This is an automated email from the ASF dual-hosted git repository. rduan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
commit 4888ed855078bbe95df3dbda9c42841848e9143f Author: volcano <[email protected]> AuthorDate: Sat Jun 18 21:30:46 2022 +0800 Support Intel SGX SDK 2.17 and DCAP 1.14 --- .gitignore | 5 +- buildenv.mk | 2 + common/inc/mbusafecrt.h | 2 + common/inc/string.h | 4 ++ dockerfile/02_binutils.sh | 2 +- dockerfile/03_sdk.sh | 4 +- dockerfile/Dockerfile.1804.nightly | 6 +- dockerfile/Dockerfile.2004.nightly | 6 +- dockerfile/Dockerfile.centos8.nightly | 4 +- sgx_trts/src/enclave.rs | 9 ++- sgx_types/src/function.rs | 19 +++++ sgx_types/src/types.rs | 126 +++++++++++++++++++++++++++++++++- 12 files changed, 173 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 32335406..64b8cb63 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,9 @@ Cargo.lock #object file *.o +#app +app + #library *.a @@ -33,6 +36,7 @@ bazel-testlogs #libunwind sgx_unwind/libunwind/INSTALL +sgx_unwind/libunwind/m4/* sgx_unwind/libunwind/config/* sgx_unwind/libunwind/include/config.h.* sgx_unwind/libunwind/Makefile.in @@ -40,4 +44,3 @@ sgx_unwind/libunwind/aclocal.m4 sgx_unwind/libunwind/autom4te.cache/* sgx_unwind/libunwind/configure sgx_unwind/libunwind/src/Makefile.in -sgx_unwind/libunwind/m4/* diff --git a/buildenv.mk b/buildenv.mk index c8349889..146649cf 100644 --- a/buildenv.mk +++ b/buildenv.mk @@ -72,6 +72,8 @@ else COMMON_FLAGS += -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG endif +COMMON_FLAGS += -ffunction-sections -fdata-sections + # turn on compiler warnings as much as possible COMMON_FLAGS += -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type \ -Waddress -Wsequence-point -Wformat-security \ diff --git a/common/inc/mbusafecrt.h b/common/inc/mbusafecrt.h index 3bdfe7ae..91d888b3 100644 --- a/common/inc/mbusafecrt.h +++ b/common/inc/mbusafecrt.h @@ -74,7 +74,9 @@ extern int _vswprintf_s( WCHAR* string, size_t sizeInWords, const WCHAR* format, extern int _vsnwprintf_s( WCHAR* string, size_t sizeInWords, size_t count, const WCHAR* format, va_list arglist ); extern errno_t memcpy_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); +extern errno_t memcpy_verw_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); extern errno_t memmove_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); +extern errno_t memmove_verw_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); #ifdef __cplusplus } diff --git a/common/inc/string.h b/common/inc/string.h index 0cc7206e..1140fcc5 100644 --- a/common/inc/string.h +++ b/common/inc/string.h @@ -61,8 +61,11 @@ __BEGIN_DECLS void * _TLIBC_CDECL_ memchr(const void *, int, size_t); int _TLIBC_CDECL_ memcmp(const void *, const void *, size_t); void * _TLIBC_CDECL_ memcpy(void *, const void *, size_t); +void * _TLIBC_CDECL_ memcpy_verw(void *, const void *, size_t); void * _TLIBC_CDECL_ memmove(void *, const void *, size_t); +void * _TLIBC_CDECL_ memmove_verw(void *, const void *, size_t); void * _TLIBC_CDECL_ memset(void *, int, size_t); +void * _TLIBC_CDECL_ memset_verw(void *, int, size_t); char * _TLIBC_CDECL_ strchr(const char *, int); int _TLIBC_CDECL_ strcmp(const char *, const char *); int _TLIBC_CDECL_ strcoll(const char *, const char *); @@ -80,6 +83,7 @@ char * _TLIBC_CDECL_ strtok(char *, const char *); size_t _TLIBC_CDECL_ strxfrm(char *, const char *, size_t); size_t _TLIBC_CDECL_ strlcpy(char *, const char *, size_t); errno_t _TLIBC_CDECL_ memset_s(void *s, size_t smax, int c, size_t n); +errno_t _TLIBC_CDECL_ memset_verw_s(void *s, size_t smax, int c, size_t n); /* * Deprecated C99. diff --git a/dockerfile/02_binutils.sh b/dockerfile/02_binutils.sh index eb4ed9c9..bf52603c 100644 --- a/dockerfile/02_binutils.sh +++ b/dockerfile/02_binutils.sh @@ -1,7 +1,7 @@ if [ $BINUTILS_DIST != "SELF_BUILT" ] then cd /root && \ - wget https://download.01.org/intel-sgx/sgx-linux/2.16/as.ld.objdump.r4.tar.gz && \ + wget https://download.01.org/intel-sgx/sgx-linux/2.17/as.ld.objdump.r4.tar.gz && \ tar xzf as.ld.objdump.r4.tar.gz && \ cp -r external/toolset/$BINUTILS_DIST/* /usr/bin/ && \ rm -rf ./external ./as.ld.objdump.r4.tar.gz diff --git a/dockerfile/03_sdk.sh b/dockerfile/03_sdk.sh index bc4e5a28..f5ff31d8 100644 --- a/dockerfile/03_sdk.sh +++ b/dockerfile/03_sdk.sh @@ -10,10 +10,10 @@ else cd /root && \ git clone --recursive https://github.com/intel/linux-sgx && \ cd linux-sgx && \ - git checkout sgx_2.16 && \ + git checkout sgx_2.17 && \ ./download_prebuilt.sh && \ make -j "$(nproc)" sdk_install_pkg && \ - echo -e 'no\n/opt' | ./linux/installer/bin/sgx_linux_x64_sdk_2.16.100.4.bin && \ + echo -e 'no\n/opt' | ./linux/installer/bin/sgx_linux_x64_sdk_2.17.100.3.bin && \ echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \ cd /root && \ rm -rf /root/linux-sgx diff --git a/dockerfile/Dockerfile.1804.nightly b/dockerfile/Dockerfile.1804.nightly index 7618c980..7b7d5f65 100644 --- a/dockerfile/Dockerfile.1804.nightly +++ b/dockerfile/Dockerfile.1804.nightly @@ -15,7 +15,7 @@ ADD 02_binutils.sh /root RUN bash /root/02_binutils.sh ENV SDK_DIST="INTEL_BUILT" -ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.16.100.4.bin"; +ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.17.100.3.bin"; #ENV SDK_DIST="SELF_BUILT" ADD 03_sdk.sh /root RUN bash /root/03_sdk.sh @@ -23,8 +23,8 @@ RUN bash /root/03_sdk.sh # Sixth, PSW ENV CODENAME bionic -ENV VERSION 2.16.100.4-bionic1 -ENV DCAP_VERSION 1.13.100.4-bionic1 +ENV VERSION 2.17.100.3-bionic1 +ENV DCAP_VERSION 1.14.100.3-bionic1 ADD 04_psw.sh /root RUN bash /root/04_psw.sh diff --git a/dockerfile/Dockerfile.2004.nightly b/dockerfile/Dockerfile.2004.nightly index 62036705..a0b37c7d 100644 --- a/dockerfile/Dockerfile.2004.nightly +++ b/dockerfile/Dockerfile.2004.nightly @@ -19,15 +19,15 @@ RUN bash /root/02_binutils.sh #ENV SDK_DIST="SELF_BUILT" ENV SDK_DIST="INTEL_BUILT" -ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.16.100.4.bin"; +ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.17.100.3.bin"; ADD 03_sdk.sh /root RUN bash /root/03_sdk.sh # Sixth, PSW ENV CODENAME focal -ENV VERSION 2.16.100.4-focal1 -ENV DCAP_VERSION 1.13.100.4-focal1 +ENV VERSION 2.17.100.3-focal1 +ENV DCAP_VERSION 1.14.100.3-focal1 ADD 04_psw.sh /root RUN bash /root/04_psw.sh diff --git a/dockerfile/Dockerfile.centos8.nightly b/dockerfile/Dockerfile.centos8.nightly index 939f9484..8439ac73 100644 --- a/dockerfile/Dockerfile.centos8.nightly +++ b/dockerfile/Dockerfile.centos8.nightly @@ -13,12 +13,12 @@ ADD 02_binutils.sh /root RUN bash /root/02_binutils.sh ENV SDK_DIST="INTEL_BUILT" -ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/centos-stream/sgx_linux_x64_sdk_2.16.100.4.bin"; +ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/centos-stream/sgx_linux_x64_sdk_2.17.100.3.bin"; #ENV SDK_DIST="SELF_BUILT" ADD 03_sdk.sh /root RUN bash /root/03_sdk.sh -ENV PSW_REPO="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/centos-stream/sgx_rpm_local_repo.tgz"; +ENV PSW_REPO="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/centos-stream/sgx_rpm_local_repo.tgz"; ADD 04_psw_rpm.sh /root RUN bash /root/04_psw_rpm.sh diff --git a/sgx_trts/src/enclave.rs b/sgx_trts/src/enclave.rs index 76f510fe..374fbb18 100644 --- a/sgx_trts/src/enclave.rs +++ b/sgx_trts/src/enclave.rs @@ -52,6 +52,7 @@ pub struct global_data_t { pub rsrv_executable: usize, pub thread_policy: usize, pub tcs_max_num: usize, + pub tcs_num: usize, pub td_template: thread_data_t, pub tcs_template: [u8; TCS_TEMPLATE_SIZE], pub layout_entry_num: u32, @@ -559,7 +560,13 @@ pub fn rsgx_get_global_data() -> *const global_data_t { /// #[inline] pub fn rsgx_get_tcs_max_num() -> u32 { - unsafe { g_global_data.tcs_max_num as u32 } + unsafe { + if EDMM_supported != 0 { + g_global_data.tcs_max_num as u32 + } else { + g_global_data.tcs_num as u32 + } + } } #[allow(clippy::collapsible_if, clippy::nonminimal_bool)] diff --git a/sgx_types/src/function.rs b/sgx_types/src/function.rs index 900e64d4..025c4a04 100644 --- a/sgx_types/src/function.rs +++ b/sgx_types/src/function.rs @@ -1022,6 +1022,16 @@ extern "C" { pub fn sgx_ql_free_quote_verification_collateral( p_quote_collateral: *const sgx_ql_qve_collateral_t, ) -> sgx_quote3_error_t; + /* intel DCAP 1.14 */ + pub fn tdx_ql_get_quote_verification_collateral( + fmspc: *const uint8_t, + fmspc_size: u16, + pck_ra: *const c_char, + pp_quote_collateral: *mut *mut tdx_ql_qve_collateral_t, + ) -> sgx_quote3_error_t; + pub fn tdx_ql_free_quote_verification_collateral( + p_quote_collateral: *const sgx_ql_qve_collateral_t, + ) -> sgx_quote3_error_t; pub fn sgx_ql_get_qve_identity( pp_qve_identity: *mut *mut c_char, p_qve_identity_size: *mut uint32_t, @@ -1069,6 +1079,15 @@ extern "C" { p_tcbinfo_size: *mut uint16_t, ) -> sgx_qcnl_error_t; pub fn sgx_qcnl_free_tcbinfo(p_tcbinfo: *const uint8_t); + /* intel DCAP 1.14 */ + pub fn tdx_qcnl_get_tcbinfo( + fmspc: *const c_char, + fmspc_size: uint16_t, + custom_param_b64_string: *const c_char, + p_tcbinfo: *mut *mut uint8_t, + p_tcbinfo_size: *mut uint16_t, + ) -> sgx_qcnl_error_t; + pub fn tdx_qcnl_free_tcbinfo(p_tcbinfo: *const uint8_t); pub fn sgx_qcnl_get_qe_identity( qe_type: uint8_t, custom_param_b64_string: *const c_char, diff --git a/sgx_types/src/types.rs b/sgx_types/src/types.rs index 2f865fb6..6241136b 100644 --- a/sgx_types/src/types.rs +++ b/sgx_types/src/types.rs @@ -1373,7 +1373,16 @@ pub struct sgx_ql_qve_collateral_t { pub type tdx_ql_qve_collateral_t = sgx_ql_qve_collateral_t; -/* intel DCAP 2.14 */ +impl_enum! { + #[repr(u8)] + #[derive(Copy, Clone, PartialEq, Eq, Debug)] + pub enum sgx_prod_type_t { + SGX_PROD_TYPE_SGX = 0, + SGX_PROD_TYPE_TDX = 1, + } +} + +/* intel DCAP 1.11 */ impl_enum! { #[repr(u32)] #[derive(Copy, Clone, PartialEq, Eq, Debug)] @@ -1450,8 +1459,8 @@ impl_packed_copy_clone! { pub struct sgx_ql_ecdsa_sig_data_t { pub sig: [uint8_t; 64], pub attest_pub_key: [uint8_t; 64], - pub qe3_report: sgx_report_body_t, - pub qe3_report_sig: [uint8_t; 64], + pub qe_report: sgx_report_body_t, + pub qe_report_sig: [uint8_t; 64], pub auth_certification_data: [uint8_t; 0], } } @@ -1493,6 +1502,104 @@ impl_struct_ContiguousMemory! { sgx_quote3_t; } +/* intel DCAP 1.14 */ +// +// sgx_quote_4.h +// +pub const TEE_TCB_SVN_SIZE: usize = 16; + +impl_struct! { + pub struct tee_tcb_svn_t { + pub tcb_svn: [uint8_t; TEE_TCB_SVN_SIZE], + } +} + +pub const TD_INFO_RESERVED_BYTES: usize = 112; +pub const TD_TEE_TCB_INFO_RESERVED_BYTES: usize = 111; + +impl_packed_copy_clone! { + pub struct tee_info_t { + pub attributes: tee_attributes_t, + pub xfam: tee_attributes_t, + pub mr_td: tee_measurement_t, + pub mr_config_id: tee_measurement_t, + pub mr_owner: tee_measurement_t, + pub mr_owner_config: tee_measurement_t, + pub rt_mr: [tee_measurement_t; 4], + pub reserved: [uint8_t; TD_INFO_RESERVED_BYTES], + } + + pub struct tee_tcb_info_t { + pub valid: [uint8_t; 8], + pub tee_tcb_svn: tee_tcb_svn_t, + pub mr_seam: tee_measurement_t, + pub mr_seam_signer: tee_measurement_t, + pub attributes: tee_attributes_t, + pub reserved: [uint8_t; TD_TEE_TCB_INFO_RESERVED_BYTES], + } + + pub struct sgx_qe_report_certification_data_t { + pub qe_report: sgx_report_body_t, + pub qe_report_sig: [uint8_t; 64], + pub auth_certification_data: [uint8_t; 0], + } + + pub struct sgx_ecdsa_sig_data_v4_t { + pub sig: [uint8_t; 64], + pub attest_pub_key: [uint8_t; 64], + pub certification_data: [uint8_t; 0], + } + + pub struct sgx_quote4_t { + pub header: sgx_quote4_header_t, + pub report_body: sgx_report2_body_t, + pub signature_data_len: uint32_t, + pub signature_data: [uint8_t; 0], + } +} + +impl_struct_default! { + tee_info_t; //512 + tee_tcb_info_t; //239 + sgx_qe_report_certification_data_t; //448 + sgx_ecdsa_sig_data_v4_t; //128 + sgx_quote4_t; //636 +} + +impl_struct_ContiguousMemory! { + tee_info_t; + tee_tcb_info_t; + sgx_qe_report_certification_data_t; + sgx_ecdsa_sig_data_v4_t; + sgx_quote4_t; +} + +impl_packed_struct! { + pub struct sgx_quote4_header_t { + pub version: uint16_t, + pub att_key_type: uint16_t, + pub tee_type: uint32_t, + pub reserved: uint32_t, + pub vendor_id: [uint8_t; 16], + pub user_data: [uint8_t; 20], + } + + pub struct sgx_report2_body_t { + pub tee_tcb_svn: tee_tcb_svn_t, + pub mr_seam: tee_measurement_t, + pub mrsigner_seam: tee_measurement_t, + pub seam_attributes: tee_attributes_t, + pub td_attributes: tee_attributes_t, + pub xfam: tee_attributes_t, + pub mr_td: tee_measurement_t, + pub mr_config_id: tee_measurement_t, + pub mr_owner: tee_measurement_t, + pub mr_owner_config: tee_measurement_t, + pub rt_mr: [tee_measurement_t; 4], + pub report_data: tee_report_data_t, + } +} + // // sgx_ql_quote.h // @@ -1594,6 +1701,19 @@ impl_enum! { } } +/* intel DCAP 1.14 */ +// +// sgx_default_qcnl_wrapper.h +// +impl_enum! { + #[repr(u8)] + #[derive(Copy, Clone, PartialEq, Eq, Debug)] + pub enum sgx_qe_type_t { + SGX_QE_TYPE_ECDSA = 0, + SGX_QE_TYPE_TD = 1, + } +} + /* intel sgx sdk 2.7.1 */ // // sgx_secure_align_api.h --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
