-
Notifications
You must be signed in to change notification settings - Fork 85
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Proof-of-concept _untested_ stub for Gramine support.
Proper integration of SGX-Step with different runtimes is still an outstanding issue (#28). Currently, only the Intel SDK is "officially" supported. An (untested) stub to start on integration with Gramine is, furthermore, provided "as is" in the `gramine` directory.
- Loading branch information
1 parent
d53ab9b
commit 5bad772
Showing
8 changed files
with
241 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,7 @@ | ||
TODO list the expected SDK hooks here used by `libsgxstep` and how to port to a new libOS/SDK. | ||
|
||
> :warning: **Note.** Proper integration of SGX-Step with different runtimes is | ||
> still an outstanding issue (#28). Currently, only the Intel SDK is | ||
> "officially" supported. An (untested) stub to start on integration with | ||
> Gramine is, furthermore, provided "as is" in the `gramine` directory. | ||
113 changes: 113 additions & 0 deletions
113
sdk/gramine/0001-SGX-Step-Gramine-patches-to-reconfigure-AEP-TCS.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
From f3d05a71a513445e9c3eec9e2ab6d4ab30f52d46 Mon Sep 17 00:00:00 2001 | ||
From: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be> | ||
Date: Wed, 12 Oct 2022 16:58:07 +0200 | ||
Subject: [PATCH 1/2] SGX-Step Gramine patches to reconfigure AEP/TCS. | ||
|
||
--- | ||
pal/src/host/linux-sgx/host_entry.S | 50 +++++++++++++++++++++++++++-- | ||
pal/src/host/linux-sgx/meson.build | 11 +++++++ | ||
2 files changed, 58 insertions(+), 3 deletions(-) | ||
|
||
diff --git a/pal/src/host/linux-sgx/host_entry.S b/pal/src/host/linux-sgx/host_entry.S | ||
index bb38ced4..b84803d2 100644 | ||
--- a/pal/src/host/linux-sgx/host_entry.S | ||
+++ b/pal/src/host/linux-sgx/host_entry.S | ||
@@ -2,6 +2,21 @@ | ||
|
||
#include "asm-offsets.h" | ||
|
||
+ .data | ||
+g_aep_pointer: | ||
+ .word 0x0 | ||
+ .word 0x0 | ||
+ .word 0x0 | ||
+ .word 0x0 | ||
+ | ||
+ .data | ||
+g_tcs: | ||
+ .word 0x0 | ||
+ .word 0x0 | ||
+ .word 0x0 | ||
+ .word 0x0 | ||
+ | ||
+ .text | ||
.extern tcs_base | ||
.extern g_in_aex_profiling | ||
|
||
@@ -36,11 +51,18 @@ sgx_ecall: | ||
|
||
# RBX has to be the TCS of the thread | ||
movq %gs:PAL_HOST_TCB_TCS, %rbx | ||
+ leaq g_tcs(%rip), %rax | ||
+ movq %rbx, (%rax) | ||
|
||
# RCX has to be the AEP (Asynchronous Exit Pointer) | ||
- leaq async_exit_pointer(%rip), %rcx | ||
- | ||
- movq $EENTER, %rax | ||
+ leaq g_aep_pointer(%rip), %rax | ||
+ movq (%rax), %rcx /* aep addr */ | ||
+ cmp $0x0, %rcx | ||
+ jnz 1f | ||
+ leaq async_exit_pointer(%rip), %rcx | ||
+ movq %rcx, (%rax) | ||
+ | ||
+1: movq $EENTER, %rax /* EENTER leaf */ | ||
ENCLU | ||
|
||
# currently only ECALL_THREAD_RESET returns | ||
@@ -178,3 +200,25 @@ sgx_raise: | ||
# RSI - external event | ||
jmp .Ldo_ecall | ||
.cfi_endproc | ||
+ | ||
+ | ||
+.macro DECLARE_GLOBAL_FUNC name | ||
+ .globl \name | ||
+ .type \name, @function | ||
+\name: | ||
+.endm | ||
