Ubuntu

.github/workflows/ci.yaml

@@ -8,7 +8,12 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        os:
+          - ubuntu-20.04
+          - ubuntu-22.04
+    runs-on: ${{ matrix.os }}
 
     steps:
       - name: Check out repository

README.md

@@ -176,7 +176,7 @@ To build and load the `/dev/sgx-step` driver, execute:
 
 ```bash
 $ cd kernel/
-$ ./install_SGX_driver.sh              # tested on Ubuntu 18.04/20.04/22.04
+$ ./install_SGX_driver.sh              # tested on Ubuntu 20.04/22.04
 $ make clean load
 ```
 
@@ -201,17 +201,17 @@ to bypass `devmem_is_allowed` checks, without having to recompile the kernel.
 
 To enable easy registration of a custom Asynchronous Exit Pointer (AEP) stub,
 we modified the untrusted runtime of the official Intel SGX SDK. Proceed as
-follows to checkout [linux-sgx](https://github.com/01org/linux-sgx) v2.16 and
+follows to checkout [linux-sgx](https://github.com/01org/linux-sgx) v2.23 and
 apply our patches.
 
 ```bash
 $ cd sdk/intel-sdk/
-$ ./install_SGX_SDK.sh                 # tested on Ubuntu 18.04/20.04
+$ ./install_SGX_SDK.sh                 # tested on Ubuntu 20.04/22.04
 $ source /opt/intel/sgxsdk/environment # add to ~/.bashrc to preserve across terminal sessions
 $ sudo service aesmd status            # stop/start aesmd service if needed
 ```
 
-The above install scripts are tested on Ubuntu 18.04 LTS.
+The above install scripts are tested on Ubuntu 22.04 LTS.
 For other GNU/Linux distributions, please follow the instructions in the
 [linux-sgx](https://github.com/01org/linux-sgx) project to build and install
 the Intel SGX SDK and PSW packages. You will also need to build and load an

libsgxstep/aep_trampoline.S

@@ -82,3 +82,4 @@ sgx_step_aep_trampoline:
 .global sgx_step_aep_eresume
 sgx_step_aep_eresume:
     .byte 0x0f, 0x01, 0xd7              /* ENCLU */
+    ud2

sdk/intel-sdk/0001-reconfigure-AEP-TCS-ebase.patch

@@ -1,8 +1,8 @@
-commit 1a75eb4d0954b1f3eab76a211647de8a80031170
+commit f32cc9feb7ce7e94337a3f78b0d0085161f75c8b
 Author: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
-Date:   Wed Apr 13 13:55:33 2022 +0200
+Date:   Thu Feb 8 20:49:32 2024 +0000
 
-    SGX-Step SDK patches to reconfigure AEP/TCS.
+    SGX-Step SDK patches to reconfigure AEP/TCS
 
 diff --git a/common/inc/sgx_urts.h b/common/inc/sgx_urts.h
 index 691efbc9..07240fa7 100644
@@ -21,7 +21,7 @@ index 691efbc9..07240fa7 100644
 
  /* Convenient macro to be passed to sgx_create_enclave(). */
 diff --git a/psw/urts/linux/enter_enclave.S b/psw/urts/linux/enter_enclave.S
-index fc3828e1..6b6e8a26 100644
+index 4f09e2da..2f6b749e 100644
 --- a/psw/urts/linux/enter_enclave.S
 +++ b/psw/urts/linux/enter_enclave.S
 @@ -32,6 +32,29 @@
@@ -75,21 +75,21 @@ index fc3828e1..6b6e8a26 100644
 
  .Leenter_inst:
      ENCLU
-@@ -158,15 +189,27 @@ EENTER_PROLOG
+@@ -158,18 +189,29 @@ EENTER_PROLOG
  .Loret:
      EENTER_EPILOG
 
 -.Lasync_exit_pointer:
 +__default_async_exit_pointer:
      ENCLU
+     ud2
      _CET_ENDBR
 
  .size __morestack, .-__morestack
 
- 
--DECLARE_GLOBAL_FUNC get_aep
+-
+ DECLARE_GLOBAL_FUNC get_aep
 -    lea_pic     .Lasync_exit_pointer, %xax
-+ DECLARE_GLOBAL_FUNC get_aep
 +    lea_pic     g_aep_pointer, %xax
 +    mov         (%xax), %xax
 +    ret
@@ -98,16 +98,18 @@ index fc3828e1..6b6e8a26 100644
 +    lea_pic     g_aep_pointer, %xax
 +    mov         naked_arg0, %xbx
 +    mov         %xbx, (%xax)
-+    ret
-+
+     ret
+ 
 +DECLARE_GLOBAL_FUNC get_tcs
 +    lea_pic     g_tcs, %xax
 +    mov         (%xax), %xax
-     ret
-
++    ret
++ 
  DECLARE_GLOBAL_FUNC get_eenterp
+     lea_pic .Leenter_inst, %xax
+     ret
 diff --git a/psw/urts/linux/urts.cpp b/psw/urts/linux/urts.cpp
-index 17c82de4..b8dbffe4 100644
+index 22b37bf0..c9ac872e 100644
 --- a/psw/urts/linux/urts.cpp
 +++ b/psw/urts/linux/urts.cpp
 @@ -40,6 +40,26 @@
@@ -138,7 +140,7 @@ index 17c82de4..b8dbffe4 100644
  {
      //update last feature index if it fails here
 diff --git a/psw/urts/linux/urts.lds b/psw/urts/linux/urts.lds
-index 44897f21..c504e3b9 100644
+index 02b98ed6..a70d55ee 100644
 --- a/psw/urts/linux/urts.lds
 +++ b/psw/urts/linux/urts.lds
 @@ -1,5 +1,8 @@

sdk/intel-sdk/install_SGX_SDK.sh

@@ -35,20 +35,16 @@ OS_ID=$(lsb_release -si | tr '[:upper:]' '[:lower:]')
 OS_REL=$(lsb_release -sr)
 OS_STR=$OS_ID$OS_REL
 
-if [ $OS_STR = "ubuntu22.04" ]; then
-       echo "Warning: Ubuntu 22.04 LTS currently not yet officially supported by linux-sgx Intel SDK; overriding to Ubuntu 20.04 .."
-       OS_STR="ubuntu20.04"
-       sudo ln -fs /usr/bin/python2 /usr/bin/python
-       python --version
-fi
-
 # ----------------------------------------------------------------------
 echo "[ building SDK ]"
 cd linux-sgx
 make preparation
-sudo cp "external/toolset/$OS_STR/"* /usr/local/bin
 
-ci_silent make -j`nproc` sdk_install_pkg
+if [ -d "external/toolset/$OS_STR" ]; then
+    sudo cp "external/toolset/$OS_STR/"* /usr/local/bin
+fi
+
+ci_silent make sdk_install_pkg
 
 echo "[ installing SDK system-wide ]"
 cd linux/installer/bin/
@@ -60,7 +56,7 @@ cd ../../../
 
 # ----------------------------------------------------------------------
 echo "[ building PSW ]"
-ci_silent make -j`nproc` psw_install_pkg
+ci_silent make psw_install_pkg
 
 echo "[ installing PSW/SDK system-wide ]"
 cd linux/installer/bin/