

$ cpuid -1 -r | grep '0x00000007 0x00' | egrep -o 'ecx=0x[0-9a-f]+'
ecx=0x40000000

[jmechalas]

I was able to reproduce this error on a bare metal install on a NUC7PJYH so this may not be a KVM issue after all.

[sean-jc]

Double check that the FLC is enabled in FEATURE_CONTROL, i.e. bit 18 is set (and FEATURE_CONTROL is locked). Specifically related to KVM, I've encountered issues in the past where OVMF didn't set all requested bits in FEATURE_CONTROL.

[jmechalas]

Will do. But I think this is going to end up being a kernel version issue, as it wasn't clear from the DCAP documentation that the driver requires a minimum kernel version of 4.10, which is not the default version from 16.04.