diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b7031b9..12ab1e5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,7 +8,12 @@ on: jobs: build: - runs-on: ubuntu-20.04 + strategy: + matrix: + os: + - ubuntu-20.04 + - ubuntu-22.04 + runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/README.md b/README.md index 7739c3b..a174154 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ To build and load the `/dev/sgx-step` driver, execute: ```bash $ cd kernel/ -$ ./install_SGX_driver.sh # tested on Ubuntu 18.04/20.04/22.04 +$ ./install_SGX_driver.sh # tested on Ubuntu 20.04/22.04 $ make clean load ``` @@ -201,17 +201,17 @@ to bypass `devmem_is_allowed` checks, without having to recompile the kernel. To enable easy registration of a custom Asynchronous Exit Pointer (AEP) stub, we modified the untrusted runtime of the official Intel SGX SDK. Proceed as -follows to checkout [linux-sgx](https://github.com/01org/linux-sgx) v2.16 and +follows to checkout [linux-sgx](https://github.com/01org/linux-sgx) v2.23 and apply our patches. ```bash $ cd sdk/intel-sdk/ -$ ./install_SGX_SDK.sh # tested on Ubuntu 18.04/20.04 +$ ./install_SGX_SDK.sh # tested on Ubuntu 20.04/22.04 $ source /opt/intel/sgxsdk/environment # add to ~/.bashrc to preserve across terminal sessions $ sudo service aesmd status # stop/start aesmd service if needed ``` -The above install scripts are tested on Ubuntu 18.04 LTS. +The above install scripts are tested on Ubuntu 22.04 LTS. For other GNU/Linux distributions, please follow the instructions in the [linux-sgx](https://github.com/01org/linux-sgx) project to build and install the Intel SGX SDK and PSW packages. You will also need to build and load an diff --git a/libsgxstep/aep_trampoline.S b/libsgxstep/aep_trampoline.S index fc06c84..e53cc86 100644 --- a/libsgxstep/aep_trampoline.S +++ b/libsgxstep/aep_trampoline.S @@ -82,3 +82,4 @@ sgx_step_aep_trampoline: .global sgx_step_aep_eresume sgx_step_aep_eresume: .byte 0x0f, 0x01, 0xd7 /* ENCLU */ + ud2 diff --git a/sdk/intel-sdk/0001-reconfigure-AEP-TCS-ebase.patch b/sdk/intel-sdk/0001-reconfigure-AEP-TCS-ebase.patch index c13ae95..96b40dd 100644 --- a/sdk/intel-sdk/0001-reconfigure-AEP-TCS-ebase.patch +++ b/sdk/intel-sdk/0001-reconfigure-AEP-TCS-ebase.patch @@ -1,8 +1,8 @@ -commit 1a75eb4d0954b1f3eab76a211647de8a80031170 +commit f32cc9feb7ce7e94337a3f78b0d0085161f75c8b Author: Jo Van Bulck -Date: Wed Apr 13 13:55:33 2022 +0200 +Date: Thu Feb 8 20:49:32 2024 +0000 - SGX-Step SDK patches to reconfigure AEP/TCS. + SGX-Step SDK patches to reconfigure AEP/TCS diff --git a/common/inc/sgx_urts.h b/common/inc/sgx_urts.h index 691efbc9..07240fa7 100644 @@ -21,7 +21,7 @@ index 691efbc9..07240fa7 100644 /* Convenient macro to be passed to sgx_create_enclave(). */ diff --git a/psw/urts/linux/enter_enclave.S b/psw/urts/linux/enter_enclave.S -index fc3828e1..6b6e8a26 100644 +index 4f09e2da..2f6b749e 100644 --- a/psw/urts/linux/enter_enclave.S +++ b/psw/urts/linux/enter_enclave.S @@ -32,6 +32,29 @@ @@ -75,21 +75,21 @@ index fc3828e1..6b6e8a26 100644 .Leenter_inst: ENCLU -@@ -158,15 +189,27 @@ EENTER_PROLOG +@@ -158,18 +189,29 @@ EENTER_PROLOG .Loret: EENTER_EPILOG -.Lasync_exit_pointer: +__default_async_exit_pointer: ENCLU + ud2 _CET_ENDBR .size __morestack, .