On Wed, Nov 18, 2020 at 01:00:30PM +0100, Jethro Beekman wrote: > On 2020-11-18 12:44, Borislav Petkov wrote: > > On Wed, Nov 18, 2020 at 12:18:00PM +0100, Jethro Beekman wrote: > >> Just to double check, since you didn't show the /dev mount line: that > >> is also not mounted noexec? > > > > Yes: > > > > udev on /dev type devtmpfs (rw,nosuid,noexec,relatime,size=8021332k,nr_inodes=2005333,mode=755,inode64) > > > > but this is how udev mounts it by default. Now I did: > > On some distros, unfortunately, yes, and this breaks SGX. See https://www.spinics.net/lists/linux-sgx/msg02562.html and https://www.spinics.net/lists/linux-sgx/msg02617.html > > > > > # mount /dev -o remount,exec > > > > and I got > > > > udev on /dev type devtmpfs (rw,nosuid,relatime,size=8021332k,nr_inodes=2005333,mode=755,inode64) > > > > and now it fails differently: > > > > 0x0000000000000000 0x0000000000002000 0x03 > > 0x0000000000002000 0x0000000000001000 0x05 > > 0x0000000000003000 0x0000000000003000 0x03 > > encl_load: encl->nr_segments: 3 > > encl_load: seg2 offset: 0x3000, seg2 size: 12288 > > encl_load: encl_size: 32768, src_size: 24576 > > encl_map_area: encl_size: 32768 > > encl_map_area: area: 0x0x7feae0db2000 > > encl_map_area: encl_base: 0x7feae0db8000 > > SGX_IOC_ENCLAVE_INIT failed: errno=1 > > > > I think that means SGX_INVALID_SIG_STRUCT, which is a very odd error > to get. It basically means the file header is wrong. Maybe some > concurrency/fflush issue in the test? Sent a fix: https://lore.kernel.org/linux-sgx/20201118170640.39629-1-jarkko@xxxxxxxxxx/T/#u > -- > Jethro Beekman | Fortanix > /Jarkko
