-
-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/security/sgx: init #129432
nixos/security/sgx: init #129432
Conversation
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not in favor in packaging out-dated kernel drivers in nixpkgs. Kernel modules need a lot of maintenance so the latest version is often necessary. Also this old driver requires applying kernel patches applied to all kernels. SGX also has strict security requirements, which is why I would very much prefer the latest version. I am not aware of version incompatibilities with the later SGX kernel driver. The other components aesmd et all, are fine.
Since the current |
Did some more testing, and apparently the current version of the |
Hi @citadelcore! Thanks for your work! I attempted a pull request (#126990) a few weeks ago for the SGX SDK alone. Our works partially overlap, and it probably will not make sense to keep my PR up. The main motivation for my approach was reproducibility. Consequently, the IPP Crypto library is built from source, addressing concerns expressed in intel/linux-sgx#363. Also, since recent versions of From the point of view of reproducible builds, if the IPP Crypto is not built from source, a verifier will need to use Intel's toolchain to verify the reproducibility of the IPP Crypto, which is very cumbersome. Same reasoning goes for |
Thanks, this is interesting! I'll look into integrating an ippcrypto derviation into this PR in order to make things reproductible. |
Although the IPP Crypto library has its own repository, for the SGX SDK, it is built from the source code of the linux-sgx repository. I wrote a derivation for it at https://github.com/NixOS/nixpkgs/pull/126990/files#diff-bcead6f21cf360352863772a4cc6011209461ecba27e7b5f39540f2c64c26f36. As mentioned in intel/linux-sgx#719, the header file You probably won't need this, but just in case it can be useful: https://github.com/initc3/sgx-ipp-crypto gives an idea of what is more or less strictly necessary to build IPP Crypto for SGX. |
@citadelcore Out of curiosity, for the sdk, is there a specific reason why you install things "manually" via multiple sdk_install_pkg: sdk
./linux/installer/bin/build-installpkg.sh sdk cve-2020-0551 I did this in my PR https://github.com/NixOS/nixpkgs/blob/f00ed27355fab3584fa5bba97cac347b0cb81fd7/pkgs/os-specific/linux/sgxsdk/default.nix#L77-L86 I am just curious. I assume you had a good reason to do so, especially given the extra tedious work required. |
|
||
substituteInPlace psw/ae/aesm_service/source/CMakeLists.txt \ | ||
--replace '/usr/bin/getconf' '${getconf}/bin/getconf' | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick to make editorconfig-checker happy:
@@ -0,0 +1,296 @@ | |||
{ type, debug ? false }: | |||
assert builtins.elem type [ "sdk" "psw" ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assert builtins.elem type [ "sdk" "psw" ]; | |
# SDK: Software development kit for developing enclave applications | |
# PSW: Platform software to run the enclaves | |
assert builtins.elem type [ "sdk" "psw" ]; |
Regarding the |
FWIW, we created packages for the SGX SDK & PSW and a module as well. I just published our flake: https://github.com/yaxitech/nix-linux-sgx Maybe it is helpful to advance this PR 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your work (and also @sbellem)! Looking forward to having this merged.
serviceConfig = { | ||
ExecStart = "${path}/aesm_service --no-daemon"; | ||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; | ||
ExecStartPre = [ "${pkgs.coreutils}/bin/mkdir -p /var/opt/aesmd/data /var/opt/aesmd/fwdir/data" ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could also leverage systemd sandboxing using StateDirectory
and BindPaths
to avoid the system-wide FHS path and tmpfiles.
RuntimeDirectoryMode = "0755"; | ||
ReadWritePaths = [ "/var/opt/aesmd" ]; | ||
|
||
# Hardening |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really appreciate all the effort you've put into hardening. We should definitely have that but I wonder how tried and tested this configuration is as the upstream service definition does not declare any hardening. Do you run this service in production somewhere or can you share any other experiences?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my own experience with running aesmd and systemd hardening option, the option chosen here looks fine.
It looks scary of the high number but to be honest most services should not do the majority of options that were disabled here. I also prefer remove hardening afterwards rather than breaking existing setups by adding more hardening later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Upstream probably don't care as much about adding them because they might target some old redhat linux that does not have those hardening options yet.
installPhase = | ||
let build = "build/linux"; | ||
in | ||
if type == "sdk" then '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally, I'd prefer a common base derivation with two distinct derivations over a flag. In fact, the SDK is a dependency of the PSW package and also in general they have different dependencies.
homepage = "https://01.org/intel-softwareguard-extensions"; | ||
license = licenses.bsd3; | ||
maintainers = with maintainers; [ citadelcore ]; | ||
platforms = platforms.linux; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The packages also only work on x86_64
:
platforms = platforms.linux; | |
platforms = [ "x86_64-linux" ]; |
mkdir -p $out/etc/udev/rules.d | ||
cp linux/installer/common/libsgx-enclave-common/91-sgx-enclave.rules $out/etc/udev/rules.d/ | ||
cp linux/installer/common/sgx-aesm-service/92-sgx-provision.rules $out/etc/udev/rules.d/ | ||
''; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea to compile and run some of the SDK samples in simulation mode in the installCheckPhase
. That way we can have some confidence the SDK is working.