-__morestack - --DECLARE_GLOBAL_FUNC get_aep +- + DECLARE_GLOBAL_FUNC get_aep - lea_pic .Lasync_exit_pointer, %xax -+ DECLARE_GLOBAL_FUNC get_aep + lea_pic g_aep_pointer, %xax + mov (%xax), %xax + ret @@ -98,16 +98,18 @@ index fc3828e1..6b6e8a26 100644 + lea_pic g_aep_pointer, %xax + mov naked_arg0, %xbx + mov %xbx, (%xax) -+ ret -+ + ret + +DECLARE_GLOBAL_FUNC get_tcs + lea_pic g_tcs, %xax + mov (%xax), %xax - ret - ++ ret ++ DECLARE_GLOBAL_FUNC get_eenterp + lea_pic .Leenter_inst, %xax + ret diff --git a/psw/urts/linux/urts.cpp b/psw/urts/linux/urts.cpp -index 17c82de4..b8dbffe4 100644 +index 22b37bf0..c9ac872e 100644 --- a/psw/urts/linux/urts.cpp +++ b/psw/urts/linux/urts.cpp @@ -40,6 +40,26 @@ @@ -138,7 +140,7 @@ index 17c82de4..b8dbffe4 100644 { //update last feature index if it fails here diff --git a/psw/urts/linux/urts.lds b/psw/urts/linux/urts.lds -index 44897f21..c504e3b9 100644 +index 02b98ed6..a70d55ee 100644 --- a/psw/urts/linux/urts.lds +++ b/psw/urts/linux/urts.lds @@ -1,5 +1,8 @@ diff --git a/sdk/intel-sdk/install_SGX_SDK.sh b/sdk/intel-sdk/install_SGX_SDK.sh index d931775..3909cd9 100755 --- a/sdk/intel-sdk/install_SGX_SDK.sh +++ b/sdk/intel-sdk/install_SGX_SDK.sh @@ -35,20 +35,16 @@ OS_ID=$(lsb_release -si | tr '[:upper:]' '[:lower:]') OS_REL=$(lsb_release -sr) OS_STR=$OS_ID$OS_REL -if [ $OS_STR = "ubuntu22.04" ]; then - echo "Warning: Ubuntu 22.04 LTS currently not yet officially supported by linux-sgx Intel SDK; overriding to Ubuntu 20.04 .." - OS_STR="ubuntu20.04" - sudo ln -fs /usr/bin/python2 /usr/bin/python - python --version -fi - # ---------------------------------------------------------------------- echo "[ building SDK ]" cd linux-sgx make preparation -sudo cp "external/toolset/$OS_STR/"* /usr/local/bin -ci_silent make -j`nproc` sdk_install_pkg +if [ -d "external/toolset/$OS_STR" ]; then + sudo cp "external/toolset/$OS_STR/"* /usr/local/bin +fi + +ci_silent make sdk_install_pkg echo "[ installing SDK system-wide ]" cd linux/installer/bin/ @@ -60,7 +56,7 @@ cd ../../../ # ---------------------------------------------------------------------- echo "[ building PSW ]" -ci_silent make -j`nproc` psw_install_pkg +ci_silent make psw_install_pkg echo "[ installing PSW/SDK system-wide ]" cd linux/installer/bin/ diff --git a/sdk/intel-sdk/linux-sgx b/sdk/intel-sdk/linux-sgx index e636b6c..242644c 160000 --- a/sdk/intel-sdk/linux-sgx +++ b/sdk/intel-sdk/linux-sgx @@ -1 +1 @@ -Subproject commit e636b6c42b822e499423dba312329d117ede0319 +Subproject commit 242644c77764fe46da2f86f352f4fdca349f2926