Re: [PATCH v8 4/8] intel_sgx: driver for Intel Software Guard Extensions
Jarkko, Suresh, On Fri, Dec 15, 2017 at 9:27 PM, Jarkko Sakkinen wrote: > Intel SGX is a set of CPU instructions that can be used by applications > to set aside private regions of code and data. The code outside the > enclave is disallowed to access the memory inside the enclave by the CPU > access control. [...] > Signed-off-by: Jarkko Sakkinen > Tested-by: Serge Ayoun [...] > --- /dev/null > +++ b/arch/x86/include/asm/sgx.h > @@ -0,0 +1,233 @@ > +/* > + * This file is provided under a dual BSD/GPLv2 license. When using or > + * redistributing this file, you may do so under either license. > + * > + * GPL LICENSE SUMMARY > + * > + * Copyright(c) 2016-2017 Intel Corporation. > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of version 2 of the GNU General Public License as > + * published by the Free Software Foundation. > + * > + * This program is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * General Public License for more details. > + * > + * Contact Information: > + * Jarkko Sakkinen > + * Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo > + * > + * BSD LICENSE > + * > + * Copyright(c) 2016-2017 Intel Corporation. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * > + * * Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * * Redistributions in binary form must reproduce the above copyright > + * notice, this list of conditions and the following disclaimer in > + * the documentation and/or other materials provided with the > + * distribution. > + * * Neither the name of Intel Corporation nor the names of its > + * contributors may be used to endorse or promote products derived > + * from this software without specific prior written permission. > + * > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > + * > + * Authors: > + * > + * Jarkko Sakkinen > + * Suresh Siddha > + */ Would you be kind enough to use the SPDX tags instead of this fine but super long (40+ lines) legalese? This is the new way as documented in Thomas [1] patches and already adopted by other Intel contributors. Thank you for your kind consideration! [1] https://lkml.org/lkml/2017/12/4/934 CC: Vinod Koul CC: Jessica Marz -- Cordially Philippe Ombredanne
[PATCH v8 4/8] intel_sgx: driver for Intel Software Guard Extensions
Intel SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. SGX driver provides a ioctl API for loading and initializing enclaves. Address range for enclaves is reserved with mmap() and they are destroyed with munmap(). Enclave construction, measurement and initialization is done with the provided the ioctl API. The driver implements also a swapper thread ksgxswapd for EPC pages backed by a private shmem file. Currently it has a limitation of not swapping VA pages but there is nothing preventing to implement it later on. Now it was scoped out in order to keep the implementation simple. The parameter struct for SGX_IOC_ENCLAVE_INIT does not contain a parameter to supply a launch token. Generating and using tokens is best to be kept in the control of the kernel because it has direct binding to the IA32_SGXPUBKEYHASHx MSRs (a core must have MSRs set to the same value as the signer of token). By giving user space any role in the launch process is a risk for introducing bottlenecks as kernel must exhibit behavior that user space launch daemon depends on, properietary risks (closed launch daemons on closed platforms) and stability risks as there would be division of semantics between user space and kernel. Signed-off-by: Jarkko Sakkinen Tested-by: Serge Ayoun --- arch/x86/include/asm/sgx.h | 233 ++ arch/x86/include/asm/sgx_arch.h | 270 +++ arch/x86/include/uapi/asm/sgx.h | 138 drivers/platform/x86/Kconfig| 2 + drivers/platform/x86/Makefile | 1 + drivers/platform/x86/intel_sgx/Kconfig | 19 + drivers/platform/x86/intel_sgx/Makefile | 13 + drivers/platform/x86/intel_sgx/sgx.h| 259 +++ drivers/platform/x86/intel_sgx/sgx_encl.c | 974 drivers/platform/x86/intel_sgx/sgx_ioctl.c | 281 +++ drivers/platform/x86/intel_sgx/sgx_main.c | 413 ++ drivers/platform/x86/intel_sgx/sgx_page_cache.c | 642 drivers/platform/x86/intel_sgx/sgx_util.c | 347 + drivers/platform/x86/intel_sgx/sgx_vma.c| 117 +++ 14 files changed, 3709 insertions(+) create mode 100644 arch/x86/include/asm/sgx.h create mode 100644 arch/x86/include/asm/sgx_arch.h create mode 100644 arch/x86/include/uapi/asm/sgx.h create mode 100644 drivers/platform/x86/intel_sgx/Kconfig create mode 100644 drivers/platform/x86/intel_sgx/Makefile create mode 100644 drivers/platform/x86/intel_sgx/sgx.h create mode 100644 drivers/platform/x86/intel_sgx/sgx_encl.c create mode 100644 drivers/platform/x86/intel_sgx/sgx_ioctl.c create mode 100644 drivers/platform/x86/intel_sgx/sgx_main.c create mode 100644 drivers/platform/x86/intel_sgx/sgx_page_cache.c create mode 100644 drivers/platform/x86/intel_sgx/sgx_util.c create mode 100644 drivers/platform/x86/intel_sgx/sgx_vma.c diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h new file mode 100644 index ..2c2575100d0d --- /dev/null +++ b/arch/x86/include/asm/sgx.h @@ -0,0 +1,233 @@ +/* + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. + * + * GPL LICENSE SUMMARY + * + * Copyright(c) 2016-2017 Intel Corporation. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * Contact Information: + * Jarkko Sakkinen + * Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo + * + * BSD LICENSE + * + * Copyright(c) 2016-2017 Intel Corporation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTI