On Thu, Mar 05, 2020 at 01:33:28PM +0200, Jarkko Sakkinen wrote:
Good morning, I hope the end of the week is going well for everyone.
On Wed, 2020-03-04 at 14:27 -0500, Nathaniel McCallum wrote:
# Header .fill 1, 8, 0 # XSTATE_BV .fill 1, 8, 1 << 63 # XCOMP_BV (compaction mode) .fill 6, 8, 0
Also, since people are likely to copy this code for their own enclaves, it would be helpful to document which flags are set in FCW and MXCSR.
It was meant as a test program but I'd guess what you say is true because it also might be the only alternative user space to Intel's :-) And a great starting point if you want to do things from scratch.
Because I meant it as a smoke test program for SGX, not everything is too well documented but given the multipurpose use for that code I'll make the improvements that you are suggesting.
At the risk of what will certainly be a fair amount of criticism, I will take on the moniker of being the pernicious voice of reality, if not intellectual honesty, in all of this. No market or security relevant enclaves are going to get built by developers starting from scratch or copying this code, useful and informative as it might be, into their enclaves.
That isn't to say that it isn't good to have some example code but Nate's point in a previous e-mail is well taken, it shouldn't have known security vulnerabilities in it. Given the current realities of speculative execution attacks, there are a ton of subtle issues surrounding entry and exit into enclaves, which by definition is the primary attack surface for a trusted execution environment.
For the sake of those reading along at home, relevant enclave development needs, at an absolute minimum, the following:
1.) A lot of trusted runtime initialization and scaffolding code. 2.) An embedded C/C++ library. 3.) A compiler intrinsics implementation.
That gets you, maybe, something that you can start thinking about, 'hello world', with, but nothing useful with respect to what anyone would want to do with an enclave.
On top of that you need a lot of platform software to get the enclave relevantly signed, loaded, executed and supported. Not the least of which is support for remote attestation, which means rolling up one's sleeves to do either a DCAP implementation or an EPID provisioning implementation. The latter of which, believe me, is not for the faint of heart given that you have to develop it in an unknown oracle model.
My point in all of this is that the only relevant consumers of this driver are groups that are resourced well enough to understand, deliver and support all of this infrastructure. I will leave it to others, and history, to judge whether or not the driver has been developed with this frame of reference.
/Jarkko
Best wishes for a pleasant weekend.
Dr. Greg
As always, Dr. Greg Wettstein, Ph.D. Enjellic Systems Development, LLC. 4206 N. 19th Ave. SGX secured infrastructure and autonomously Fargo, ND 58102 self-defensive platforms. PH: 701-281-1686 EMAIL: greg@enjellic.com ------------------------------------------------------------------------------ "The couple is registered at Herbergers, Target and Fleet Farm." -- Wedding invitation West Central Minnesota