| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Aug 2019 23:46:53 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: "Xing, Cedric" <cedric.xing@...el.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
linux-sgx@...r.kernel.org, akpm@...ux-foundation.org,
dave.hansen@...el.com, sean.j.christopherson@...el.com,
nhorman@...hat.com, npmccallum@...hat.com, serge.ayoun@...el.com,
shay.katz-zamir@...el.com, haitao.huang@...el.com,
andriy.shevchenko@...ux.intel.com, tglx@...utronix.de,
kai.svahn@...el.com, bp@...en8.de, josh@...htriplett.org,
luto@...nel.org, kai.huang@...el.com, rientjes@...gle.com
Subject: Re: [PATCH v21 24/28] selftests/x86: Add a selftest for SGX
On Wed, Jul 17, 2019 at 03:37:03PM -0700, Xing, Cedric wrote:
> On 7/13/2019 10:08 AM, Jarkko Sakkinen wrote:
> > Add a selftest for SGX. It is a trivial test where a simple enclave
> > copies one 64-bit word of memory between two memory locations given to
> > the enclave as arguments.
> >
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> > ---
> > tools/testing/selftests/x86/Makefile | 10 +
> > tools/testing/selftests/x86/sgx/Makefile | 48 ++
> > tools/testing/selftests/x86/sgx/defines.h | 39 ++
> > tools/testing/selftests/x86/sgx/encl.c | 20 +
> > tools/testing/selftests/x86/sgx/encl.lds | 33 ++
> > .../selftests/x86/sgx/encl_bootstrap.S | 94 ++++
> > tools/testing/selftests/x86/sgx/encl_piggy.S | 18 +
> > tools/testing/selftests/x86/sgx/encl_piggy.h | 14 +
> > tools/testing/selftests/x86/sgx/main.c | 301 +++++++++++
> > tools/testing/selftests/x86/sgx/sgx_call.S | 49 ++
> > tools/testing/selftests/x86/sgx/sgxsign.c | 508 ++++++++++++++++++
> > .../testing/selftests/x86/sgx/signing_key.pem | 39 ++
> > 12 files changed, 1173 insertions(+)
> > create mode 100644 tools/testing/selftests/x86/sgx/Makefile
> > create mode 100644 tools/testing/selftests/x86/sgx/defines.h
> > create mode 100644 tools/testing/selftests/x86/sgx/encl.c
> > create mode 100644 tools/testing/selftests/x86/sgx/encl.lds
> > create mode 100644 tools/testing/selftests/x86/sgx/encl_bootstrap.S
> > create mode 100644 tools/testing/selftests/x86/sgx/encl_piggy.S
> > create mode 100644 tools/testing/selftests/x86/sgx/encl_piggy.h
> > create mode 100644 tools/testing/selftests/x86/sgx/main.c
> > create mode 100644 tools/testing/selftests/x86/sgx/sgx_call.S
> > create mode 100644 tools/testing/selftests/x86/sgx/sgxsign.c
> > create mode 100644 tools/testing/selftests/x86/sgx/signing_key.pem
> >
> > diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
> > index fa07d526fe39..a1831406fd01 100644
> > --- a/tools/testing/selftests/x86/Makefile
> > +++ b/tools/testing/selftests/x86/Makefile
> > @@ -1,4 +1,7 @@
> > # SPDX-License-Identifier: GPL-2.0
> > +
> > +SUBDIRS_64 := sgx
> > +
> > all:
> > include ../lib.mk
> > @@ -68,6 +71,13 @@ all_32: $(BINARIES_32)
> > all_64: $(BINARIES_64)
> > +all_64: $(SUBDIRS_64)
>
> $(SUBDIRS_64) aren't targets. No need for all_64 to depend on them.
>
> > + @for DIR in $(SUBDIRS_64); do \
> > + BUILD_TARGET=$(OUTPUT)/$$DIR; \
> > + mkdir $$BUILD_TARGET -p; \
> > + make OUTPUT=$$BUILD_TARGET -C $$DIR $@; \
>
> Please use $(MAKE), otherwise command line options cannot be passed onto
> sub-makes.
>
> > + done
>
> The above only builds but will not run SGX tests.
>
> Also, 'clean' target will not descend into sgx folder either.
>
> > +
> > EXTRA_CLEAN := $(BINARIES_32) $(BINARIES_64)
> > $(BINARIES_32): $(OUTPUT)/%_32: %.c
> > diff --git a/tools/testing/selftests/x86/sgx/Makefile b/tools/testing/selftests/x86/sgx/Makefile
> > new file mode 100644
> > index 000000000000..10136b73096b
> > --- /dev/null
> > +++ b/tools/testing/selftests/x86/sgx/Makefile
> > @@ -0,0 +1,48 @@
> > +top_srcdir = ../../../../..
> > +
> > +include ../../lib.mk
> > +
> > +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack
> > +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
> > + -fno-stack-protector -mrdrnd $(INCLUDES)
> > +
> > +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx
> > +all_64: $(TEST_CUSTOM_PROGS)
> > +
> > +$(TEST_CUSTOM_PROGS): $(OUTPUT)/main.o $(OUTPUT)/sgx_call.o \
> > + $(OUTPUT)/encl_piggy.o
> > + $(CC) $(HOST_CFLAGS) -o $@ $^
> > +
> > +$(OUTPUT)/main.o: main.c
> > + $(CC) $(HOST_CFLAGS) -c $< -o $@
>
> .o files don't have to be generated/kept. And to be consistent with other
> selftests, please don't generate/keep them.
>
> > +
> > +$(OUTPUT)/sgx_call.o: sgx_call.S
> > + $(CC) $(HOST_CFLAGS) -c $< -o $@
> > +
> > +$(OUTPUT)/encl_piggy.o: $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
> > + $(CC) $(HOST_CFLAGS) -c encl_piggy.S -o $@
>
> Without -I, the above command breaks when "O=<target dir>" is specified.
>
> > +
> > +$(OUTPUT)/encl.bin: $(OUTPUT)/encl.elf $(OUTPUT)/sgxsign
> > + objcopy --remove-section=.got.plt -O binary $< $@
>
> .got.plt section will never be present for statically linked binaries.
>
> > +
> > +$(OUTPUT)/encl.elf: $(OUTPUT)/encl.o $(OUTPUT)/encl_bootstrap.o
> > + $(CC) $(ENCL_CFLAGS) -T encl.lds -o $@ $^
>
> Please fix the warning of ".note.gnu.build-id section discarded".
>
> > +
> > +$(OUTPUT)/encl.o: encl.c
> > + $(CC) $(ENCL_CFLAGS) -c $< -o $@
> > +
> > +$(OUTPUT)/encl_bootstrap.o: encl_bootstrap.S
> > + $(CC) $(ENCL_CFLAGS) -c $< -o $@
> > +
> > +$(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin $(OUTPUT)/sgxsign
> > + $(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
> > +
> > +$(OUTPUT)/sgxsign: sgxsign.c
> > + $(CC) -o $@ $< -lcrypto
> > +
> > +EXTRA_CLEAN := $(OUTPUT)/sgx-selftest $(OUTPUT)/sgx-selftest.o \
> > + $(OUTPUT)/sgx_call.o $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss \
> > + $(OUTPUT)/encl.elf $(OUTPUT)/encl.o $(OUTPUT)/encl_bootstrap.o \
> > + $(OUTPUT)/sgxsign
> > +
>
> encl_piggy.o, main.o and test_sgx are not cleaned.
>
> > +.PHONY: clean
Thanks. Probably have to construct a patch set for selftest fixes
with one patch for each issue.
/Jarkko
Powered by blists - more mailing lists