diff mbox series

[2/2] selftests/x86/sgx: Read encl.bin and encl.ss from the file system

Message ID 20190829220924.12692-2-jarkko.sakkinen@linux.intel.com (mailing list archive)
State New, archived
Headers show
Series [1/2] selftests/x86: sgxsign: Do not query RSA password | expand

Commit Message

Jarkko Sakkinen Aug. 29, 2019, 10:09 p.m. UTC
Do not link encl.bin and encl.ss to the test application binary. Linking
data files directly to the ELF are legacy from in-kernel LE
implementation.

Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 tools/testing/selftests/x86/sgx/Makefile     |  14 +--
 tools/testing/selftests/x86/sgx/encl_piggy.S |  19 ----
 tools/testing/selftests/x86/sgx/main.c       | 101 +++++++++++++++----
 3 files changed, 88 insertions(+), 46 deletions(-)
 delete mode 100644 tools/testing/selftests/x86/sgx/encl_piggy.S
diff mbox series

Patch

diff --git a/tools/testing/selftests/x86/sgx/Makefile b/tools/testing/selftests/x86/sgx/Makefile
index 4310a5b6ecc7..44805ed43413 100644
--- a/tools/testing/selftests/x86/sgx/Makefile
+++ b/tools/testing/selftests/x86/sgx/Makefile
@@ -10,11 +10,11 @@  HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack
 ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
 	       -fno-stack-protector -mrdrnd $(INCLUDES)
 
-TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx
+TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/encl.bin
+
 all: $(TEST_CUSTOM_PROGS)
 
-$(TEST_CUSTOM_PROGS): $(OUTPUT)/main.o $(OUTPUT)/sgx_call.o \
-		      $(OUTPUT)/encl_piggy.o
+$(OUTPUT)/test_sgx: $(OUTPUT)/main.o $(OUTPUT)/sgx_call.o
 	$(CC) $(HOST_CFLAGS) -o $@ $^
 
 $(OUTPUT)/main.o: main.c
@@ -23,24 +23,18 @@  $(OUTPUT)/main.o: main.c
 $(OUTPUT)/sgx_call.o: sgx_call.S
 	$(CC) $(HOST_CFLAGS) -c $< -o $@
 
-$(OUTPUT)/encl_piggy.o: $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
-	$(CC) $(HOST_CFLAGS) -I$(OUTPUT) -c encl_piggy.S -o $@
-
 $(OUTPUT)/encl.bin: $(OUTPUT)/encl.elf $(OUTPUT)/sgxsign
 	$(OBJCOPY) -O binary $< $@
+	$(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
 
 $(OUTPUT)/encl.elf: encl.lds encl.c encl_bootstrap.S
 	$(CC) $(ENCL_CFLAGS) -T $^ -o $@
 
-$(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin  $(OUTPUT)/sgxsign
-	$(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
-
 $(OUTPUT)/sgxsign: sgxsign.c
 	$(CC) -o $@ $< -lcrypto
 
 EXTRA_CLEAN := \
 	$(OUTPUT)/encl.bin \
-	$(OUTPUT)/encl_piggy.o \
 	$(OUTPUT)/encl.elf \
 	$(OUTPUT)/encl.ss \
 	$(OUTPUT)/sgx_call.o \
diff --git a/tools/testing/selftests/x86/sgx/encl_piggy.S b/tools/testing/selftests/x86/sgx/encl_piggy.S
deleted file mode 100644
index a7f6447abbba..000000000000
--- a/tools/testing/selftests/x86/sgx/encl_piggy.S
+++ /dev/null
@@ -1,19 +0,0 @@ 
-/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
-/*
- * Copyright(c) 2016-18 Intel Corporation.
- */
-
-	.section ".rodata", "a"
-	.balign 4096
-
-encl_bin:
-	.globl encl_bin
-	.incbin	"encl.bin"
-encl_bin_end:
-	.globl encl_bin_end
-
-encl_ss:
-	.globl encl_ss
-	.incbin	"encl.ss"
-encl_ss_end:
-	.globl encl_ss_end
diff --git a/tools/testing/selftests/x86/sgx/main.c b/tools/testing/selftests/x86/sgx/main.c
index 68a22ef3f05c..2160bcd0ccd9 100644
--- a/tools/testing/selftests/x86/sgx/main.c
+++ b/tools/testing/selftests/x86/sgx/main.c
@@ -14,6 +14,7 @@ 
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/types.h>
 #include "encl_piggy.h"
 #include "defines.h"
 #include "../../../../../arch/x86/kernel/cpu/sgx/arch.h"
@@ -189,7 +190,8 @@  static bool encl_add_page(int dev_fd, unsigned long addr, void *data,
 	return true;
 }
 
