Skip to content

A set of "helloworld" enclaves, some experiments around Intel SGX and a bunch of hardware attack resources

License

Notifications You must be signed in to change notification settings

AntoineRondelet/sgx-playground

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SGX Playground

In order to inspect the properties of you CPU and see if it supports SGX, run:

gcc cpu_sgx_info.c -o cpu_sgx_info
./cpu_sgx_info

Or go directly check here: https://github.com/ayeks/SGX-hardware

Enclave development

Prerequisites

In order to use Intel SGX:

  • The CPU must support Intel SGX instructions
  • The BIOS must support Intel SGX, and SGX must be enabled
  • The SGX PSW (Platform Software) must be installed
  1. Go on: https://01.org/intel-software-guard-extensions/downloads, and download the SGX installers for your OS.
  2. Install the SGX driver, the SDK and the PSW (the commands below are for Ubuntu Desktop 64bit)
mkdir ./sgx-binaries && cd ./sgx-binaries
wget https://download.01.org/intel-sgx/linux-2.1.2/ubuntu64-desktop/sgx_linux_x64_driver_1bf506e.bin
wget https://download.01.org/intel-sgx/linux-2.1.2/ubuntu64-desktop/sgx_linux_x64_psw_2.1.102.43402.bin
wget https://download.01.org/intel-sgx/linux-2.1.2/ubuntu64-desktop/sgx_linux_x64_sdk_2.1.102.43402.bin

chmod +x ./*.bin
sudo ./sgx_linux_x64_driver_1bf506e.bin
./sgx_linux_x64_psw_2.1.102.43402.bin
sudo ./sgx_linux_x64_sdk_2.1.102.43402.bin

HERE=$(pwd)
source $HERE/sgxsdk/environment
  1. If you want to test enclave code, you can test with the code samples from the linux-sgx github repo.

Architecture of an enclave application

  • Untrusted part: Starts the enclave, and interacts with the "outside world"
  • Trusted part: Executes trusted code, and uses secrets

The untrusted code can do calls to the trusted code by using the ECALL instruction. Similarly, the trusted code can return a result to the untrusted code by using the OCALL instruction.

Makefile

Here are a few explanations about common instructions seen in Makefiles used to compile enclaves programs:

  1. Locate the SGX SDK: SGX_SDK ?= /opt/intel/sgxsdk sets the SGX_SDK environment variable to /opt/intel/sgxsdk if this environment variable does not exists (does not have any value).
  2. Define the architecture: SGX_ARCH ?= x64
  3. Define the SGX Mode you want to use: SGX_MODE ?= [MODE]. If we set[MODE] to HW, then we get a hardware enclave. In order to run a SGX simulation, we can set [MODE] to SIM.
  4. Set the configuration modes: SGX_DEBUG = 1 activates the debug mode, and enables the macro DEBUG. SGX_PRERELEASE = 1 activates the prerelease mode, and enables the macros NDEBUG and EDEBUG. Finally, SGX_RELEASE = 1 activates the release mode, and enables the NDEBUG macro.
  5. Locate the libraries: SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 Here is a reminder about linux libraries (.a and .so files)
  6. Define the include path to the sdk files to include during compilation: INCLUDE_PATH := -I$(SGX_SDK)/include

Note1: Files from the include folder of the SDK contain instructions with placeholders for compiler or system extensions to the language. See https://stackoverflow.com/questions/34495206/whats-a-macro-before-a-function-or-a-class-in-c for more details.

Note2: We can access the symbols contained in the sgx shared object libraries we by running the following command for instance:

readelf -s $SGX_LIBRARY_PATH/libsgx_urts.so

Tooling

  • Edger8r: Generates the interfaces between the untrusted components and enclaves. edger8r takes the .edl file as an argument and generates the pairs of _t and _u files referring to the trusted and untrusted proxies and bridges. Trusted proxies correspond to OCALLs (called by the enclave), and untrusted proxy functions correspond to ECALLs (called by the application).
  • Signing tool: Generates and adds enclave metadata to the enclave image (the enclave signature is included into the metadata). Once an enclave is signed, any modifications to the enclave file can be detected. The signing tool (sgx_sign) takes the enclave configuration file (XML file) as an input to create the signature and metadata of the enclave (see p60 of the intel documentation)

Enclave development process

  1. Define the interface between the untrusted application and the enclave in the EDL file (see p37 of the intel documentation) The enclave EDL represents the interafce between trusted and untrusted execution environments. The EDL file is here
  2. Implement the application logic and the enclave functions (See the cpp files enclave.cpp for the enclave and app_core, and enclave_manager.cpp for the untrusted part of the application)
  3. Build the project (app and enclave), by using the edger8r and signing tools. In order to build the test application, run: make. The Makefile takes cares to use the edger8r and sgx_sign tools in order to generate the *_u.h, *_u.c files representing the interface for doing ECALLs, and the *_t.h and *_t.c files used by the enclave to communicate with the untrusted environment of the appliaction (OCALLs).
  4. Run the project, by executing the compiled binary resulting from the compilation.

Note1: In order to generate a key for the enclave, run:

openssl genpkey -out enclave_private.pem -algorithm rsa -outform PEM -pkeyopt rsa_keygen_bits:3072 -pkeyopt rsa_keygen_pubexp:3

Then you can generate the coresponding public key, by running:

openssl rsa -in enclave_private.pem -pubout > enclave_public.pub

And finally, you get check the modulus and the exponent of the public key by running:

openssl rsa -pubin -in enclave_public.pub -text -noout

Note2: If you want to run the program on the hardware mode (set SGX_MODE=HW), then, depending on your OS, a problem might occur when you launch the executable. Make sure to have libprotobuf.so.9 somewhere in your libraries. (You can install it by having a look here)

Note3: Some explanations about C and C++ interactions can be found here

Attacks

Timing attacks

Blind Fuzzing

Cache attacks

SgxPectre

See: https://web.cse.ohio-state.edu/~zhang.834/papers/SgxPectre.pdf

When branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow of the enclave program can be temporarily altered to execute instructions that lead to observable cache-state changes. An adversary observing such changes can learn secrets inside the enclave memory or its internal registers, thus completely defeating the confidentiality guarantee offered by SGX.

Other hardware related attacks

Meltdown:

See: https://meltdownattack.com

Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords.

Spectre (Speculative execution):

See: https://spectreattack.com

Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects.

Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.

Foreshadow:

See: https://foreshadowattack.eu/

RIDL and Fallout (MDS attacks):

See: https://mdsattacks.com/

Zombieload:

See: https://zombieloadattack.com/

Resources

About

A set of "helloworld" enclaves, some experiments around Intel SGX and a bunch of hardware attack resources

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published