提交 4ca4d3ca 编写于 作者: jia zhang's avatar jia zhang

rune/libenclave/skeleton: Support SGX1 machine without FLC

There are still lots of SGX1 machines without FLC support deployed
in filed. These machines eventually needs to be migrated to be supported
by SGX in-tree driver which is product-ready and well-maintained.

This patch targets to address the gap between SGX1 machine and SGX
in-tree driver.
Signed-off-by: jia zhang's avatarJia Zhang <zhang.jia@linux.alibaba.com>
上级 070b0307
...@@ -10,11 +10,14 @@ ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ ...@@ -10,11 +10,14 @@ ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
HOST_LDFLAGS := -fPIC -shared -Wl,-Bsymbolic HOST_LDFLAGS := -fPIC -shared -Wl,-Bsymbolic
IS_OOT_DRIVER := $(shell [ ! -e /dev/isgx ]) IS_OOT_DRIVER := $(shell [ ! -e /dev/isgx ])
IS_SGX_FLC := $(shell lscpu | grep -q sgx_lc)
TEST_CUSTOM_PROGS := $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss $(OUTPUT)/liberpal-skeleton.so $(OUTPUT)/signing_key.pem TEST_CUSTOM_PROGS := $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss $(OUTPUT)/liberpal-skeleton.so $(OUTPUT)/signing_key.pem
ifeq ($(IS_OOT_DRIVER),1) ifeq ($(IS_OOT_DRIVER),1)
TEST_CUSTOM_PROGS += $(OUTPUT)/encl.token TEST_CUSTOM_PROGS += $(OUTPUT)/encl.token
else ifeq ($(IS_SGX_FLC),)
TEST_CUSTOM_PROGS += $(OUTPUT)/encl.token
endif endif
all: $(TEST_CUSTOM_PROGS) all: $(TEST_CUSTOM_PROGS)
......
...@@ -31,6 +31,7 @@ static struct sgx_secs secs; ...@@ -31,6 +31,7 @@ static struct sgx_secs secs;
static bool initialized = false; static bool initialized = false;
static char *sgx_dev_path; static char *sgx_dev_path;
static bool is_oot_driver; static bool is_oot_driver;
static bool no_sgx_flc = false;
/* /*
* For SGX in-tree driver, dev_fd cannot be closed until an enclave instance * For SGX in-tree driver, dev_fd cannot be closed until an enclave instance
* intends to exit. * intends to exit.
...@@ -221,7 +222,7 @@ static bool encl_build(struct sgx_secs *secs, void *bin, unsigned long bin_size, ...@@ -221,7 +222,7 @@ static bool encl_build(struct sgx_secs *secs, void *bin, unsigned long bin_size,
goto out_map; goto out_map;
} }
if (is_oot_driver) { if (is_oot_driver || no_sgx_flc) {
struct sgx_enclave_init_with_token ioc; struct sgx_enclave_init_with_token ioc;
ioc.addr = secs->base; ioc.addr = secs->base;
ioc.sigstruct = (uint64_t)sigstruct; ioc.sigstruct = (uint64_t)sigstruct;
...@@ -359,6 +360,37 @@ static bool load_token(const char *path, void *token) ...@@ -359,6 +360,37 @@ static bool load_token(const char *path, void *token)
return true; return true;
} }
static void check_opts(const char *opt)
{
if (!strcmp(opt, "no-sgx-flc"))
no_sgx_flc = true;
}
static void parse_args(const char *args)
{
char *a = strdup(args);
if (!a)
return;
char *opt = strtok(a, " ");
check_opts(opt);
if (!opt) {
free(a);
return;
}
do {
char *opt = strtok(NULL, " ");
if (!opt)
break;
check_opts(opt);
} while (1);
free(a);
}
int pal_get_version(void) int pal_get_version(void)
{ {
return 1; return 1;
...@@ -376,6 +408,8 @@ int pal_init(pal_attr_t *attr) ...@@ -376,6 +408,8 @@ int pal_init(pal_attr_t *attr)
off_t bin_size; off_t bin_size;
void *bin; void *bin;
parse_args(attr->args);
detect_driver_type(); detect_driver_type();
if (!encl_data_map(IMAGE, &bin, &bin_size)) if (!encl_data_map(IMAGE, &bin, &bin_size))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册