Skip to content
This repository has been archived by the owner on Oct 26, 2021. It is now read-only.

Rewrite the SGX backend as an elf loader #478

Merged
merged 6 commits into from
Sep 8, 2021
Merged

Rewrite the SGX backend as an elf loader #478

merged 6 commits into from
Sep 8, 2021

Conversation

npmccallum
Copy link
Contributor

@npmccallum npmccallum commented Sep 7, 2021
edited
Loading

@npmccallum
Clean up Component::region()
80f466d 
Signed-off-by: Nathaniel McCallum <nathaniel@congru.us>
@npmccallum
Split up the SGX shim's handler
eaa5ea4 
This makes it easier to reason about.

Signed-off-by: Nathaniel McCallum <nathaniel@congru.us>
@npmccallum
Move all SGX startup assembly into main.rs
dd02cc8 
This makes it clearer where the actual entrypoint into the program is.

Signed-off-by: Nathaniel McCallum <nathaniel@congru.us>
haraldh
haraldh reviewed Sep 7, 2021
View reviewed changes
internal/shim-sgx/src/entry.rs Show resolved Hide resolved
internal/shim-sgx/layout.ld Outdated Show resolved Hide resolved
src/binary/component.rs

/// This segment contains unmeasured pages.
#[cfg(feature = "backend-sgx")]
pub const PF_ENARX_SGX_UNMEASURED: u32 = 1 << 21;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this used in the linker script?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It isn't (yet?). But I want it well defined in case we choose to use this strategy in the shim in the future. That way it won't require a new server side. Only client side changes will be required.

src/backend/sgx/mod.rs
code.region().into(),
);
// Find the offset for loading the code.
let slot = Span::from(shim.find_header(PT_ENARX_CODE).unwrap().vm_range());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add an anyhow context to the error and return with ? instead of unwrap(). This makes debugging a little bit easier.

Same for the rest.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can do that now. However, my next change is to pull out the common behavior between the backends and make the Backend API more intelligent. This was going to include better error handling processes. Do you want to wait for that? Or do you want me to improve error handling now?

src/binary/component.rs Outdated Show resolved Hide resolved
src/binary/component.rs Outdated Show resolved Hide resolved
@npmccallum
Add a defensive loop to entry::exit()
b7ccfc7 
This is defensive in case the host manages to resume the enclave during
an exit() syscall. If so, this syscall will be repeated endlessly.

Signed-off-by: Nathaniel McCallum <nathaniel@congru.us>
@npmccallum npmccallum marked this pull request as ready for review September 7, 2021 18:36
@npmccallum
Rewrite the SGX backend as an elf loader
41e20f8 
This matches the behavior under kvm.

Signed-off-by: Nathaniel McCallum <nathaniel@congru.us>
@npmccallum
Do cargo update on shim-sev
0e0008b 
Signed-off-by: Nathaniel McCallum <nathaniel@congru.us>
haraldh
haraldh reviewed Sep 8, 2021
View reviewed changes
internal/shim-sgx/layout.ld
tcs0 PT_LOAD FLAGS(1 << 20); /* PF_ENARX_SGX_TCS */
ssa0 PT_LOAD;

exec 0x634A0003 FLAGS(0); /* PT_ENARX_EXEC */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PT_ENARX_EXEC or PT_ENARX_CODE or PT_ENARX_INIT ??

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I propose we rename the "code" layer to the executable or "exec" layer.

@npmccallum npmccallum merged commit 24b5290 into enarx-archive:master Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@haraldh haraldh haraldh approved these changes

@ambaxter ambaxter Awaiting requested review from ambaxter

@whitebrandy whitebrandy Awaiting requested review from whitebrandy

Assignees

@haraldh haraldh

@whitebrandy whitebrandy

@ambaxter ambaxter

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@npmccallum @haraldh @whitebrandy @ambaxter