+ | ||
+DECLARE_GLOBAL_FUNC sgx_get_aep | ||
+ leaq g_aep_pointer(%rip), %rax | ||
+ movq (%rax), %rax | ||
+ ret | ||
+ | ||
+DECLARE_GLOBAL_FUNC sgx_set_aep | ||
+ leaq g_aep_pointer(%rip), %rax | ||
+ movq %rdi, (%rax) | ||
+ ret | ||
+ | ||
+DECLARE_GLOBAL_FUNC sgx_get_tcs | ||
+ leaq g_tcs(%rip), %rax | ||
+ movq (%rax), %rax | ||
+ ret | ||
diff --git a/pal/src/host/linux-sgx/meson.build b/pal/src/host/linux-sgx/meson.build | ||
index 3e77bdcc..c40794fa 100644 | ||
--- a/pal/src/host/linux-sgx/meson.build | ||
+++ b/pal/src/host/linux-sgx/meson.build | ||
@@ -152,10 +152,21 @@ libpal_sgx_host = executable('loader', | ||
# host part of PAL uses stack protector with standard parameters (not the ones defined for | ||
# PAL/LibOS) | ||
'-fstack-protector-strong', | ||
+ | ||
+ # XXX add libsgxstep include path | ||
+ '-I../../..', | ||
+ # XXX FORTIFY_SOURCE conflicts with regular libc header includes in libsgxstep | ||
+ '-D_FORTIFY_SOURCE=0', | ||
+ # XXX libsgxstep needs Intel SDK headers (only for error reporting; can be hacked out if needed) | ||
+ '-I/opt/intel/sgxsdk/include/' | ||
], | ||
link_args: [ | ||
'-Wl,-zrelro', | ||
'-Wl,-znow', | ||
+ | ||
+ # XXX link in libsgxstep library | ||
+ '-L../../../libsgxstep', | ||
+ '-lsgx-step', | ||
], | ||
pie: true, | ||
|
||
-- | ||
2.34.1 | ||
|
66 changes: 66 additions & 0 deletions
66
sdk/gramine/0002-Example-usage-of-libsgxstep-functionality-on-Gramine.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
From 0a276da7b6ba82ced095a795f66ac7f3ad0870a1 Mon Sep 17 00:00:00 2001 | ||
From: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be> | ||
Date: Wed, 12 Oct 2022 16:58:44 +0200 | ||
Subject: [PATCH 2/2] Example usage of libsgxstep functionality on Gramine's | ||
enclave entry. | ||
|
||
--- | ||
pal/src/host/linux-sgx/host_ecalls.c | 35 ++++++++++++++++++++++++++++ | ||
1 file changed, 35 insertions(+) | ||
|
||
diff --git a/pal/src/host/linux-sgx/host_ecalls.c b/pal/src/host/linux-sgx/host_ecalls.c | ||
index 9387266b..a740df24 100644 | ||
--- a/pal/src/host/linux-sgx/host_ecalls.c | ||
+++ b/pal/src/host/linux-sgx/host_ecalls.c | ||
@@ -6,6 +6,31 @@ | ||
#include "pal_ecall_types.h" | ||
#include "pal_rpc_queue.h" | ||
|
||
+/*****************************************************************************/ | ||
+/* XXX SGX-Step library includes and callbacks */ | ||
+ | ||
+#define SGX_STEP_ENABLE 1 | ||
+ | ||
+#if SGX_STEP_ENABLE | ||
+ #include "libsgxstep/debug.h" | ||
+ #include "libsgxstep/enclave.h" | ||
+ | ||
+ int aep_fired = 0; | ||
+ | ||
+ void aep_cb_func(void) | ||
+ { | ||
+ gprsgx_region_t gprsgx = {0}; | ||
+ uint64_t erip = edbgrd_erip() - (uint64_t) get_enclave_base(); | ||
+ info("Hello world from AEP callback %d with erip=%#llx! Resuming enclave..", aep_fired, erip); | ||
+ | ||
+ edbgrd(get_enclave_ssa_gprsgx_adrs(), &gprsgx, sizeof(gprsgx_region_t)); | ||
+ dump_gprsgx_region(&gprsgx); | ||
+ | ||
+ aep_fired++; | ||
+ } | ||
+#endif | ||
+/*****************************************************************************/ | ||