Hey @citadelcore, @veehaitch, @arcz, and @SuperSandro2000, I am a bit confused about what to do with my PR at #126990. It has received reviews from @arcz and @SuperSandro2000 which I have tried to address as best as I could so far. @arcz has also been helping to improve the nix pkg for the IPP Crypto library in the original PR (#126990). His proof-of-concept is at https://github.com/arcz/nixpkgs/tree/553f8e22d35ef060f5c4de19d0d0d575206c9a66/pkgs/os-specific/linux/sgx-sdk. My PR was primarily focused on the SDK and IPP-Crypto library (a dependency), as the goal is to provide a reproducible SDK build, fully built from source, which can be used as a building block in user-defined enclaves, thus allowing these enclaves to also be built reproducibly. This is very important for audits. After consulting with Intel, I did not bother to work on the PSW, because from the point of view of reproducible enclave builds, the PSW is not involved, as it's a runtime component. Now, my understanding is that this PR addresses a broader set of concerns, most notably that of making the SGX SDK & PSW available on NixOS, which is great. It does not however fully address the issue of reproducible builds, as pointed out in comments #129432 (comment) & So this brings us back to the opening statement of this comment, which is that we have 2 partially overlapping pull requests, both proposing to add a package for the SGX SDK. Moreover, in addition to the two PRs, we have works in:
It seems to me that a consolidating effort would make sense (?) ... Any feedback welcome! Please note that I am new to the nix community, and hence I am not aware of how this particular repository manages its very high number of pull requests. |
I was about to merge this PR when you came up and proposed to build it from source, which @citadelcore also confirmed. |
I wholeheartedly agree that having a fully reproducible SDK is very important and that reproducibility didn't yet get the attention it should. Ideally, we'd have bit-perfect reproducibility of the SDK and all its (transitive) dependencies (maybe similar to what we have for the minimal ISO). Therefore, it makes a lot of sense to integrate your efforts and we should continue to go down that road. Maybe an incremental approach makes sense: First, add working packages for the SDK and PSW. Together with a module, this would already allow anybody to create and test SGX applications on NixOS. This is what the present PR does. Second, make the SDK reproducible. As far as I understand, this also requires upstream changes and, ideally, Intel should also adopt the approach we come up with to supersede the Nix derivation they—after a fashion—currently use. I don't know how eager they are to achieve proper reproducibility with Nix although it makes a lot of sense for all parties involved. Nevertheless, we should push for that. Happy to lend a hand and join forces. |
It doesn't look like it'd be much effort to add reproducibility from @sbellem's PR into mine. As it seems fairly straightforward, I'll do that as soon as I can and update this. |
Any news here, @citadelcore 🙂 |
|
|
||
driver = mkOption { | ||
type = types.package; | ||
default = pkgs.linuxPackages.isgx; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be config.boot.kernelPackages.isgx
. Otherwise, it will mix up kernel modules and kernel with different versions.
As a side note: Newer kernels come with SGX support built-in, but I'm not sure whether this is a realistic option just yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the in-tree SGX support works just fine! 🙂
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then we could flip the SGX kernel option on for newer kernels by default and get rid of the third-party module.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll have a modern Atom to test this on next week or so.
@citadelcore It would be really awesome to get this into nixpkgs! If there is something, you need help with, just say so. :) |
I've been seeing this:
Is this related? Should there be a users.groups.sgx.gid? |
assert builtins.elem type [ "sdk" "psw" ]; | ||
|
||
{ lib | ||
, pkgs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
, pkgs |
|
||
makeFlags = [ type ] | ||
# include the path to the SDK for PSW builds which depend on it | ||
++ lib.optional (type == "psw") "SGX_SDK=${pkgs.intel-sgx-sdk}/usr/share/sgxsdk" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
++ lib.optional (type == "psw") "SGX_SDK=${pkgs.intel-sgx-sdk}/usr/share/sgxsdk" | |
++ lib.optional (type == "psw") "SGX_SDK=${intel-sgx-sdk}/usr/share/sgxsdk" |
buildInputs = [ | ||
curl | ||
openssl | ||
] ++ (lib.optional (type == "psw") pkgs.intel-sgx-sdk); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
] ++ (lib.optional (type == "psw") pkgs.intel-sgx-sdk); | |
] ++ lib.optional (type == "psw") intel-sgx-sdk; |
@@ -20603,6 +20603,9 @@ in | |||
|
|||
intel-ocl = callPackage ../os-specific/linux/intel-ocl { }; | |||
|
|||
intel-sgx-sdk = callPackage (import ../os-specific/linux/intel-sgx { type = "sdk"; }) { }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With #126990 in the tree, I think this PR now needs to be rebased.
#148593 looks very good. From my point this PR is obsolete and can be closed. |
Motivation for this change
Adds packages and a module for the Intel SGX (Software Guard Extensions) service, including the SDK and PSW (Platform Software) binaries.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)