Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support new upstream SGX driver in Linux kernels >5.11 #39

Closed
jovanbulck opened this issue Sep 16, 2021 · 1 comment
Closed

Support new upstream SGX driver in Linux kernels >5.11 #39

jovanbulck opened this issue Sep 16, 2021 · 1 comment
Labels
driver

Comments

@jovanbulck
Copy link
Owner

SGX driver has finally been upstreamed into recent Linux kernels, meaning the dependence on linux-sgx-driver (/dev/isgx) could eventually go, see:

https://lwn.net/Articles/840129/
https://www.kernel.org/doc/html/latest/x86/sgx.html

Should check how dev/sgx-step relies on the legacy /dev/isgx driver and ensure compatibility with the new upstreamed /dev/sgx_enclave driver (probably want to support both drivers for now).
@jovanbulck jovanbulck mentioned this issue Apr 27, 2022
Closed
@jovanbulck jovanbulck mentioned this issue May 26, 2022
Closed
@jovanbulck
Copy link
Owner Author

jovanbulck commented Jun 21, 2022
edited
Loading

Some notes for future reference:

The driver /dev/sgx-step currently only relies on the /dev/isgx legacy driver in the following ways:

  • discover enclave base address by retrieving the sgx_encl object from the vma->vm_private_data field -- while this appears to still be the same in the upstream /dev/sgx_enclave driver, we can probably do this cleaner from user space by simply querying the base address of the shared library enclave ELF file(?)
  • support EDBGRD/WR by calling vma->vm_ops->access -- while we can always call the ENCLS leaves ourselves, doing it via the vma operations fields may still be preferable to not have to worry about page faults etc; the upstream driver's sgx_vma_access appears to do this the same way, so this "should" work out of the box hopefully w the new driver as well

edit for future reference: both requirements can probably be fulfilled without relying on driver specifics using standard Linux interfaces under /proc/self/maps and /proc/self/mem

jovanbulck added a commit that referenced this issue Jul 8, 2022
@jovanbulck
Support upstream /dev/sgx_enclave driver Linux >5.11
7dfc7bb 
SGX-Step should now support both the legacy /dev/isgx out-of-tree driver, as
well as the upstreamed /dev/sgx_enclave driver (for platforms with recent Linux
kernels >5.11 and hardware support for flexible-launch control).

The libsgxstep/enclave.c code has been refactored to use the standard Linux
interfaces /proc/self/maps and /proc/self/mem to retrieve enclave layout and
access enclave debug memory respectively. This means we don't have to rely
anymore on any SGX driver-specific hacks in /dev/sgx-step for this.

Fixes #39.
@jovanbulck jovanbulck mentioned this issue Jul 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
driver
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jovanbulck