provide settings configuration to set config_id/config_svn on ice lake platform enclaves #3799
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manojrupireddy
requested review from
achamayou,
CodeMonkeyLeet,
dthaler,
gupta-ak and
mikbras
as code owners
radhikaj
requested review from
nonpolarity,
jianlia,
mingweishih and
bodzhang
and removed request for
achamayou and
mikbras
mingweishih
reviewed
Jan 15, 2021
include/openenclave/host.h
Outdated
| */ | ||
| typedef struct _oe_enclave_setting_config_data | ||
| { | ||
| uint8_t enclave_config_id[64]; |
There was a problem hiding this comment.
According to the spec and #3054, the config id should be 32 bytes. Could you double check?
There was a problem hiding this comment.
Suggested change
| uint8_t enclave_config_id[64]; | |
| uint8_t config_id[32]; |
There was a problem hiding this comment.
Hi @bodzhang , Can you confirm if this is the right data structure to use for SECS data structure.
I am planning to replicate the below intels secs_t structure in OE codebase and in intel codebase config_id is allocated 64 bytes. https://github.com/intel/linux-sgx/blob/d3bd1571240bcdf85734c232a4f0c86828443ebb/common/inc/internal/arch.h#L59
There was a problem hiding this comment.
There seem to be an inconsistent in the Intel manual. According to the table 37-2 (secs) and 37-23 (report), the configid field should be 64 bytes. However, the text in 38.4.1.3 mentions that "enclave is created the platform can additionally provide 32-byte configuration identifier (CONFIGID).". I think it should be fine to keep 64 bytes for now.
| @@ -292,7 +292,10 @@ typedef struct _sgx_secs | |||
| uint8_t reserved3[96]; /* 160 */ | |||
| uint16_t isvvprodid; /* 256 */ | |||
| uint16_t isvsvn; /* 258 */ | |||
| uint8_t reserved[3836]; /* 260 */ | |||
| uint8_t reserved4[20]; /* 260 */ | |||
| uint8_t config_id[64]; /* 280 */ | |||
There was a problem hiding this comment.
Please check if this is 32 or 64 bytes.
dthaler
reviewed
Jan 19, 2021
manojrupireddy
force-pushed
the
icelake_modifications
branch
from
f4e30fe
to
620c5fe
Compare
manojrupireddy
commented
Jan 25, 2021
manojrupireddy
force-pushed
the
icelake_modifications
branch
from
620c5fe
to
4087b55
Compare
manojrupireddy
force-pushed
the
icelake_modifications
branch
from
4087b55
to
04db2e1
Compare
mingweishih
approved these changes
Jan 25, 2021
CodeMonkeyLeet
approved these changes
Jan 25, 2021
manojrupireddy
force-pushed
the
icelake_modifications
branch
from
04db2e1
to
88fbafb
Compare
manojrupireddy
requested review from
andyleejordan,
BRMcLaren and
radhikaj
as code owners
mingweishih
reviewed
Feb 8, 2021
manojrupireddy
force-pushed
the
icelake_modifications
branch
from
88fbafb
to
37d8932
Compare
|
bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Feb 10, 2021
3799: provide settings configuration to set config_id/config_svn on ice lake platform enclaves r=mingweishih a=manojrupireddy This is in continuation to the work done by Alvin => #3735. Made changes to the above draft PR , based on the code review comments there. Signed-off-by: manoj rupireddy <marupire@microsoft.com> Co-authored-by: manoj rupireddy <marupire@microsoft.com>
|
Build failed: |
manojrupireddy
force-pushed
the
icelake_modifications
branch
from
37d8932
to
039f5e6
Compare
|
bors r+ |
|
🔒 Permission denied Existing reviewers: click here to make manojrupireddy a reviewer |
|
bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Feb 10, 2021
3799: provide settings configuration to set config_id/config_svn on ice lake platform enclaves r=mingweishih a=manojrupireddy This is in continuation to the work done by Alvin => #3735. Made changes to the above draft PR , based on the code review comments there. Signed-off-by: manoj rupireddy <marupire@microsoft.com> Co-authored-by: manoj rupireddy <marupire@microsoft.com>
|
Build failed: |
|
bors delegate+ |
|
✌️ manojrupireddy can now approve this pull request. To approve and merge a pull request, simply reply with |
…e platform enclaves Signed-off-by: manoj rupireddy <marupire@microsoft.com>
manojrupireddy
force-pushed
the
icelake_modifications
branch
from
039f5e6
to
1dcccd7
Compare
|
bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Feb 11, 2021
3799: provide settings configuration to set config_id/config_svn on ice lake platform enclaves r=manojrupireddy a=manojrupireddy This is in continuation to the work done by Alvin => #3735. Made changes to the above draft PR , based on the code review comments there. Signed-off-by: manoj rupireddy <marupire@microsoft.com> Co-authored-by: manoj rupireddy <marupire@microsoft.com>
|
Build failed: |
|
bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Feb 11, 2021
3799: provide settings configuration to set config_id/config_svn on ice lake platform enclaves r=manojrupireddy a=manojrupireddy This is in continuation to the work done by Alvin => #3735. Made changes to the above draft PR , based on the code review comments there. Signed-off-by: manoj rupireddy <marupire@microsoft.com> 3826: replacing constant salt with per-file random salt r=mingweishih a=RRathna replacing constant salt, and generating it randomly per file to be encrypted. Fixes #3692 3831: Update the oeedger8r submodule r=mingweishih a=mingweishih This PR sync up the oeedger8r against the master branch, which introduces the following changes: - Enforce the safe multiplication (see the [PR](openenclave/oeedger8r-cpp#31)). Fix #2390 - Add checks against pointer array arguments (see the [PR](openenclave/oeedger8r-cpp#65)). Fix #3557 - Make the oeedger8r-generated variables conform OE guidelines (see the [PR](openenclave/oeedger8r-cpp#66)). Fix #3210 - Add new warning options for the non-serializable cases (see the [PR](openenclave/oeedger8r-cpp#67)). Fix #3513 Co-authored-by: manoj rupireddy <marupire@microsoft.com> Co-authored-by: rrathna <rathna1993@gmail.com> Co-authored-by: Ming-Wei Shih <mishih@microsoft.com>
|
This PR was included in a batch that was canceled, it will be automatically retried |
|
bors r- |
|
Canceled. |
|
bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Feb 12, 2021
3799: provide settings configuration to set config_id/config_svn on ice lake platform enclaves r=mingweishih a=manojrupireddy This is in continuation to the work done by Alvin => #3735. Made changes to the above draft PR , based on the code review comments there. Signed-off-by: manoj rupireddy <marupire@microsoft.com> 3824: Avoid recompiling common files for each ssl test r=mingweishih a=anakrish This reduces the number of files being compiled and also allows cmake to parallelize builds better. Most dev machines should see some drop in build times. E.g: In my machine, tests/openssl build time drops from 192 secs to 90 secs. Signed-off-by: Anand Krishnamoorthi <anakrish@microsoft.com> 3826: replacing constant salt with per-file random salt r=mingweishih a=RRathna replacing constant salt, and generating it randomly per file to be encrypted. Fixes #3692 Co-authored-by: manoj rupireddy <marupire@microsoft.com> Co-authored-by: Anand Krishnamoorthi <anakrish@microsoft.com> Co-authored-by: rrathna <rathna1993@gmail.com>
|
Build failed (retrying...): |
|
Build succeeded: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is in continuation to the work done by Alvin => #3735.
Made changes to the above draft PR , based on the code review comments there.
Signed-off-by: manoj rupireddy marupire@microsoft.com