On Tue, Mar 10, 2020 at 02:29:41PM -0500, Haitao Huang wrote:
Good evening, I hope the week is going well for everyone.
Just as a clarification, are you testing the new driver against signed production class enclaves in .so format that also include metadata layout directives or is the driver just getting tested against the two page toy enclave that copies a word of memory from one memory location to another?
We (Intel SGX SDK/PSW team) tested this driver for enclaves in .so format with metadata. Our 2.8 release supports v24 and 2.9 supports v25+. Both production signed and debug signed enclaves worked.
*Note* we did make some code changes in our runtime for v24+, mainly dealing with src & EPC page alignment for EADD, open one fd per enclave, use -z noexecstack linker option, etc. You can see the changes on GitHub.
Lots of knobs getting turned at the same time but we sorted out all the issues and our runtime is now passing its regression tests with the new driver, with an exception that we note below.
I suspect that we might have the only complete and architecturally independent runtime implementation so if the new driver is working against yours and ours it would seem to be a reasonable test spectrum for the driver.
We see the same behavior from both our unit test enclaves and the Quoting Enclave from the Intel SGX runtime.
We did not see any issue loading QE in our tests. Please directly email me on this test if you have specific questions.
As it turns out the major problem we were running into with respect to the QE test was the fact that generic use of atexit() handlers was disabled by changes that went into the 2.8 SDK. Our runtime and SDK assume that enclave atexit() handling works.
The enclave UNINIT ECALL is only allowed on runtimes that are advertising EDMM support. That seems excessively restrictive since atexit() handling is generically useful for enclaves that are not using EDMM. Our runtime allows EDMM to be disabled and we have enclaves that gate on that for security purposes.
On a quasi-related note, it appears that the 1.4 compatibility metadata created by post 2.0 signing tools is leaking layout descriptors that a version 1.4 runtime doesn't understand.
Do you want to exchange e-mail on this or should we direct conversations about these issues with others on your SDK team.
Have a good remainder of the week.
Dr. Greg
As always, Dr. Greg Wettstein, Ph.D, Worker SGX secured infrastructure and Enjellic Systems Development, LLC autonomously self-defensive 4206 N. 19th Ave. platforms. Fargo, ND 58102 PH: 701-281-1686 EMAIL: greg@enjellic.com ------------------------------------------------------------------------------ "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925