On 4/21/20 2:52 PM, Jarkko Sakkinen wrote:
v29:
* The selftest has been moved to selftests/sgx. Because SGX is an execution
environment of its own, it really isn't a great fit with more "standard"
x86 tests.
The RSA key is now generated on fly and the whole signing process has
been made as part of the enclave loader instead of signing the enclave
during the compilation time.
Finally, the enclave loader loads now the test enclave directly from its
ELF file, which means that ELF file does not need to be coverted as raw
binary during the build process.
* Version the mm_list instead of using on synchronize_mm() when adding new
entries. We hold the write lock for the mm_struct, and dup_mm() can thus
deadlock with the page reclaimer, which could hold the lock for the old
mm_struct.
* Disallow mmap(PROT_NONE) from /dev/sgx. Any mapping (e.g. anonymous) can
be used to reserve the address range. Now /dev/sgx supports only opaque
mappings to the (initialized) enclave data.
* Make the vDSO callable directly from C by preserving RBX and taking leaf
from RCX.
Hi all,
I've been producing Fedora 32 kernel builds with the SGX patches applied
for a few of weeks and I've just produced a build with this latest
revision[1]. We've been using these kernels to enable SGX for some of
our development/test machines.
We wanted to offer them here in the hopes that others might find them
useful for testing the SGX patchsets on their own machines to send
feedback to this list. Please note that these are *not* meant to replace
your distro kernel and these are for testing purposes only.
I'll continue to upload builds to a Fedora Copr[2] as long as the
patches continue to apply cleanly to the Fedora kernels.
Best,
Connor
[1]
https://download.copr.fedorainfracloud.org/results/npmccallum/enarx/fedora-32-x86_64/01344404-kernel/
[2] https://copr.fedorainfracloud.org/coprs/npmccallum/enarx/
[3] This is the packaging branch that I work from and rebase on top of
the f32 kernels:
https://github.com/connorkuehl/fedora-kernel-enarx-pkg/commits/f32-enarx
