Re: [PATCH v28 14/22] selftests/x86: Add a selftest for SGX

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 05, 2020 at 11:32:10PM -0600, Dr. Greg wrote:
> On Wed, Mar 04, 2020 at 01:36:01AM +0200, Jarkko Sakkinen wrote:
> 
> Good evening, I hope the end of the week is going well for everyone.
> 
> > Add a selftest for SGX. It is a trivial test where a simple enclave
> > copies one 64-bit word of memory between two memory locations given
> > to the enclave as arguments. Use ENCLS[EENTER] to invoke the
> > enclave.
> 
> Just as a clarification, are you testing the new driver against signed
> production class enclaves in .so format that also include metadata
> layout directives or is the driver just getting tested against the two
> page toy enclave that copies a word of memory from one memory location
> to another?

That is the kind of role kselftests to smoke stuff. Obviously it will
be refined over time but to do a "hello world" from scratch as an
enclave was already quite a big effort.

> Our PSW/runtime is currently failing to initialize production class
> enclaves secondary to a return value of -4 from the ENCLU[EINIT]
> instruction, which means the measurement of the loaded enclave has
> failed to match the value in the signature structure.
> 
> The same enclave loads fine with the out of kernel driver.  Our
> diagnostics tell us we are feeding identical page streams and
> permissions to the page add ioctl's of both drivers.  The identity
> modulus signature of the signing key for the enclave is being written
> to the launch control registers.
> 
> We see the same behavior from both our unit test enclaves and the
> Quoting Enclave from the Intel SGX runtime.
> 
> When we ported our runtime loader to the new driver ABI we kept things
> simple and add only a single page at a time in order to replicate the
> behavior of the old driver.
> 
> Secondly, we were wondering what distribution you are building the
> self-tests with?  Initial indications are that the selftest signing
> utility doesn't build properly with OpenSSL 1.1.1.

I don't use a distribution. I just build user space with BuildRoot
when I test a kernel.

Do you have a build log available to look at?

/Jarkko
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux