From 37b4c0bdfe3a4a60daa1fa2aff3bba5cfe8986ae Mon Sep 17 00:00:00 2001 From: "YiLin.Li" Date: Thu, 10 Sep 2020 21:08:56 +0000 Subject: [PATCH] sgx-tools: Update the vendor package `rune` version Update the vendor package github.com/alibaba/inclavare-containers/rune version to v0.0.0-20200910122807-fd8d2f54e423(https://github.com/alibaba/inclavare-containers/commit/fd8d2f54e423a3521a5d77fffb2c19f1bd6073f3) Signed-off-by: Yilin Li --- sgx-tools/go.mod | 6 +- sgx-tools/go.sum | 46 ++++++++++++++ .../runc/libenclave/intelsgx/arch.go | 21 +------ .../runc/libenclave/intelsgx/cpuid.go | 47 ++++++++++++++ .../runc/libenclave/intelsgx/cpuid_low.s | 12 ---- .../runc/libenclave/intelsgx/device_linux.go | 37 +++++++++++ .../runc/libenclave/intelsgx/epc.go | 2 +- .../libenclave/intelsgx/launch_control.go | 2 +- .../intelsgx/proto/aesm-service.proto | 62 +++++++++++++++++++ .../runc/libenclave/intelsgx/secs.go | 2 +- sgx-tools/vendor/modules.txt | 5 +- 11 files changed, 204 insertions(+), 38 deletions(-) create mode 100644 sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid.go delete mode 100644 sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid_low.s create mode 100644 sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/device_linux.go create mode 100644 sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/proto/aesm-service.proto diff --git a/sgx-tools/go.mod b/sgx-tools/go.mod index 9afb0db..b22518a 100644 --- a/sgx-tools/go.mod +++ b/sgx-tools/go.mod @@ -3,11 +3,11 @@ module github.com/inclavare-containers/sgx-tools go 1.14 require ( - github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1 - github.com/golang/protobuf v1.4.2 + github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1 // indirect + github.com/golang/protobuf v1.4.2 // indirect github.com/opencontainers/runc v0.0.0-00010101000000-000000000000 github.com/sirupsen/logrus v1.6.0 github.com/urfave/cli v1.22.4 ) -replace github.com/opencontainers/runc => github.com/alibaba/inclavare-containers/rune v0.0.0-20200527123028-5b951e6d3bb0 +replace github.com/opencontainers/runc => github.com/alibaba/inclavare-containers/rune v0.0.0-20200910122807-fd8d2f54e423 diff --git a/sgx-tools/go.sum b/sgx-tools/go.sum index fc18dd8..807c484 100644 --- a/sgx-tools/go.sum +++ b/sgx-tools/go.sum @@ -1,8 +1,14 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/alibaba/inclavare-containers/rune v0.0.0-20200527123028-5b951e6d3bb0 h1:PyVmCYLADfHIwOEhnRW+QWea4jJikmsb0YxzwWlKvag= github.com/alibaba/inclavare-containers/rune v0.0.0-20200527123028-5b951e6d3bb0/go.mod h1:J0bOgJ9XXn/Q5kOys2btdg+YRAY2XWuWlwisNwjKANg= +github.com/alibaba/inclavare-containers/rune v0.0.0-20200910122807-fd8d2f54e423 h1:h0rECk67gd0CxmHYnaHPH1RbhRjto2hlC3KuOo/Vzfc= +github.com/alibaba/inclavare-containers/rune v0.0.0-20200910122807-fd8d2f54e423/go.mod h1:/CbCa9fzRq4l68afAO4pcpNdgNkQFQOAhdwSFWz7S1s= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/checkpoint-restore/go-criu v0.0.0-20191125063657-fcdcd07065c5/go.mod h1:TrMrLQfeENAPYPRsJuq3jsqdlRh3lvi6trTZJG8+tho= github.com/cilium/ebpf v0.0.0-20200319110858-a7172c01168f/go.mod h1:XT+cAw5wfvsodedcijoh1l9cf7v1x9FlFB/3VmF/O8s= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= @@ -12,9 +18,17 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1 h1:LoN2wx/aN8JPGebG+2DaUyk4M+xRcqJXfuIbs8AWHdE= github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= @@ -23,6 +37,7 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= @@ -40,6 +55,7 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= @@ -58,6 +74,21 @@ github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -66,8 +97,21 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE= golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -79,3 +123,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/arch.go b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/arch.go index b48a638..3b642ea 100644 --- a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/arch.go +++ b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/arch.go @@ -9,20 +9,6 @@ var ( maxEnclaveSizeBits uint32 ) -// CPUID leafs -const ( - cpuidExtendedFeatureFlags = 0x7 - cpuidSgxFeature = 0x12 -) - -// CPUID leaf 0x12 sub-leafs -const ( - sgxCapabilties = 0 - sgxAttributes = 1 - sgxEpcBaseSection = 2 - maxSgxEpcSections = 8 -) - const ( SigStructLength = 1808 EinittokenLength = 304 @@ -129,6 +115,7 @@ type Quote struct { const ( QuoteSignatureTypeUnlinkable = iota QuoteSignatureTypeLinkable + InvalidQuoteSignatureType ) const ( @@ -145,11 +132,9 @@ type QuoteBody struct { Basename [32]byte `struct:"[32]byte"` } -func cpuid_low(leaf, subLeaf uint32) (eax, ebx, ecx, edx uint32) - // Check whether CPUs support SGX or not func IsSgxSupported() bool { - _, ebx, _, _ := cpuid_low(cpuidExtendedFeatureFlags, 0) + _, ebx, _, _ := cpuid(cpuidExtendedFeatureFlags, 0) if (ebx & 0x4) == 0x0 { return false } @@ -163,7 +148,7 @@ func GetSgxFeatures() { return } - eax, ebx, _, edx := cpuid_low(cpuidSgxFeature, sgxCapabilties) + eax, ebx, _, edx := cpuid(cpuidSgxFeature, sgxCapabilties) if (eax & 0x1) != 0 { sgx1Supported = true } diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid.go b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid.go new file mode 100644 index 0000000..81f2912 --- /dev/null +++ b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid.go @@ -0,0 +1,47 @@ +package intelsgx // import "github.com/opencontainers/runc/libenclave/intelsgx" + +/* +#include +#include + +static void cpuid(__uint32_t leaf, __uint32_t sub_leaf, + __uint32_t *eax, __uint32_t *ebx, + __uint32_t *ecx, __uint32_t *edx) +{ + asm volatile("cpuid" + : "=a"(*eax), "=b"(*ebx), "=c"(*ecx), "=d"(*edx) + : "0"(leaf), "2"(sub_leaf) + : "memory"); +} +*/ +import "C" +import "unsafe" + +// CPUID leafs +const ( + cpuidExtendedFeatureFlags = 0x7 + cpuidSgxFeature = 0x12 +) + +// CPUID leaf 0x12 sub-leafs +const ( + sgxCapabilties = 0 + sgxAttributes = 1 + sgxEpcBaseSection = 2 + maxSgxEpcSections = 8 +) + +func cpuid(leaf uint32, subLeaf uint32) (uint32, uint32, uint32, uint32) { + var ( + eax uint32 + ebx uint32 + ecx uint32 + edx uint32 + ) + + C.cpuid(C.uint(leaf), C.uint(subLeaf), (*C.uint)(unsafe.Pointer(&eax)), + (*C.uint)(unsafe.Pointer(&ebx)), (*C.uint)(unsafe.Pointer(&ecx)), + (*C.uint)(unsafe.Pointer(&edx))) + + return eax, ebx, ecx, edx +} diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid_low.s b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid_low.s deleted file mode 100644 index 9b6b5c4..0000000 --- a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/cpuid_low.s +++ /dev/null @@ -1,12 +0,0 @@ -#include "textflag.h" - -// func cpuid_low(leaf, subLeaf uint32) (eax, ebx, ecx, edx uint32) -TEXT ·cpuid_low(SB),NOSPLIT,$0-24 - MOVL arg1+0(FP), AX - MOVL arg2+4(FP), CX - CPUID - MOVL AX, eax+8(FP) - MOVL BX, ebx+12(FP) - MOVL CX, ecx+16(FP) - MOVL DX, edx+20(FP) - RET diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/device_linux.go b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/device_linux.go new file mode 100644 index 0000000..2ce2635 --- /dev/null +++ b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/device_linux.go @@ -0,0 +1,37 @@ +package intelsgx // import "github.com/opencontainers/runc/libenclave/intelsgx" + +/* +#cgo linux LDFLAGS: -ldl +#include +#include +#include +*/ +import "C" + +import ( + "unsafe" +) + +func loadLibrary(p string) { + path := C.CString(p) + dl := C.dlopen(path, C.RTLD_NOW) + if dl == nil { + C.perror(C.CString("failed to load library " + p)) + } + C.free(unsafe.Pointer(path)) +} + +// Due to the design of runelet, the Enclave Runtime PAL is loaded +// in host but launched in container. The fact that certain libraries +// from Intel SGX PSW would use dlopen() to further load +// libsgx_launch.so, which means the container has to have it. In +// order to ensure all libraries dependent by Enclave Runtime PAL +// are completely loaded in host, preload them prior to switch +// into container. +func preloadSgxPswLib() { + loadLibrary("libsgx_launch.so.1") +} + +func init() { + preloadSgxPswLib() +} diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/epc.go b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/epc.go index d11b021..d8bde07 100644 --- a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/epc.go +++ b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/epc.go @@ -10,7 +10,7 @@ func GetEpcSections() []SgxEpcSection { sections := []SgxEpcSection{} for i := 0; i < maxSgxEpcSections; i++ { - eax, ebx, ecx, edx := cpuid_low(cpuidSgxFeature, uint32(sgxEpcBaseSection+i)) + eax, ebx, ecx, edx := cpuid(cpuidSgxFeature, uint32(sgxEpcBaseSection+i)) if (eax & 0xf) == 0x0 { break diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/launch_control.go b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/launch_control.go index c5807f0..b9481fd 100644 --- a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/launch_control.go +++ b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/launch_control.go @@ -5,7 +5,7 @@ var ( ) func GetSgxLaunchControl() { - _, _, ecx, _ := cpuid_low(cpuidExtendedFeatureFlags, 0) + _, _, ecx, _ := cpuid(cpuidExtendedFeatureFlags, 0) if (ecx & 0x40000000) != 0 { sgxLaunchControlSupported = true } diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/proto/aesm-service.proto b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/proto/aesm-service.proto new file mode 100644 index 0000000..cd4fd36 --- /dev/null +++ b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/proto/aesm-service.proto @@ -0,0 +1,62 @@ +syntax = "proto3"; + +package aesm_service; // import "github.com/opencontainers/runc/libenclave/intelsgx/proto" + +// Refer to https://github.com/intel/linux-sgx/blob/master/psw/ae/aesm_service/source/core/ipc/messages.proto + +message AesmServiceRequest { + + message GetQeTargetInfo { + uint32 timeout = 9; + } + + message GetQuote { + bytes report = 1; + oneof quote_type_present { + uint32 quote_type = 2; + } + bytes spid = 3; + bytes nonce = 4; + bytes sig_rl = 5; + uint32 buf_size = 6; + oneof qe_report_present { + bool qe_report = 7; + } + uint32 timeout = 9; + } + + message GetLaunchToken { + bytes enclavehash = 1; + bytes modulus = 2; + bytes attributes = 3; + uint32 timeout = 9; + } + + GetQeTargetInfo getQeTargetInfo = 1; + GetQuote getQuote = 2; + GetLaunchToken getLaunchToken = 3; +} + +message AesmServiceResponse { + + message GetQeTargetInfo { + uint32 error = 1; + bytes targetinfo = 2; + bytes gid = 3; + } + + message GetQuote { + uint32 error = 1; + bytes quote = 2; + bytes qe_report = 3; + } + + message GetLaunchToken { + uint32 error = 1; + bytes token = 2; + } + + GetQeTargetInfo getQeTargetInfo = 1; + GetQuote getQuote = 2; + GetLaunchToken getLaunchToken = 3; +} diff --git a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/secs.go b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/secs.go index 300ed45..5288db7 100644 --- a/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/secs.go +++ b/sgx-tools/vendor/github.com/opencontainers/runc/libenclave/intelsgx/secs.go @@ -1,6 +1,6 @@ package intelsgx // import "github.com/opencontainers/runc/libenclave/intelsgx" func getSecsAttributes() (uint32, uint32, uint32, uint32) { - eax, ebx, ecx, edx := cpuid_low(cpuidSgxFeature, sgxAttributes) + eax, ebx, ecx, edx := cpuid(cpuidSgxFeature, sgxAttributes) return eax, ebx, ecx, edx } diff --git a/sgx-tools/vendor/modules.txt b/sgx-tools/vendor/modules.txt index 6a8bfb9..19e9165 100644 --- a/sgx-tools/vendor/modules.txt +++ b/sgx-tools/vendor/modules.txt @@ -9,9 +9,10 @@ github.com/go-restruct/restruct/expr github.com/golang/protobuf/proto # github.com/konsorten/go-windows-terminal-sequences v1.0.3 github.com/konsorten/go-windows-terminal-sequences -# github.com/opencontainers/runc v0.0.0-00010101000000-000000000000 => github.com/alibaba/inclavare-containers/rune v0.0.0-20200527123028-5b951e6d3bb0 +# github.com/opencontainers/runc v0.0.0-00010101000000-000000000000 => github.com/alibaba/inclavare-containers/rune v0.0.0-20200910122807-fd8d2f54e423 ## explicit github.com/opencontainers/runc/libenclave/intelsgx +github.com/opencontainers/runc/libenclave/intelsgx/proto # github.com/pkg/errors v0.9.1 github.com/pkg/errors # github.com/russross/blackfriday/v2 v2.0.1 @@ -54,4 +55,4 @@ google.golang.org/protobuf/reflect/protoreflect google.golang.org/protobuf/reflect/protoregistry google.golang.org/protobuf/runtime/protoiface google.golang.org/protobuf/runtime/protoimpl -# github.com/opencontainers/runc => github.com/alibaba/inclavare-containers/rune v0.0.0-20200527123028-5b951e6d3bb0 +# github.com/opencontainers/runc => github.com/alibaba/inclavare-containers/rune v0.0.0-20200910122807-fd8d2f54e423 -- GitLab