On Wed, Nov 18, 2020 at 05:24:38PM +0200, Jarkko Sakkinen wrote:
On Wed, Nov 18, 2020 at 12:47:03PM +0100, Borislav Petkov wrote:
On Wed, Nov 18, 2020 at 12:44:44PM +0100, Borislav Petkov wrote:
0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 encl_load: encl->nr_segments: 3 encl_load: seg2 offset: 0x3000, seg2 size: 12288 encl_load: encl_size: 32768, src_size: 24576 encl_map_area: encl_size: 32768 encl_map_area: area: 0x0x7feae0db2000 encl_map_area: encl_base: 0x7feae0db8000 SGX_IOC_ENCLAVE_INIT failed: errno=1
Running that same thing again succeeded this time:
0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 encl_load: encl->nr_segments: 3 encl_load: seg2 offset: 0x3000, seg2 size: 12288 encl_load: encl_size: 32768, src_size: 24576 encl_map_area: encl_size: 32768 encl_map_area: area: 0x0x7f846bec0000 encl_map_area: encl_base: 0x7f846bec0000 mapping segment 0, seg->prot: (read write ) base: 0x7f846bec0000, offset 0x0, size: 8192 mapping segment 1, seg->prot: (read exec) base: 0x7f846bec0000, offset 0x2000, size: 4096 mapping segment 2, seg->prot: (read write ) base: 0x7f846bec0000, offset 0x3000, size: 12288 SUCCESS
then I did a couple of successful runs and the next one failed again:
0x0000000000000000 0x0000000000002000 0x03 0x0000000000002000 0x0000000000001000 0x05 0x0000000000003000 0x0000000000003000 0x03 encl_load: encl->nr_segments: 3 encl_load: seg2 offset: 0x3000, seg2 size: 12288 encl_load: encl_size: 32768, src_size: 24576 encl_map_area: encl_size: 32768 encl_map_area: area: 0x0x7fb09d4a0000 encl_map_area: encl_base: 0x7fb09d4a0000 SGX_IOC_ENCLAVE_INIT failed: errno=1
Fun.
If you adjust log level, then you should probably see this from sgx_enclave_init():
} else if (ret) { pr_debug("EINIT returned %d\n", ret); ret = -EPERM; }
EINIT fails with big certainty because SIGSTRUCT is malformed. The only dynamic thing in that process is RSA key generation sigstruct.c. Otherwise, everything is static between the runs. That's why I'm quite confident that key generation is the issue. Given how the issue behaves I'd guess it eats the entropy pool.
So what I would propose is that I fix this by adding a static 3072-bit key and remove the generation code
I found a patch that I can use to revert dynamic generation:
https://lore.kernel.org/linux-sgx/20200319023306.6875-1-jarkko.sakkinen@linu...
Not going to use at is. Just replace gen_sign_key(). Will be quite localized fix.
/Jarkko