Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introducing Teaclave SGX Tool #379

Merged
merged 1 commit into from Jul 3, 2020
Merged

Introducing Teaclave SGX Tool #379

merged 1 commit into from Jul 3, 2020

Conversation

mssun
Copy link
Member

@mssun mssun commented Jul 3, 2020

Description

Introducing Teaclave SGX Tool.

This tool is to dump some SGX related information, e.g., hardware and software
information, remote attestation report. This can help to diagnose some issues
which may caused by the platform settings.

Examples:

$ ./teaclave_sgx_tool status
Vendor: GenuineIntel
CPU Model: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
SGX:
  Has SGX: true
  Has SGX1: true
  Has SGX2: false
  Supports ENCLV instruction leaves EINCVIRTCHILD, EDECVIRTCHILD, and ESETCONTEXT: false
  Supports ENCLS instruction leaves ETRACKC, ERDINFO, ELDBC, and ELDUC: false
  Bit vector of supported extended SGX features: 0x00000000
  Maximum supported enclave size in non-64-bit mode: 2^31
  Maximum supported enclave size in 64-bit mode: 2^36
  Bits of SECS.ATTRIBUTES[127:0] set with ECREATE: 0x0000000000000036 (lower) 0x000000000000001F (upper)
  EPC physical base: 0x00000000B0200000                                                                                                                                                                                                         EPC size: 0x0000000005D80000 (93M)                                                                                                                                                                                                            Supports flexible launch control: true
  SGX device: /dev/sgx false, /dev/isgx true
  AESM service: true

Kernel module (isgx):
filename:       /lib/modules/5.3.0-59-generic/kernel/drivers/intel/sgx/isgx.ko
license:        Dual BSD/GPL
version:        2.6.0
author:         Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
description:    Intel SGX Driver
srcversion:     F725A4ECA4194E2D2470F56
alias:          acpi*:INT0E0C:*
depends:
retpoline:      Y
name:           isgx
vermagic:       5.3.0-59-generic SMP mod_unload

Kernel module (sgx):
modinfo: ERROR: Module sgx not found.

$ ./teaclave_sgx_tool attestation --key xxx --spid xxx
Remote Attestation Report:
{
  "advisoryIDs": [
    "INTEL-SA-00161",
    "INTEL-SA-00320",
    "INTEL-SA-00329",
    "INTEL-SA-00220",
    "INTEL-SA-00270",
    "INTEL-SA-00293",
    "INTEL-SA-00233"
  ],
  "advisoryURL": "https://security-center.intel.com",
  "epidPseudonym": "xxx",
  "id": "xxx",
  "isvEnclaveQuoteBody": "xxx",
  "isvEnclaveQuoteStatus": "GROUP_OUT_OF_DATE",
  "platformInfoBlob": "xxx,
  "timestamp": "2020-07-03T04:56:45.611661",
  "version": 4
}

ISV Enclave Quote Body:
version: V2(Linkable)
gid: 2865
isv_svn_qe: 11
isv_svn_pce: 10
qe_vendor_id: xxx
user_data: xxx
isv_enclave_report:
cpu_svn: xxx
misc_select: 0
attributes: xxx
mr_enclave: xxx
mr_signer: xxx
isv_prod_id: 0
isv_svn: 0
report_data: xxx

@mssun mssun requested a review from m4sterchain July 3, 2020 05:25
@mssun mssun merged commit 9a24d9e into apache:master Jul 3, 2020
@mssun mssun deleted the sgx-tool branch July 3, 2020 18:56
@Agzs Agzs mentioned this pull request Sep 8, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m4sterchain m4sterchain m4sterchain approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mssun @m4sterchain