Support SGX extended product ID #903
Conversation
DL8
force-pushed
the
dl8/extended-prodid-changes
branch
from
54c5c7e to
c545fc1
Compare
DL8
changed the title
DL8
force-pushed
the
dl8/extended-prodid-changes
branch
from
c545fc1 to
fa954c9
Compare
There was a problem hiding this comment.
Reviewed 11 of 12 files at r1, all commit messages.
Reviewable status: 11 of 12 files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @dimakuv and @DL8)
a discussion (no related file):
You may wish to compare to/adopt the syntax of this PR: #881
a discussion (no related file):
I would prefer that the loader reject an application that requires KSS on an unsupported platform, versus a silent failure. Curious what others think.
CI-Examples/kss-helloworld/kss-helloworld.c line 33 at r1 (raw file):
return 2; } if(strcmp(print_buffer, "none") == 0) {
We don't care what type, as long as it is not "none"?
CI-Examples/kss-helloworld/kss-helloworld.c line 59 at r1 (raw file):
blob2hex(report.body.config_id, sizeof(report.body.config_id), print_buffer); printf("configid = %s\n", print_buffer); printf("configsvn = %d\n", report.body.config_svn);
It would be good if you wrapped this with a script that checked for the expected output that we can run in CI; apologies if I have missed this.
There was a problem hiding this comment.
Reviewable status: 11 of 12 files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @dimakuv, @DL8, and @donporter)
a discussion (no related file):
Previously, donporter (Don Porter) wrote…
You may wish to compare to/adopt the syntax of this PR: #881
thanks for the reference. i looked at it, but i don't think this syntax is appropriate here, because KSS is more of an sgx-specific configuration than choice of cpu features. also, i don't see so much value in having an unspecified value for KSS
a discussion (no related file):
Previously, donporter (Don Porter) wrote…
I would prefer that the loader reject an application that requires KSS on an unsupported platform, versus a silent failure. Curious what others think.
loading on a platform without support will probably lead to a crash due to a reserved bit being set in SECS.ATTRIBUTES. this scenario is not covered in this PR
CI-Examples/kss-helloworld/kss-helloworld.c line 33 at r1 (raw file):
Previously, donporter (Don Porter) wrote…
We don't care what type, as long as it is not "none"?
this example uses /dev/attestation/report, so we want ot make sure it's loaded. it will be loaded if remote attestation is enabled, but we don't really care which mechanism is used
CI-Examples/kss-helloworld/kss-helloworld.c line 59 at r1 (raw file):
Previously, donporter (Don Porter) wrote…
It would be good if you wrapped this with a script that checked for the expected output that we can run in CI; apologies if I have missed this.
will do
There was a problem hiding this comment.
Reviewed 1 of 12 files at r1.
Reviewable status: all files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @dimakuv and @DL8)
CI-Examples/kss-helloworld/kss-helloworld.c line 33 at r1 (raw file):
Previously, DL8 (Nir) wrote…
this example uses /dev/attestation/report, so we want ot make sure it's loaded. it will be loaded if remote attestation is enabled, but we don't really care which mechanism is used
I see. Perhaps add a comment to this effect for future maintenance.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @dimakuv and @donporter)
CI-Examples/kss-helloworld/kss-helloworld.c line 33 at r1 (raw file):
Previously, donporter (Don Porter) wrote…
I see. Perhaps add a comment to this effect for future maintenance.
will do
DL8
force-pushed
the
dl8/extended-prodid-changes
branch
from
fa954c9 to
5ed4707
Compare
DL8
changed the title
DL8
force-pushed
the
dl8/extended-prodid-changes
branch
2 times, most recently
from
c98e498 to
ac3fe9c
Compare
DL8
changed the title
There was a problem hiding this comment.
Reviewable status: 4 of 13 files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @donporter)
CI-Examples/kss-helloworld/kss-helloworld.c line 33 at r1 (raw file):
Previously, DL8 (Nir) wrote…
will do
Done.
