Re: [PATCH v28 14/22] selftests/x86: Add a selftest for SGX

From: Jarkko Sakkinen
Date: Fri Mar 06 2020 - 14:04:34 EST

Next message: Dmitry Torokhov: "Re: [PATCHv2 4/3] Input: omap4-keypad - scan the keys in two phases to detect lost key-up"
Previous message: Nick Desaulniers: "Re: [PATCH] sched/cputime: silence a -Wunused-function warning"
In reply to: Dr. Greg: "Re: [PATCH v28 14/22] selftests/x86: Add a selftest for SGX"
Next in thread: Jarkko Sakkinen: "[PATCH v28 16/22] x86/sgx: Add a page reclaimer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 05, 2020 at 11:32:10PM -0600, Dr. Greg wrote:
> On Wed, Mar 04, 2020 at 01:36:01AM +0200, Jarkko Sakkinen wrote:
>
> Good evening, I hope the end of the week is going well for everyone.
>
> > Add a selftest for SGX. It is a trivial test where a simple enclave
> > copies one 64-bit word of memory between two memory locations given
> > to the enclave as arguments. Use ENCLS[EENTER] to invoke the
> > enclave.
>
> Just as a clarification, are you testing the new driver against signed
> production class enclaves in .so format that also include metadata
> layout directives or is the driver just getting tested against the two
> page toy enclave that copies a word of memory from one memory location
> to another?

That is the kind of role kselftests to smoke stuff. Obviously it will
be refined over time but to do a "hello world" from scratch as an
enclave was already quite a big effort.

> Our PSW/runtime is currently failing to initialize production class
> enclaves secondary to a return value of -4 from the ENCLU[EINIT]
> instruction, which means the measurement of the loaded enclave has
> failed to match the value in the signature structure.
>
> The same enclave loads fine with the out of kernel driver. Our
> diagnostics tell us we are feeding identical page streams and
> permissions to the page add ioctl's of both drivers. The identity
> modulus signature of the signing key for the enclave is being written
> to the launch control registers.
>
> We see the same behavior from both our unit test enclaves and the
> Quoting Enclave from the Intel SGX runtime.
>
> When we ported our runtime loader to the new driver ABI we kept things
> simple and add only a single page at a time in order to replicate the
> behavior of the old driver.
>
> Secondly, we were wondering what distribution you are building the
> self-tests with? Initial indications are that the selftest signing
> utility doesn't build properly with OpenSSL 1.1.1.

I don't use a distribution. I just build user space with BuildRoot
when I test a kernel.

Do you have a build log available to look at?

/Jarkko

Next message: Dmitry Torokhov: "Re: [PATCHv2 4/3] Input: omap4-keypad - scan the keys in two phases to detect lost key-up"
Previous message: Nick Desaulniers: "Re: [PATCH] sched/cputime: silence a -Wunused-function warning"
In reply to: Dr. Greg: "Re: [PATCH v28 14/22] selftests/x86: Add a selftest for SGX"
Next in thread: Jarkko Sakkinen: "[PATCH v28 16/22] x86/sgx: Add a page reclaimer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]