From 5bad7723237838ecbde1e1996dffb2c5dc1953e3 Mon Sep 17 00:00:00 2001 From: Jo Van Bulck Date: Wed, 12 Oct 2022 17:22:18 +0200 Subject: [PATCH] Proof-of-concept _untested_ stub for Gramine support. Proper integration of SGX-Step with different runtimes is still an outstanding issue (#28). Currently, only the Intel SDK is "officially" supported. An (untested) stub to start on integration with Gramine is, furthermore, provided "as is" in the `gramine` directory. --- .gitmodules | 3 + sdk/README.md | 6 + ...amine-patches-to-reconfigure-AEP-TCS.patch | 113 ++++++++++++++++++ ...-libsgxstep-functionality-on-Gramine.patch | 66 ++++++++++ sdk/gramine/README.md | 40 +++++++ sdk/gramine/gramine | 1 + sdk/gramine/patch_ecall.sh | 6 + sdk/gramine/patch_entry.sh | 6 + 8 files changed, 241 insertions(+) create mode 100644 sdk/gramine/0001-SGX-Step-Gramine-patches-to-reconfigure-AEP-TCS.patch create mode 100644 sdk/gramine/0002-Example-usage-of-libsgxstep-functionality-on-Gramine.patch create mode 100644 sdk/gramine/README.md create mode 160000 sdk/gramine/gramine create mode 100755 sdk/gramine/patch_ecall.sh create mode 100755 sdk/gramine/patch_entry.sh diff --git a/.gitmodules b/.gitmodules index 51f57a6..9ac9d02 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "sdk/intel-sdk/linux-sgx"] path = sdk/intel-sdk/linux-sgx url = https://github.com/01org/linux-sgx.git +[submodule "sdk/gramine"] + path = sdk/gramine/gramine + url = https://github.com/gramineproject/gramine.git diff --git a/sdk/README.md b/sdk/README.md index 2c66309..fb2868e 100644 --- a/sdk/README.md +++ b/sdk/README.md @@ -1 +1,7 @@ TODO list the expected SDK hooks here used by `libsgxstep` and how to port to a new libOS/SDK. + +> :warning: **Note.** Proper integration of SGX-Step with different runtimes is +> still an outstanding issue (#28). Currently, only the Intel SDK is +> "officially" supported. An (untested) stub to start on integration with +> Gramine is, furthermore, provided "as is" in the `gramine` directory. + diff --git a/sdk/gramine/0001-SGX-Step-Gramine-patches-to-reconfigure-AEP-TCS.patch b/sdk/gramine/0001-SGX-Step-Gramine-patches-to-reconfigure-AEP-TCS.patch new file mode 100644 index 0000000..121627c --- /dev/null +++ b/sdk/gramine/0001-SGX-Step-Gramine-patches-to-reconfigure-AEP-TCS.patch @@ -0,0 +1,113 @@ +From f3d05a71a513445e9c3eec9e2ab6d4ab30f52d46 Mon Sep 17 00:00:00 2001 +From: Jo Van Bulck +Date: Wed, 12 Oct 2022 16:58:07 +0200 +Subject: [PATCH 1/2] SGX-Step Gramine patches to reconfigure AEP/TCS. + +--- + pal/src/host/linux-sgx/host_entry.S | 50 +++++++++++++++++++++++++++-- + pal/src/host/linux-sgx/meson.build | 11 +++++++ + 2 files changed, 58 insertions(+), 3 deletions(-) + +diff --git a/pal/src/host/linux-sgx/host_entry.S b/pal/src/host/linux-sgx/host_entry.S +index bb38ced4..b84803d2 100644 +--- a/pal/src/host/linux-sgx/host_entry.S ++++ b/pal/src/host/linux-sgx/host_entry.S +@@ -2,6 +2,21 @@ + + #include "asm-offsets.h" + ++ .data ++g_aep_pointer: ++ .word 0x0 ++ .word 0x0 ++ .word 0x0 ++ .word 0x0 ++ ++ .data ++g_tcs: ++ .word 0x0 ++ .word 0x0 ++ .word 0x0 ++ .word 0x0 ++ ++ .text + .extern tcs_base + .extern g_in_aex_profiling + +@@ -36,11 +51,18 @@ sgx_ecall: + + # RBX has to be the TCS of the thread + movq %gs:PAL_HOST_TCB_TCS, %rbx ++ leaq g_tcs(%rip), %rax ++ movq %rbx, (%rax) + + # RCX has to be the AEP (Asynchronous Exit Pointer) +- leaq