All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jethro Beekman <jethro@fortanix.com>
To: Jarkko Sakkinen <jarkko@kernel.org>,
	Raoul Strackx <raoul.strackx@fortanix.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 0/3] x86/sgx: eextend ioctl
Date: Wed, 14 Apr 2021 13:01:02 +0200	[thread overview]
Message-ID: <928ded49-3e86-eae0-de87-f570cf477aef@fortanix.com> (raw)
In-Reply-To: <YHbJfXqyhtUb1AKw@kernel.org>

[-- Attachment #1: Type: text/plain, Size: 4113 bytes --]

On 2021-04-14 12:52, Jarkko Sakkinen wrote:
> On Mon, Apr 12, 2021 at 10:59:56AM +0200, Raoul Strackx wrote:
>> Creation of an SGX enclave consists of three steps. First, a new enclave
>> environment is created by the ECREATE leaf function. Some enclave settings
>> are specified at this step by passing an SGX Enclave Control Structure
>> (SECS) that contains the enclave MRENCLAVE, MRSIGNER, etc. This
>> instruction also starts a cryptographic log of the enclave being built.
>> (This log should eventually result in the MRENCLAVE.) Second, pages are
>> added to the enclave. The EADD leaf function copies 4KB data to an empty
>> EPC page. The cryptographic log records (among other properties) the
>> location and access rights of the page being added. It _does not_ include
>> an entry of the page content. When the enclave writer wishes to ensure the
>> content of (a part of) the enclave page as well, she must use the EEXTEND
>> leaf function. Extending the enclave cryptographic log can only be done
>> per 256 bytes. Extending the log with a full 4K page thus requires 16
>> invocations of the EEXTEND leaf function. It is however up to the enclave
>> developer to decide if and how enclave memory is added to the 
>> cryptographic log. EEXTEND functions may be issued only for relevant parts
>> of an enclave page, may happen only after all pages have been added, and
>> so on. Finally, the enclave is finalized by the EINIT leaf function. Any
>> new invocations of the EADD or EEXTEND leaf functions will result in a
>> fault. With EINIT a number of checks are performed as well. The 
>> cryptographic hash of the final cryptographic log is compared to the
>> MRENCLAVE field of the SECS structure passed to the ECREATE leaf function
>> (see step one). The signature (MRSIGNER) over this MRENCLAVE is verified
>> as well. When all checks pass, the enclave loading is complete and it
>> enters the executable state.
> 
> Who do you expect to read this paragraph, seriously?

What do you mean? There was a request for more architectural details in the cover letter.

> 
>> The SGX driver currently only supports extending the cryptographic log as
>> part of the EADD leaf function and _must_ cover complete 4K pages.
>> Enclaves not constructed within these constraints, currently cannot be
>> loaded on the Linux platform. Trying to do so will result in a different
>> cryptographic log; the MRENCLAVE specified at enclave creation time will
>> not match the cryptographic log kept by the processor and EINIT will fail.
>> This poses practical problems:
>> - The current driver does not fully support all possible SGXv1 enclaves.
>>   It creates a separation between enclaves that run everywhere and
>>   enclaves that run everywhere, except on Linux. This includes enclaves
>>   already in use on other systems today.
>> - It limits optimizations loaders are able to perform. For example, by
>>   only measuring relevant parts of enclave pages, load time can be
>>   minimized.
>>
>> This patch set adds a new ioctl to enable userspace to execute EEXTEND
>> leaf functions per 256 bytes of enclave memory. With this patch in place,
>> Linux will be able to build all valid SGXv1 enclaves.
>>
>> See additional discussion at:
>> https://lore.kernel.org/linux-sgx/20200220221038.GA26618@linux.intel.com/
>> T/#m93597f53d354201e72e26d93a968f167fcdf5930
>>
>>
>> Raoul Strackx (3):
>>   x86/sgx: Adding eextend ioctl
>>   x86/sgx: Fix compatibility issue with OPENSSL < 1.1.0
>>   x86/sgx: eextend ioctl selftest
>>
>>  arch/x86/include/uapi/asm/sgx.h         | 11 +++++
>>  arch/x86/kernel/cpu/sgx/ioctl.c         | 81 ++++++++++++++++++++++++++++-----
>>  tools/testing/selftests/sgx/defines.h   |  1 +
>>  tools/testing/selftests/sgx/load.c      | 57 +++++++++++++++++++----
>>  tools/testing/selftests/sgx/main.h      |  1 +
>>  tools/testing/selftests/sgx/sigstruct.c | 43 ++++++++---------
>>  6 files changed, 154 insertions(+), 40 deletions(-)
>>
>> -- 
>> 2.7.4
>>
>>
> 
> /Jarkko
> 

--
Jethro Beekman | Fortanix


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4490 bytes --]

  reply	other threads:[~2021-04-14 11:01 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-12  8:59 [PATCH v2 0/3] x86/sgx: eextend ioctl Raoul Strackx
2021-04-12  9:04 ` [PATCH v2 1/3] x86/sgx: Adding " Raoul Strackx
2021-04-12  9:04 ` [PATCH v2 2/3] x86/sgx: Fix compatibility issue with OPENSSL < 1.1.0 Raoul Strackx
2021-04-12  9:05 ` [PATCH v2 3/3] x86/sgx: eextend ioctl selftest Raoul Strackx
2021-04-12 15:36 ` [PATCH v2 0/3] x86/sgx: eextend ioctl Dave Hansen
2021-04-12 15:58   ` Jethro Beekman
2021-04-12 16:40     ` Dave Hansen
2021-04-12 16:41       ` Jethro Beekman
2021-04-12 16:47         ` Dave Hansen
2021-04-12 17:01           ` Jethro Beekman
2021-04-14 11:07             ` Jarkko Sakkinen
2021-04-14 10:52 ` Jarkko Sakkinen
2021-04-14 11:01   ` Jethro Beekman [this message]
2021-04-16 13:08     ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=928ded49-3e86-eae0-de87-f570cf477aef@fortanix.com \
    --to=jethro@fortanix.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jarkko@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=raoul.strackx@fortanix.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.