+ | ||
int ecall_enclave_start(char* libpal_uri, char* args, size_t args_size, char* env, | ||
size_t env_size, int parent_stream_fd, sgx_target_info_t* qe_targetinfo, | ||
struct pal_topo_info* topo_info, struct pal_dns_host_conf* dns_conf) { | ||
@@ -32,6 +57,16 @@ int ecall_enclave_start(char* libpal_uri, char* args, size_t args_size, char* en | ||
ms.ms_topo_info = topo_info; | ||
ms.ms_dns_host_conf = dns_conf; | ||
ms.rpc_queue = g_rpc_queue; | ||
+ | ||
+ /*****************************************************************************/ | ||
+ #if SGX_STEP_ENABLE | ||
+ /* XXX example of custom SGX-Step code before entering the victim enclave */ | ||
+ info("entering victim enclave"); | ||
+ register_aep_cb(aep_cb_func); | ||
+ print_enclave_info(); | ||
+ #endif | ||
+ /*****************************************************************************/ | ||
+ | ||
return sgx_ecall(ECALL_ENCLAVE_START, &ms); | ||
} | ||
|
||
-- | ||
2.34.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
## Proof-of-concept _untested_ Gramine support | ||
|
||
> :warning: **Note.** Integration with Gramine (v1.3.1) is currently _untested_ | ||
> and only provided as an example/starter for people wishing to experiment with | ||
> SGX-Step on Gramine (e.g., see issue #47). Particularly, the patches below | ||
> were validated to successfully compile but were never actually ran(!) | ||
> Furthermore, single-stepping itself is not currently provided for Gramine, | ||
> but should be straightforwardly feasible based on the existing code for the | ||
> Intel SDK. As always, issues/PRs are welcome if you want to contribute | ||
> improvements for a work-in-progress Gramine port. | ||
1. First, apply the patches in the untrusted Gramine runtime `host_entry.S` to | ||
be able to link to `libsgxstep`: | ||
|
||
```bash | ||
$ ./patch_entry.sh | ||
``` | ||
|
||
2. Build the patched Gramine runtime and validate that the patches were | ||
properly applied in the modified Gramine loader: | ||
|
||
```bash | ||
$ cd gramine | ||
$ meson configure build/ -Dsgx=enabled | ||
$ ninja -C build | ||
$ objdump -d build/pal/src/host/linux-sgx/loader | grep sgx_set_aep | ||
000000000000924c <sgx_set_aep>: | ||
``` | ||
|
||
3. Now, you can implement the required attack code in Gramine's untrusted | ||
runtime using `libsgxstep` functionality as usual. For example, the following | ||
patch in `host_ecalls.c` demonstrates some basic usages: | ||
|
||
```bash | ||
$ ./patch_ecall.sh | ||
$ cd gramine | ||
$ ninja -C build | ||
$ objdump -d build/pal/src/host/linux-sgx/loader | grep sgx_step | ||
18631: 48 8d 05 2c 1c 00 00 lea 0x1c2c(%rip),%rax # 1a264 <sgx_step_aep_trampoline> | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
|
||
cd gramine | ||
|
||
echo "=== patching ECALL ===" | ||
patch -p1 < ../0002-Example-usage-of-libsgxstep-functionality-on-Gramine.patch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
|
||
cd gramine | ||
|
||
echo "=== patching AEP/TCS ===" | ||
patch -p1 < ../0001-SGX-Step-Gramine-patches-to-reconfigure-AEP-TCS.patch |