rune/libenclave/skeleton: Support SGX in-tree driver

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

rune/libenclave/skeleton: Support SGX in-tree driver
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
57d111b9 · jia zhang · 02f29cec · 57d111b9 · 57d111b9
2 changed file
--- a/rune/libenclave/internal/runtime/pal/skeleton/liberpal-skeleton.c
+++ b/rune/libenclave/internal/runtime/pal/skeleton/liberpal-skeleton.c
@@ -29,6 +29,34 @@
 static struct sgx_secs secs;
 static bool initialized = false;
+static char *sgx_dev_path;
+static bool is_oot_driver;
+static bool is_sgx_device(const char *dev)
+{
+	struct stat st;
+	int rc;
+	rc = stat(dev, &st);
+	if (!rc) {
+		if ((st.st_mode & S_IFCHR) && (major(st.st_dev) == 10))
+			return true;
+	}
+	return false;
+}
+static void detect_driver_type(void)
+{
+	if (is_sgx_device("/dev/isgx")) {
+		sgx_dev_path = "/dev/isgx";
+		is_oot_driver = true;
+		return;
+	}
+	sgx_dev_path = "/dev/sgx/enclave";
+	is_oot_driver = false;
+}
 static bool encl_create(int dev_fd, unsigned long bin_size,
 			struct sgx_secs *secs)
@@ -73,10 +101,11 @@ static bool encl_create(int dev_fd, unsigned long bin_size,
 	return true;
 }
-static bool encl_add_pages(int dev_fd, uint64_t addr, void *data,
-			   unsigned long length, uint64_t flags)
+static bool encl_add_pages_with_mrmask(int dev_fd, uint64_t addr, void *data,
+				       unsigned long length, uint64_t flags)
 {
-	struct sgx_enclave_add_page ioc;
+	struct sgx_enclave_add_pages_with_mrmask ioc;
 	struct sgx_secinfo secinfo;
 	int rc;
@@ -90,7 +119,7 @@ static bool encl_add_pages(int dev_fd, uint64_t addr, void *data,
 	uint64_t added_size = 0;
 	while (added_size < length) {
-		rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_ADD_PAGE, &ioc);
+		rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_ADD_PAGES_WITH_MRMASK, &ioc);
 		if (rc) {
 			fprintf(stderr, "EADD failed rc=%d.\n", rc);
 			return false;
@@ -104,34 +133,78 @@ static bool encl_add_pages(int dev_fd, uint64_t addr, void *data,
 	return true;
 }
+static bool encl_add_pages(int dev_fd, uint64_t addr, void *data,
+			   unsigned long length, uint64_t flags)
+{
+	struct sgx_enclave_add_pages ioc;
+	struct sgx_secinfo secinfo;
+	int rc;
+	memset(&secinfo, 0, sizeof(secinfo));
+	secinfo.flags = flags;
+	ioc.src = (uint64_t)data;
+	ioc.offset = addr;
+	ioc.length = length;
+	ioc.secinfo = (unsigned long)&secinfo;
+	ioc.flags = SGX_PAGE_MEASURE;
+	rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc);
+	if (rc) {
+		fprintf(stderr, "EADD failed rc=%d.\n", rc);
+		return false;
+	}
+	if (ioc.count != length) {
+		fprintf(stderr, "EADD short of data.\n");
+		return false;
+	}
+	return true;
+}
 static bool encl_build(struct sgx_secs *secs, void *bin, unsigned long bin_size, 
 		       struct sgx_sigstruct *sigstruct,
 		       struct sgx_einittoken *token)
 {
-	struct sgx_enclave_init ioc;
 	int dev_fd;
 	int rc;
-	dev_fd = open("/dev/isgx", O_RDWR);
+	dev_fd = open(sgx_dev_path, O_RDWR);
 	if (dev_fd < 0) {
-		fprintf(stderr, "Unable to open /dev/sgx\n");
+		fprintf(stderr, "Unable to open %s\n", sgx_dev_path);
 		return false;
 	}
 	if (!encl_create(dev_fd, bin_size, secs))
 		goto out_dev_fd;
-	if (!encl_add_pages(dev_fd, secs->base + 0, bin, PAGE_SIZE, SGX_SECINFO_TCS))
+	if (is_oot_driver) {
-		goto out_map;
+		if (!encl_add_pages_with_mrmask(dev_fd, secs->base + 0, bin, PAGE_SIZE, SGX_SECINFO_TCS))
+			goto out_map;
-	if (!encl_add_pages(dev_fd, secs->base + PAGE_SIZE, bin + PAGE_SIZE,
-			    bin_size - PAGE_SIZE, SGX_REG_PAGE_FLAGS))
+		if (!encl_add_pages_with_mrmask(dev_fd, secs->base + PAGE_SIZE, bin + PAGE_SIZE,
-		goto out_map;
+						bin_size - PAGE_SIZE, SGX_REG_PAGE_FLAGS))
+			goto out_map;
+		struct sgx_enclave_init_with_token ioc;
+		ioc.addr = secs->base;
+		ioc.sigstruct = (uint64_t)sigstruct;
+		ioc.einittoken = (uint64_t)token;
+		rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_INIT_WITH_TOKEN, &ioc);
+	} else {
+		if (!encl_add_pages(dev_fd, 0, bin, PAGE_SIZE, SGX_SECINFO_TCS))
+			goto out_map;
+		if (!encl_add_pages(dev_fd, PAGE_SIZE, bin + PAGE_SIZE,
+				    bin_size - PAGE_SIZE, SGX_REG_PAGE_FLAGS))
+			goto out_map;
+		struct sgx_enclave_init ioc;
+		ioc.sigstruct = (uint64_t)sigstruct;
+		rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_INIT, &ioc);
+	}
-	ioc.addr = secs->base;
-	ioc.sigstruct = (uint64_t)sigstruct;
-	ioc.einittoken = (uint64_t)token;
-	rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_INIT, &ioc);
 	if (rc) {
 		printf("EINIT failed rc=%d\n", rc);
 		goto out_map;
@@ -247,6 +320,8 @@ int pal_init(const char *args, const char *log_level)
 	off_t bin_size;
 	void *bin;
+	detect_driver_type();
 	if (!encl_data_map(IMAGE, &bin, &bin_size))
 		return -ENOENT;

