linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Raoul Strackx <raoul.strackx@fortanix.com>
To: Dave Hansen <dave.hansen@intel.com>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH RESEND 0/3] x86/sgx: eextend ioctl
Date: Thu, 1 Apr 2021 16:56:13 +0200	[thread overview]
Message-ID: <ece49a38-c84d-dba7-6039-b409511e7303@fortanix.com> (raw)
In-Reply-To: <c7b19652-3b5a-e864-1e0e-3e3d26944398@intel.com>

On 3/31/21 5:53 PM, Dave Hansen wrote:
> On 3/31/21 5:50 AM, Raoul Strackx wrote:
>> The sgx driver can only load enclaves whose pages are fully measured.
>> This may exclude existing enclaves from running. This patch adds a
>> new ioctl to measure 256 byte chunks at a time.
> 
> The changelogs here are pretty sparse.  Could you explain in a bit more
> detail what's going on?
> 
> A review of the relevant pieces of the SGX architecture would be
> appreciated.
> 

Yes the explanation was very succinct. A more elaborate explanation:

BACKGROUND
Creation of an SGX enclave consists of three steps. First, a new enclave 
environment is created by the ECREATE leaf function. Some enclave settings 
are specified at this step by passing an SGX Enclave Control Structure 
(SECS) that contains the enclave MRENCLAVE, MRSIGNER, etc. This 
instruction also starts a cryptographic log of the enclave being built. 
(This log should eventually result in the MRENCLAVE.)
Second, pages are added to the enclave. The EADD leaf function copies 4KB 
data to an empty EPC page. The cryptographic log records (among other 
properties) the location and access rights of the page being added. It 
_does not_ include a measurement of the page content. When the enclave 
writer wishes to ensure the content of the enclave page as well, she must 
use the EEXTEND leaf function. Extending the enclave cryptographic log can 
only be done per 256 bytes. Extending the log with a full 4K page thus 
requires 16 invocations of the EEXTEND leaf function.
Finally, the enclave is finalized by the EINIT leaf function. Any new 
invocations of the EADD or EEXTEND leaf functions will result in a fault. 
With EINIT a number of checks are performed as well. A cryptographic hash 
is computed over the final cryptographic log and compared to the MRENCLAVE 
field of the SECS structure passed to the ECREATE leaf function (see step 
one). The signature (MRSIGNER) over this MRENCLAVE is verified as well. 
When all checks pass, the enclave enters an executable state.

PROBLEM STATEMENT
The SGX driver currently only supports extending the cryptographic log as 
part of the EADD leaf function and _must_ measure full 4K pages. Not all 
enclaves may have been constructed within these constraints. Such enclaves 
currently cannot be build on the Linux platform. Trying to do so will 
result in a different cryptographic log; the MRENCLAVE specified at 
enclave creation time will not match the cryptographic log kept by the 
processor and EINIT will fail.

SOLUTION OF THIS PATCH
This patch adds a new ioctl to enable userspace to execute EEXTEND leaf 
functions per 256 bytes of enclave memory. This enables enclaves to be 
build as specified by enclave providers.



I'm still very new to how Linux kernel patches are handled. Where
would such a more elaborate description usually go: the cover page, the
commit that introduces the ioctl or both?

Regards,
Raoul


  reply	other threads:[~2021-04-01 17:43 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-31 12:50 [PATCH RESEND 0/3] x86/sgx: eextend ioctl Raoul Strackx
2021-03-31 15:53 ` Dave Hansen
2021-04-01 14:56   ` Raoul Strackx [this message]
2021-04-01 16:11     ` Dave Hansen
2021-04-01 17:49       ` Raoul Strackx
2021-04-01 18:40         ` Dave Hansen
2021-04-02  8:38           ` Jethro Beekman
2021-04-02 15:53             ` Dave Hansen
2021-04-02 18:31               ` Jethro Beekman
2021-04-02 18:42                 ` Dave Hansen
2021-04-02 19:38                   ` Jethro Beekman
2021-04-02 19:50                     ` Dave Hansen
2021-04-02 20:20                       ` Jethro Beekman
2021-04-02 20:48                         ` Dave Hansen
2021-04-08 15:27                           ` Jethro Beekman
2021-04-08 15:54                             ` Dave Hansen
2021-04-04 16:04                 ` Jarkko Sakkinen
2021-04-08 15:07                   ` Jethro Beekman
2021-04-01 17:59       ` Jethro Beekman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ece49a38-c84d-dba7-6039-b409511e7303@fortanix.com \
    --to=raoul.strackx@fortanix.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jarkko@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).