CI-Examples/kss-helloworld/kss-helloworld.c line 59 at r1 (raw file):
Previously, DL8 (Nir) wrote…
will do
Done.
There was a problem hiding this comment.
Reviewable status: 4 of 13 files reviewed, 4 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @donporter)
a discussion (no related file):
Previously, DL8 (Nir) wrote…
loading on a platform without support will probably lead to a crash due to a reserved bit being set in SECS.ATTRIBUTES. this scenario is not covered in this PR
i tried loading an enclave with KSS on a platform without this feature. the result is ECREATE and the loader fails gracefully. is this behavior acceptable?
KSS is a new feature that introduces additional fields to identify enclave in build time: ISVEXTPRODID and ISVFAMILYID. These fields are defined the the developer and signed in SIGSTRUCT. Add new fields to the manifest to add support, and support in SGX signing tool. Add a hello world example with KSS enabled: Product ID fields are configured in the manifest and the enclave prints them. This example must be built with remote attestation. At this point SGX loader is not updated and there are no sanity checks prior to enclave load. Therefore, if an enclave with KSS is loaded on an unsupported platform, it might crash. Signed-off-by: Lavi, Nir <nir.lavi@intel.com>
Signed-off-by: Lavi, Nir <nir.lavi@intel.com>
Signed-off-by: Lavi, Nir <nir.lavi@intel.com>
DL8
force-pushed
the
dl8/extended-prodid-changes
branch
from
bc47cab to
0451c88
Compare
There was a problem hiding this comment.
Reviewed 9 of 9 files at r2, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @DL8)
a discussion (no related file):
Previously, DL8 (Nir) wrote…
i tried loading an enclave with KSS on a platform without this feature. the result is
ECREATEand the loader fails gracefully. is this behavior acceptable?
Can you show an example of what you mean, by "the result is ECREATE" or sample output of the loader failing? I hope that the output gives the user a clear indication of what the problem is and how to learn more.
pal/src/host/linux-sgx/enclave_framework.c line 1194 at r1 (raw file):
assert(stream->hdr.type == PAL_TYPE_PROCESS); memset(&target_info, 0, sizeof(target_info));
I worry that relying on get_current_enclave_target_info to always zero out all fields is prone to error, since it point-initializes fields and there could be an ambiguous expectation between caller and callee.
Assuming no other maintainers object, I would be ok with adding comments documenting an explicit pre/post condition that the caller need not initialize the tartet_info and that the post-condition is that all fields will be initialized, potentially to zero (and ensuring that this is what the current code does).
There was a problem hiding this comment.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @donporter)
a discussion (no related file):
Previously, donporter (Don Porter) wrote…
Can you show an example of what you mean, by "the result is ECREATE" or sample output of the loader failing? I hope that the output gives the user a clear indication of what the problem is and how to learn more.
at the beginning i didn't have a platform without KSS, so i couldn't test this scenario. according to the SDM, ECREATE throws an exception in this case, so i assumed the loader would crash. however, now i have a machine without kss supported so i tried it and saw that it results in graceful failure. the output itself is not very informative:
$ gramine-sgx ./kss-helloworld
Gramine is starting. Parsing TOML manifest file, this may take some time...
error: ECREATE failed in enclave creation ioctl (errno = -5)
error: Creating enclave failed: -5
error: load_enclave() failed with error -5
pal/src/host/linux-sgx/enclave_framework.c line 1194 at r1 (raw file):
Previously, donporter (Don Porter) wrote…
I worry that relying on get_current_enclave_target_info to always zero out all fields is prone to error, since it point-initializes fields and there could be an ambiguous expectation between caller and callee.
