From patchwork Mon Oct 16 19:18:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 10009715 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1AD4A60230 for ; Mon, 16 Oct 2017 19:19:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0C090286A2 for ; Mon, 16 Oct 2017 19:19:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 011C8286A8; Mon, 16 Oct 2017 19:19:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9AF10286A2 for ; Mon, 16 Oct 2017 19:19:55 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 396A8202E6179; Mon, 16 Oct 2017 12:16:20 -0700 (PDT) X-Original-To: intel-sgx-kernel-dev@lists.01.org Delivered-To: intel-sgx-kernel-dev@lists.01.org Received-SPF: None (no SPF record) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=jarkko.sakkinen@linux.intel.com; receiver=intel-sgx-kernel-dev@lists.01.org Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6C68121F3882D for ; Mon, 16 Oct 2017 12:16:19 -0700 (PDT) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Oct 2017 12:19:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.43,387,1503385200"; d="scan'208"; a="1231444310" Received: from mmalisze-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.254.122]) by fmsmga002.fm.intel.com with ESMTP; 16 Oct 2017 12:19:52 -0700 From: Jarkko Sakkinen To: intel-sgx-kernel-dev@lists.01.org Date: Mon, 16 Oct 2017 22:18:55 +0300 Message-Id: <20171016191855.16964-13-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20171016191855.16964-1-jarkko.sakkinen@linux.intel.com> References: <20171016191855.16964-1-jarkko.sakkinen@linux.intel.com> Subject: [intel-sgx-kernel-dev] [PATCH v4 12/12] intel_sgx: update IA32_SGXLEPUBKEYHASH* MSRs X-BeenThere: intel-sgx-kernel-dev@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: =?iso-8859-1?q?Project=3A_Intel=AE_Software_Guard_Extensions_for_Linux*=3A_https=3A//01=2Eorg/intel-software-guard-extensions?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org MIME-Version: 1.0 Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org Sender: "intel-sgx-kernel-dev" X-Virus-Scanned: ClamAV using ClamSMTP Check if IA32_SGXLEPUBKEYHASH* MSRs match. If they do not match, allow the driver initialization to continue only if they are writable. In this case update them with the MRSIGNER of the launch enclave. Signed-off-by: Jarkko Sakkinen --- drivers/platform/x86/intel_sgx/sgx.h | 2 ++ drivers/platform/x86/intel_sgx/sgx_encl.c | 19 +++++++++++++++++++ drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S | 4 ++++ drivers/platform/x86/intel_sgx/sgx_main.c | 13 ++++++++++++- 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel_sgx/sgx.h b/drivers/platform/x86/intel_sgx/sgx.h index 9d3abbe96806..869892176e35 100644 --- a/drivers/platform/x86/intel_sgx/sgx.h +++ b/drivers/platform/x86/intel_sgx/sgx.h @@ -177,6 +177,8 @@ extern u64 sgx_encl_size_max_64; extern u64 sgx_xfrm_mask; extern u32 sgx_misc_reserved; extern u32 sgx_xsave_size_tbl[64]; +extern u64 sgx_le_pubkeyhash[4]; +extern bool sgx_unlocked_msrs; extern const struct file_operations sgx_fops; extern const struct vm_operations_struct sgx_vm_ops; diff --git a/drivers/platform/x86/intel_sgx/sgx_encl.c b/drivers/platform/x86/intel_sgx/sgx_encl.c index 6f6912654b32..f04101116661 100644 --- a/drivers/platform/x86/intel_sgx/sgx_encl.c +++ b/drivers/platform/x86/intel_sgx/sgx_encl.c @@ -68,6 +68,7 @@ #include #include #include +#include struct sgx_add_page_req { struct sgx_encl *encl; @@ -873,6 +874,14 @@ static int sgx_einit(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, return ret; } +static void sgx_update_pubkeyhash(void) +{ + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0, sgx_le_pubkeyhash[0]); + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH1, sgx_le_pubkeyhash[1]); + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH2, sgx_le_pubkeyhash[2]); + wrmsrl(MSR_IA32_SGXLEPUBKEYHASH3, sgx_le_pubkeyhash[3]); +} + /** * sgx_encl_init - perform EINIT for the given enclave * @@ -908,6 +917,16 @@ int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, for (j = 0; j < SGX_EINIT_SPIN_COUNT; j++) { ret = sgx_einit(encl, sigstruct, token); + if (ret == SGX_INVALID_ATTRIBUTE || + ret == SGX_INVALID_EINITTOKEN) { + if (sgx_unlocked_msrs) { + preempt_disable(); + sgx_update_pubkeyhash(); + ret = sgx_einit(encl, sigstruct, token); + preempt_enable(); + } + } + if (ret == SGX_UNMASKED_EVENT) continue; else diff --git a/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S b/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S index faced8a9a75a..e1e3742a0c93 100644 --- a/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S +++ b/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S @@ -9,3 +9,7 @@ GLOBAL(sgx_le_proxy) END(sgx_le_proxy) GLOBAL(sgx_le_proxy_end) + +GLOBAL(sgx_le_ss) + .incbin "drivers/platform/x86/intel_sgx/le/enclave/sgx_le.ss" +END(sgx_le_ss) diff --git a/drivers/platform/x86/intel_sgx/sgx_main.c b/drivers/platform/x86/intel_sgx/sgx_main.c index 42fc9ecaf593..92399da5c4e0 100644 --- a/drivers/platform/x86/intel_sgx/sgx_main.c +++ b/drivers/platform/x86/intel_sgx/sgx_main.c @@ -80,6 +80,7 @@ MODULE_VERSION(DRV_VERSION); * Global data. */ +extern struct sgx_sigstruct sgx_le_ss; struct workqueue_struct *sgx_add_page_wq; #define SGX_MAX_EPC_BANKS 8 struct sgx_epc_bank sgx_epc_banks[SGX_MAX_EPC_BANKS]; @@ -89,6 +90,8 @@ u64 sgx_encl_size_max_64; u64 sgx_xfrm_mask = 0x3; u32 sgx_misc_reserved; u32 sgx_xsave_size_tbl[64]; +bool sgx_unlocked_msrs; +u64 sgx_le_pubkeyhash[4]; static DECLARE_RWSEM(sgx_file_sem); @@ -267,6 +270,7 @@ static int sgx_dev_init(struct device *parent) { struct sgx_context *sgx_dev; unsigned int eax, ebx, ecx, edx; + unsigned long fc; unsigned long pa; unsigned long size; int ret; @@ -276,6 +280,10 @@ static int sgx_dev_init(struct device *parent) sgx_dev = sgxm_ctx_alloc(parent); + rdmsrl(MSR_IA32_FEATURE_CONTROL, fc); + if (fc & FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE) + sgx_unlocked_msrs = true; + cpuid_count(SGX_CPUID, SGX_CPUID_CAPABILITIES, &eax, &ebx, &ecx, &edx); /* Only allow misc bits supported by the driver. */ sgx_misc_reserved = ~ebx | SGX_MISC_RESERVED_MASK; @@ -296,6 +304,10 @@ static int sgx_dev_init(struct device *parent) } } + ret = sgx_get_key_hash_simple(sgx_le_ss.modulus, sgx_le_pubkeyhash); + if (ret) + return ret; + for (i = 0; i < SGX_MAX_EPC_BANKS; i++) { cpuid_count(SGX_CPUID, i + SGX_CPUID_EPC_BANKS, &eax, &ebx, &ecx, &edx); @@ -384,7 +396,6 @@ static int sgx_drv_probe(struct platform_device *pdev) } rdmsrl(MSR_IA32_FEATURE_CONTROL, fc); - if (!(fc & FEATURE_CONTROL_LOCKED)) { pr_err("intel_sgx: the feature control MSR is not locked\n"); return -ENODEV;