async_exit_pointer(%rip), %rcx +- +- movq $EENTER, %rax ++ leaq g_aep_pointer(%rip), %rax ++ movq (%rax), %rcx /* aep addr */ ++ cmp $0x0, %rcx ++ jnz 1f ++ leaq async_exit_pointer(%rip), %rcx ++ movq %rcx, (%rax) ++ ++1: movq $EENTER, %rax /* EENTER leaf */ + ENCLU + + # currently only ECALL_THREAD_RESET returns +@@ -178,3 +200,25 @@ sgx_raise: + # RSI - external event + jmp .Ldo_ecall + .cfi_endproc ++ ++ ++.macro DECLARE_GLOBAL_FUNC name ++ .globl \name ++ .type \name, @function ++\name: ++.endm ++ ++DECLARE_GLOBAL_FUNC sgx_get_aep ++ leaq g_aep_pointer(%rip), %rax ++ movq (%rax), %rax ++ ret ++ ++DECLARE_GLOBAL_FUNC sgx_set_aep ++ leaq g_aep_pointer(%rip), %rax ++ movq %rdi, (%rax) ++ ret ++ ++DECLARE_GLOBAL_FUNC sgx_get_tcs ++ leaq g_tcs(%rip), %rax ++ movq (%rax), %rax ++ ret +diff --git a/pal/src/host/linux-sgx/meson.build b/pal/src/host/linux-sgx/meson.build +index 3e77bdcc..c40794fa 100644 +--- a/pal/src/host/linux-sgx/meson.build ++++ b/pal/src/host/linux-sgx/meson.build +@@ -152,10 +152,21 @@ libpal_sgx_host = executable('loader', + # host part of PAL uses stack protector with standard parameters (not the ones defined for + # PAL/LibOS) + '-fstack-protector-strong', ++ ++ # XXX add libsgxstep include path ++ '-I../../..', ++ # XXX FORTIFY_SOURCE conflicts with regular libc header includes in libsgxstep ++ '-D_FORTIFY_SOURCE=0', ++ # XXX libsgxstep needs Intel SDK headers (only for error reporting; can be hacked out if needed) ++ '-I/opt/intel/sgxsdk/include/' + ], + link_args: [ + '-Wl,-zrelro', + '-Wl,-znow', ++ ++ # XXX link in libsgxstep library ++ '-L../../../libsgxstep', ++ '-lsgx-step', + ], + pie: true, + +-- +2.34.1 + diff --git a/sdk/gramine/0002-Example-usage-of-libsgxstep-functionality-on-Gramine.patch b/sdk/gramine/0002-Example-usage-of-libsgxstep-functionality-on-Gramine.patch new file mode 100644 index 0000000..dfedf2e --- /dev/null +++ b/sdk/gramine/0002-Example-usage-of-libsgxstep-functionality-on-Gramine.patch @@ -0,0 +1,66 @@ +From 0a276da7b6ba82ced095a795f66ac7f3ad0870a1 Mon Sep 17 00:00:00 2001 +From: Jo Van Bulck +Date: Wed, 12 Oct 2022 16:58:44 +0200 +Subject: [PATCH 2/2] Example usage of libsgxstep functionality on Gramine's + enclave entry. + +--- + pal/src/host/linux-sgx/host_ecalls.c | 35 ++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +diff --git a/pal/src/host/linux-sgx/host_ecalls.c b/pal/src/host/linux-sgx/host_ecalls.c +index 9387266b..a740df24 100644 +--- a/pal/src/host/linux-sgx/host_ecalls.c ++++ b/pal/src/host/linux-sgx/host_ecalls.c +@@ -6,6 +6,31 @@ + #include "pal_ecall_types.h" + #include "pal_rpc_queue.h" + ++/*****************************************************************************/ ++/* XXX SGX-Step library includes and callbacks */ ++ ++#define SGX_STEP_ENABLE 1 ++ ++#if SGX_STEP_ENABLE ++ #include "libsgxstep/debug.h" ++ #include "libsgxstep/enclave.h" ++ ++ int aep_fired = 0; ++ ++ void aep_cb_func(void) ++ { ++ gprsgx_region_t gprsgx = {0}; ++ uint64_t erip = edbgrd_erip() - (uint64_t) get_enclave_base(); ++ info("Hello world from AEP callback %d with erip=%#llx! Resuming enclave..", aep_fired, erip); ++ ++ edbgrd(get_enclave_ssa_gprsgx_adrs(), &gprsgx, sizeof(gprsgx_region_t)); ++ dump_gprsgx_region(&gprsgx); ++ ++ aep_fired++; ++ } ++#endif ++/*****************************************************************************/ ++ + int