--- a/rune/libenclave/internal/runtime/pal/skeleton/sgx.h
+++ b/rune/libenclave/internal/runtime/pal/skeleton/sgx.h
@@ -23,12 +23,14 @@ enum sgx_page_flags {
 	_IOW(SGX_MAGIC, 0x00, struct sgx_enclave_create)
 #define SGX_IOC_ENCLAVE_ADD_PAGES \
 	_IOWR(SGX_MAGIC, 0x01, struct sgx_enclave_add_pages)
+#define SGX_IOC_ENCLAVE_ADD_PAGES_WITH_MRMASK \
+	_IOW(SGX_MAGIC, 0x01, struct sgx_enclave_add_pages_with_mrmask)
 #define SGX_IOC_ENCLAVE_INIT \
 	_IOW(SGX_MAGIC, 0x02, struct sgx_enclave_init)
+#define SGX_IOC_ENCLAVE_INIT_WITH_TOKEN \
+	_IOW(SGX_MAGIC, 0x02, struct sgx_enclave_init_with_token)
 #define SGX_IOC_ENCLAVE_SET_ATTRIBUTE \
 	_IOW(SGX_MAGIC, 0x03, struct sgx_enclave_set_attribute)
-#define SGX_IOC_ENCLAVE_ADD_PAGE \
-    _IOW(SGX_MAGIC, 0x01, struct sgx_enclave_add_page)
 /**
 * struct sgx_enclave_create - parameter structure for the
@@ -58,11 +60,19 @@ struct sgx_enclave_add_pages {
 	__u64	count;
 };
-struct sgx_enclave_add_page {
+/**
-    __u64   addr;
+ * struct sgx_enclave_add_page - parameter structure for the
-    __u64   src;
+ *                               %SGX_IOC_ENCLAVE_ADD_PAGE_WITH_MRMASK ioctl
-    __u64   secinfo;
+ * @addr:       address in the ELRANGE
-    __u16   mrmask;
+ * @src:        address for the page data
+ * @secinfo:    address for the SECINFO data
+ * @mrmask:     bitmask for the 256 byte chunks that are to be measured
+ */
+struct sgx_enclave_add_pages_with_mrmask {
+	__u64	addr;
+	__u64	src;
+	__u64	secinfo;
+	__u16	mrmask;
 } __attribute__((__packed__));
 /**
@@ -71,9 +81,20 @@ struct sgx_enclave_add_page {
 * @sigstruct:	address for the SIGSTRUCT data
 */
 struct sgx_enclave_init {
-    __u64   addr;
+	__u64	sigstruct;
-    __u64   sigstruct;
+};
-    __u64   einittoken;
+/**
+ * struct sgx_enclave_init - parameter structure for the
+ *                           %SGX_IOC_ENCLAVE_INIT_WITH_TOKEN ioctl
+ * @addr:       address in the ELRANGE
+ * @sigstruct:  address for the page data
+ * @einittoken: EINITTOKEN
+ */
+struct sgx_enclave_init_with_token {
+	__u64	addr;
+	__u64	sigstruct;
+	__u64	einittoken;
 } __attribute__((__packed__));
 /**
@@ -82,7 +103,7 @@ struct sgx_enclave_init {
 * @attribute_fd:	file handle of the attribute file in the securityfs
 */
 struct sgx_enclave_set_attribute {
-	__u64 attribute_fd;
+	__u64	attribute_fd;
 };
 /**