-static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
+static bool encl_build(struct sgx_secs *secs, void *bin,
+		       unsigned long bin_size, struct sgx_sigstruct *sigstruct)
 {
 	struct sgx_enclave_init ioc;
 	uint64_t offset;
@@ -215,11 +217,11 @@  static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
 				SGX_SECINFO_W | SGX_SECINFO_X;
 
 		if (!encl_add_page(dev_fd, secs->base + offset,
-				   encl_bin + offset, flags))
+				   bin + offset, flags))
 			goto out_map;
 	}
 
-	ioc.sigstruct = (uint64_t)&encl_ss;
+	ioc.sigstruct = (uint64_t)sigstruct;
 	rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_INIT, &ioc);
 	if (rc) {
 		printf("EINIT failed rc=%d\n", rc);
@@ -241,7 +243,6 @@  static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
 		return false;
 	}
 
-
 	close(dev_fd);
 	return true;
 out_map:
@@ -251,20 +252,95 @@  static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
 	return false;
 }
 
+bool get_file_size(const char *path, off_t *bin_size)
+{
+	struct stat sb;
+	int ret;
+
+	ret = stat(path, &sb);
+	if (ret) {
+		perror("stat");
+		return false;
+	}
+
+	if (!sb.st_size || sb.st_size & 0xfff) {
+		fprintf(stderr, "Invalid blob size %lu\n", sb.st_size);
+		return false;
+	}
+
+	*bin_size = sb.st_size;
+	return true;
+}
+
+bool encl_data_map(const char *path, void **bin, off_t *bin_size)
+{
+	int fd;
+
+	fd = open(path, O_RDONLY);
+	if (fd == -1)  {
+		fprintf(stderr, "open() %s failed, errno=%d.\n", path, errno);
+		return false;
+	}
+
+	if (!get_file_size(path, bin_size))
+		goto err_out;
+
+	*bin = mmap(NULL, *bin_size, PROT_READ, MAP_PRIVATE, fd, 0);
+	if (*bin == MAP_FAILED) {
+		fprintf(stderr, "mmap() %s failed, errno=%d.\n", path, errno);
+		goto err_out;
+	}
+
+	close(fd);
+	return true;
+
+err_out:
+	close(fd);
+	return false;
+}
+
+bool load_sigstruct(const char *path, void *sigstruct)
+{
+	int fd;
+
+	fd = open(path, O_RDONLY);
+	if (fd == -1)  {
+		fprintf(stderr, "open() %s failed, errno=%d.\n", path, errno);
+		return false;
+	}
+
+	if (read(fd, sigstruct, sizeof(struct sgx_sigstruct)) !=
+	    sizeof(struct sgx_sigstruct)) {
+		fprintf(stderr, "read() %s failed, errno=%d.\n", path, errno);
+		close(fd);
+		return false;
+	}
+
+	close(fd);
+	return true;
+}
+
 int sgx_call(void *rdi, void *rsi, long rdx, void *rcx, void *r8, void *r9,
 	     void *tcs, struct sgx_enclave_exception *ei, void *cb);
 
 int main(int argc, char *argv[], char *envp[])
 {
-	unsigned long bin_size = encl_bin_end - encl_bin;
-	unsigned long ss_size = encl_ss_end - encl_ss;
 	struct sgx_enclave_exception exception;
-	Elf64_Sym *eenter_sym;
+	struct sgx_sigstruct sigstruct;
 	struct vdso_symtab symtab;
+	Elf64_Sym *eenter_sym;
 	struct sgx_secs secs;
 	uint64_t result = 0;
+	off_t bin_size;
+	void *bin;
 	void *addr;
 
+	if (!encl_data_map("encl.bin", &bin, &bin_size))
+		exit(1);
+
+	if (!load_sigstruct("encl.ss", &sigstruct))
+		exit(1);
+
 	memset(&exception, 0, sizeof(exception));
 
 	addr = vdso_get_base_addr(envp);
@@ -279,16 +355,7 @@  int main(int argc, char *argv[], char *envp[])
 		exit(1);
 	eenter = addr + eenter_sym->st_value;
 
-	printf("Binary size %lu (0x%lx), SIGSTRUCT size %lu\n", bin_size,
-	       bin_size, ss_size);
-	if (ss_size != sizeof(struct sgx_sigstruct)) {
-		fprintf(stderr, "The size of SIGSTRUCT should be %lu\n",
-			sizeof(struct sgx_sigstruct));
-		exit(1);
-	}
-
-	printf("Loading the enclave.\n");
-	if (!encl_load(&secs, bin_size))
+	if (!encl_build(&secs, bin, bin_size, &sigstruct))
 		exit(1);
 
 	printf("Input: 0x%lx\n", MAGIC);