Assuming no other maintainers object, I would be ok with adding comments documenting an explicit pre/post condition that the caller need not initialize the tartet_info and that the post-condition is that all fields will be initialized, potentially to zero (and ensuring that this is what the current code does).
i think this discussion should be in a separate PR/issue
There was a problem hiding this comment.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @DL8)
a discussion (no related file):
Previously, DL8 (Nir) wrote…
at the beginning i didn't have a platform without KSS, so i couldn't test this scenario. according to the SDM,
ECREATEthrows an exception in this case, so i assumed the loader would crash. however, now i have a machine without kss supported so i tried it and saw that it results in graceful failure. the output itself is not very informative:$ gramine-sgx ./kss-helloworld Gramine is starting. Parsing TOML manifest file, this may take some time... error: ECREATE failed in enclave creation ioctl (errno = -5) error: Creating enclave failed: -5 error: load_enclave() failed with error -5
Is there a way to make this message more informative?
pal/src/host/linux-sgx/enclave_framework.c line 1194 at r1 (raw file):
Previously, DL8 (Nir) wrote…
i think this discussion should be in a separate PR/issue
Perhaps in the interim we should not remove the memset, then?
There was a problem hiding this comment.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @donporter)
a discussion (no related file):
Previously, donporter (Don Porter) wrote…
Is there a way to make this message more informative?
the error code can be translated with strerror(). a more informative solution will require adding an explicit check to the loader, but then why do we explicitly check this specific case but not others (e.g. an unsupported feature is requested, invalid launch token, invalid enclave state and so on)?
pal/src/host/linux-sgx/enclave_framework.c line 1194 at r1 (raw file):
Previously, donporter (Don Porter) wrote…
Perhaps in the interim we should not remove the memset, then?
looks like this memset was removed in commit 652d08af5d56a5396d707700a9c8ca43ba6c3dfb
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @DL8)
a discussion (no related file):
Previously, DL8 (Nir) wrote…
the error code can be translated with
strerror(). a more informative solution will require adding an explicit check to the loader, but then why do we explicitly check this specific case but not others (e.g. an unsupported feature is requested, invalid launch token, invalid enclave state and so on)?
Ideally, we would check them all. I hate to burden you if this is a big ask; even a placeholder to slot in more informative messages for other cases would be an improvement.
pal/src/host/linux-sgx/enclave_framework.c line 1194 at r1 (raw file):
Previously, DL8 (Nir) wrote…
looks like this memset was removed in commit
652d08af5d56a5396d707700a9c8ca43ba6c3dfb
I see. I misunderstood the diff.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @donporter)
a discussion (no related file):
Previously, donporter (Don Porter) wrote…
Ideally, we would check them all. I hate to burden you if this is a big ask; even a placeholder to slot in more informative messages for other cases would be an improvement.
do you think this PR is a good reference?
#1149
Signed-off-by: Lavi, Nir <nir.lavi@intel.com>
There was a problem hiding this comment.
Reviewed 2 of 2 files at r4, all commit messages.
Reviewable status: all files reviewed, all discussions resolved, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: OSCAR Lab), "fixup! " found in commit messages' one-liners
a discussion (no related file):
Previously, DL8 (Nir) wrote…
do you think this PR is a good reference?
#1149
I think this is good. The newer messages are better.
KSS is a new feature that introduces additional fields to identify enclave in build time: ISVEXTPRODID and ISVFAMILYID. These fields are defined the the developer and signed in SIGSTRUCT. Add new fields to the manifest to add support, and support in SGX signing tool.
Add a hello world example with KSS enabled: Product ID fields are configured in the manifest and the enclave prints them. This example must be built with remote attestation.
If KSS is not supported on the platform, loading enclaves with KSS enabled will fail.
Signed-off-by: Lavi, Nir nir.lavi@intel.com
Description of the changes
The following fields were added to the manifest:
if
sgx.kss = true, SGX signing tool will do the following in SIGSTRUCT:attributes.kss = 1isvextprodidand isvfamilyid` with values from the manifestThis is a partial fix for #800 . It does not address the following:
How to test this PR?
On a platform that supports KSS (indicated in
is-sgx-available):kss-helloworldexamplemake SGX=1./run_test.sh 2>/dev/nullThe output should be:
This change is