Re: [PATCH v27 00/22] Intel SGX foundations

["Dr. Greg" <greg@enjellic.com>]

On Mon, Feb 24, 2020 at 01:13:17PM -0800, Sean Christopherson wrote:

Hi, I hope the week is ending well for everyone.

> On Mon, Feb 24, 2020 at 04:09:32AM -0600, Dr. Greg wrote:
> > On Sun, Feb 23, 2020 at 07:25:37PM +0200, Jarkko Sakkinen wrote:
> > 
> > Good morning, I hope the week is starting well for everyone.
> > 
> > > Intel(R) SGX is a set of CPU instructions that can be used by
> > > applications to set aside private regions of code and data. The code
> > > outside the enclave is disallowed to access the memory inside the
> > > enclave by the CPU access control.
> > 
> > Do we misinterpret or is the driver not capable of being built in
> > modular form?

> Correct.

That is what we had concluded, thanks for the verification.

> > If not, it would appear that this functionality has been lost since
> > version 19 of the driver, admittedly some time ago.

> It was removed in v20[*].

We didn't see documentation of this in any of the v20 release bullet
points, hence the question.

> > > * Allow the driver to be compiled as a module now that it no code is using
> > >   its routines and it only uses exported symbols. Now the driver is
> > >   essentially just a thin ioctl layer.

> > Not having the driver available in modular form obviously makes
> > work on the driver a bit more cumbersome.

> Heh, depends on your development environment, e.g. I do 99% of my
> testing in a VM with a very minimal kernel that even an anemic
> system can incrementally build in a handful of seconds.

Lacking a collection of big beefy development machines with 256+
gigabytes of RAM isn't the challenge, rebooting to test functionality
on the physical hardware is what is a bit of a nuisance.

> > I'm assuming that the lack of module support is secondary to some
> > innate architectural issues with the driver?

> As of today, the only part of the driver that can be extracted into
> a module is effectively the ioctl() handlers, i.e. a module would
> just be an ioctl() wrapper around a bunch of in-kernel
> functionality.  At that point, building the "driver" as a module
> doesn't provide any novel benefit, e.g.  very little memory
> footprint savings, reloading the module wouldn't "fix" any bugs with
> EPC management, SGX can still be forcefully disabled via kernel
> parameter, etc...  And on the flip side, allowing it to be a module
> would require exporting a non-trivial number of APIs that really
> shouldn't be exposed outside of the SGX subsystem.
>
> As for why things are baked into the kernel:
> 
>   - EPC management: support for future enhancements (KVM and EPC cgroup).
> 
>   - Reclaim: don't add a unnecessary infrastructure, i.e. avoid a callback
>     mechanism for which there is a single implementation.
> 
>   - Tracking of LEPUBKEYHASH MSRs: KVM support.

I don't doubt the justifications, just a bit unusual for a driver, but
this driver is obviously a bit unusual.

It will be interesting to see if the distros compile it in.

Thank you for the clarifications, have a good weekend.

Dr. Greg

As always,
Dr. Greg Wettstein, Ph.D    Worker / Principal Engineer
IDfusion, LLC
4206 19th Ave N.            Specialists in SGX secured infrastructure.
Fargo, ND  58102
PH: 701-281-1686            CELL: 701-361-2319
EMAIL: gw@idfusion.org
------------------------------------------------------------------------------
"We are confronted with insurmountable opportunities."
                                -- Walt Kelly