lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 5 Mar 2020 23:32:10 -0600
From:   "Dr. Greg" <greg@...ellic.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc:     linux-kernel@...r.kernel.org, x86@...nel.org,
        linux-sgx@...r.kernel.org, akpm@...ux-foundation.org,
        dave.hansen@...el.com, sean.j.christopherson@...el.com,
        nhorman@...hat.com, npmccallum@...hat.com, haitao.huang@...el.com,
        andriy.shevchenko@...ux.intel.com, tglx@...utronix.de,
        kai.svahn@...el.com, bp@...en8.de, josh@...htriplett.org,
        luto@...nel.org, kai.huang@...el.com, rientjes@...gle.com,
        cedric.xing@...el.com, puiterwijk@...hat.com,
        linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v28 14/22] selftests/x86: Add a selftest for SGX

On Wed, Mar 04, 2020 at 01:36:01AM +0200, Jarkko Sakkinen wrote:

Good evening, I hope the end of the week is going well for everyone.

> Add a selftest for SGX. It is a trivial test where a simple enclave
> copies one 64-bit word of memory between two memory locations given
> to the enclave as arguments. Use ENCLS[EENTER] to invoke the
> enclave.

Just as a clarification, are you testing the new driver against signed
production class enclaves in .so format that also include metadata
layout directives or is the driver just getting tested against the two
page toy enclave that copies a word of memory from one memory location
to another?

Our PSW/runtime is currently failing to initialize production class
enclaves secondary to a return value of -4 from the ENCLU[EINIT]
instruction, which means the measurement of the loaded enclave has
failed to match the value in the signature structure.

The same enclave loads fine with the out of kernel driver.  Our
diagnostics tell us we are feeding identical page streams and
permissions to the page add ioctl's of both drivers.  The identity
modulus signature of the signing key for the enclave is being written
to the launch control registers.

We see the same behavior from both our unit test enclaves and the
Quoting Enclave from the Intel SGX runtime.

When we ported our runtime loader to the new driver ABI we kept things
simple and add only a single page at a time in order to replicate the
behavior of the old driver.

Secondly, we were wondering what distribution you are building the
self-tests with?  Initial indications are that the selftest signing
utility doesn't build properly with OpenSSL 1.1.1.

Have a good day.

Dr. Greg

As always,
Dr. Greg Wettstein, Ph.D, Worker
IDfusion, LLC               SGX secured infrastructure and
4206 N. 19th Ave.           autonomously self-defensive platforms.
Fargo, ND  58102
PH: 701-281-1686            EMAIL: greg@...usion.net
------------------------------------------------------------------------------
"Don't worry about people stealing your ideas.  If your ideas are any
 good, you'll have to ram them down people's throats."
                                -- Howard Aiken

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