ecall_enclave_start(char* libpal_uri, char* args, size_t args_size, char* env, + size_t env_size, int parent_stream_fd, sgx_target_info_t* qe_targetinfo, + struct pal_topo_info* topo_info, struct pal_dns_host_conf* dns_conf) { +@@ -32,6 +57,16 @@ int ecall_enclave_start(char* libpal_uri, char* args, size_t args_size, char* en + ms.ms_topo_info = topo_info; + ms.ms_dns_host_conf = dns_conf; + ms.rpc_queue = g_rpc_queue; ++ ++ /*****************************************************************************/ ++ #if SGX_STEP_ENABLE ++ /* XXX example of custom SGX-Step code before entering the victim enclave */ ++ info("entering victim enclave"); ++ register_aep_cb(aep_cb_func); ++ print_enclave_info(); ++ #endif ++ /*****************************************************************************/ ++ + return sgx_ecall(ECALL_ENCLAVE_START, &ms); + } + +-- +2.34.1 + diff --git a/sdk/gramine/README.md b/sdk/gramine/README.md new file mode 100644 index 0000000..5c74cf7 --- /dev/null +++ b/sdk/gramine/README.md @@ -0,0 +1,40 @@ +## Proof-of-concept _untested_ Gramine support + +> :warning: **Note.** Integration with Gramine (v1.3.1) is currently _untested_ +> and only provided as an example/starter for people wishing to experiment with +> SGX-Step on Gramine (e.g., see issue #47). Particularly, the patches below +> were validated to successfully compile but were never actually ran(!) +> Furthermore, single-stepping itself is not currently provided for Gramine, +> but should be straightforwardly feasible based on the existing code for the +> Intel SDK. As always, issues/PRs are welcome if you want to contribute +> improvements for a work-in-progress Gramine port. + +1. First, apply the patches in the untrusted Gramine runtime `host_entry.S` to +be able to link to `libsgxstep`: + +```bash +$ ./patch_entry.sh +``` + +2. Build the patched Gramine runtime and validate that the patches were +properly applied in the modified Gramine loader: + +```bash +$ cd gramine +$ meson configure build/ -Dsgx=enabled +$ ninja -C build +$ objdump -d build/pal/src/host/linux-sgx/loader | grep sgx_set_aep +000000000000924c : +``` + +3. Now, you can implement the required attack code in Gramine's untrusted +runtime using `libsgxstep` functionality as usual. For example, the following +patch in `host_ecalls.c` demonstrates some basic usages: + +```bash +$ ./patch_ecall.sh +$ cd gramine +$ ninja -C build +$ objdump -d build/pal/src/host/linux-sgx/loader | grep sgx_step + 18631: 48 8d 05 2c 1c 00 00 lea 0x1c2c(%rip),%rax # 1a264 +``` diff --git a/sdk/gramine/gramine b/sdk/gramine/gramine new file mode 160000 index 0000000..211ec44 --- /dev/null +++ b/sdk/gramine/gramine @@ -0,0 +1 @@ +Subproject commit 211ec447ee69f16139520fc3a17c561c36a00943 diff --git a/sdk/gramine/patch_ecall.sh b/sdk/gramine/patch_ecall.sh new file mode 100755 index 0000000..a985d93 --- /dev/null +++ b/sdk/gramine/patch_ecall.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +cd gramine + +echo "=== patching ECALL ===" +patch -p1 < ../0002-Example-usage-of-libsgxstep-functionality-on-Gramine.patch diff --git a/sdk/gramine/patch_entry.sh b/sdk/gramine/patch_entry.sh new file mode 100755 index 0000000..865e53b --- /dev/null +++ b/sdk/gramine/patch_entry.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +cd gramine + +echo "=== patching AEP/TCS ===" +patch -p1 < ../0001-SGX-Step-Gramine-patches-to-reconfigure-AEP-TCS.patch