Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mnelson modernize 03 #107

Merged
merged 13 commits into from
Nov 4, 2023
Merged

Mnelson modernize 03 #107

merged 13 commits into from
Nov 4, 2023

Conversation

marknelsonengineer
Copy link
Contributor

Issue #104 (Linux only).

New Features:

  • Modularize the source code, separating CPUID from RDMSR code bases.
  • Implement RDMSR code that reports SGX information from the BIOS/UEFI.
  • Use Linux's Capabilities API to determine if we are running as root. If we are, read from the BIOS.

Bugfixes:

  • Remove a debugging option that kept sgx-test running longer than it should.

Current output:

Start test-sgx
CPUID is available
The CPU is Genuine Intel
CPUID is capable of examining SGX capabilities
CPU: Intel(R) Xeon(R) E-2288G CPU @ 3.70GHz
  Stepping 13        Model 14           Family 6
  Processor type 0   Extended model 9   Extended family 0
Safer Mode Extensions (SMX): 0
Extended feature bits (EAX=7, ECX=0): eax: 00000000  ebx: 009c6fbd  ecx: 40000000  edx: 20000400
Supports SGX
SGX Launch Configuration (SGX_LC): 1
SGX Attestation Services (SGX_KEYS): 0
SGX1 leaf instructions (SGX1): 1
SGX2 leaf instructions (SGX2): 0
EINCVIRTCHILD, EDECVIRTCHILD, and ESETCONTEXT (OVERSUB-VMX): 0
ETRACKC, ERDINFO, ELDBC, and ELDUC (OVERSUB-Supervisor): 0
EVERIFYREPORT2: 0
Allow attestation w/ updated microcode (EUPDATESVN): 0
Allow enclave thread to decrement TCS.CSSA (EDECCSSA): 1
Supported Extended features for MISC region of SSA (MISCSELECT) 0x00000000
The maximum supported enclave size in non-64-bit mode is 2^31
The maximum supported enclave size in     64-bit mode is 2^36
Raw ECREATE SECS.ATTRIBUTES[63:0]: 00000000 00000436
    ECREATE SECS.ATTRIBUTES[DEBUG] (Debugger can read/write enclave data w/ EDBGRD/EDBGWR): 1
    ECREATE SECS.ATTRIBUTES[MODE64BIT] (Enclave can run as 64-bit): 1
    ECREATE SECS.ATTRIBUTES[PROVISIONKEY] (Provisioning key available from EGETKEY): 1
    ECREATE SECS.ATTRIBUTES[EINITTOKEN_KEY] (EINIT token key available from EGETKEY): 1
    ECREATE SECS.ATTRIBUTES[CET] (Enable Control-flow Enforcement Technology in enclave): 0
    ECREATE SECS.ATTRIBUTES[KSS] (Key Separation and Sharing Enabled): 0
    ECREATE SECS.ATTRIBUTES[AEXNOTIFY] (Threads may receive AEX notifications): 1
Raw ECREATE SECS.ATTRIBUTES[127:64] (XFRM: Copy of XCR0): 00000000 0000001f
EPC[0]: Protection: ci  Base phys addr: 00000001c0000000  size: 0000000001c00000
Raw IA32_FEATURE_CONTROL: 0000000000060001
    IA32_FEATURE_CONTROL.LOCK_BIT[bit 0]: 1
    IA32_FEATURE_CONTROL.SGX_LAUNCH_CONTROL[bit 17] (Is the SGX LE PubKey writable?): 1
    IA32_FEATURE_CONTROL.SGX_GLOBAL_ENABLE[bit 18]: 1
The SGX Launch Enclave Public Key Hash can be changed
IA32_SGXLEPUBKEYHASH: a6053e051270b7ac 6cfbe8ba8b3b413d c4916d99f2b3735d d4f8c05909f9bb3b
Raw IA32_SGX_SVN_STATUS: 0000000000000000
MSR_SGXOWNEREPOCH not readable
End test-sgx

@ayeks ayeks merged commit 1c0beeb into ayeks:master Nov 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ayeks ayeks ayeks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marknelsonengineer @ayeks