@@ -10,11 +10,11 @@ HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack
ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
-fno-stack-protector -mrdrnd $(INCLUDES)
-TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx
+TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/encl.bin
+
all: $(TEST_CUSTOM_PROGS)
-$(TEST_CUSTOM_PROGS): $(OUTPUT)/main.o $(OUTPUT)/sgx_call.o \
- $(OUTPUT)/encl_piggy.o
+$(OUTPUT)/test_sgx: $(OUTPUT)/main.o $(OUTPUT)/sgx_call.o
$(CC) $(HOST_CFLAGS) -o $@ $^
$(OUTPUT)/main.o: main.c
@@ -23,24 +23,18 @@ $(OUTPUT)/main.o: main.c
$(OUTPUT)/sgx_call.o: sgx_call.S
$(CC) $(HOST_CFLAGS) -c $< -o $@
-$(OUTPUT)/encl_piggy.o: $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
- $(CC) $(HOST_CFLAGS) -I$(OUTPUT) -c encl_piggy.S -o $@
-
$(OUTPUT)/encl.bin: $(OUTPUT)/encl.elf $(OUTPUT)/sgxsign
$(OBJCOPY) -O binary $< $@
+ $(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
$(OUTPUT)/encl.elf: encl.lds encl.c encl_bootstrap.S
$(CC) $(ENCL_CFLAGS) -T $^ -o $@
-$(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin $(OUTPUT)/sgxsign
- $(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
-
$(OUTPUT)/sgxsign: sgxsign.c
$(CC) -o $@ $< -lcrypto
EXTRA_CLEAN := \
$(OUTPUT)/encl.bin \
- $(OUTPUT)/encl_piggy.o \
$(OUTPUT)/encl.elf \
$(OUTPUT)/encl.ss \
$(OUTPUT)/sgx_call.o \
deleted file mode 100644
@@ -1,19 +0,0 @@
-/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
-/*
- * Copyright(c) 2016-18 Intel Corporation.
- */
-
- .section ".rodata", "a"
- .balign 4096
-
-encl_bin:
- .globl encl_bin
- .incbin "encl.bin"
-encl_bin_end:
- .globl encl_bin_end
-
-encl_ss:
- .globl encl_ss
- .incbin "encl.ss"
-encl_ss_end:
- .globl encl_ss_end
@@ -14,6 +14,7 @@
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/time.h>
+#include <sys/types.h>
#include "encl_piggy.h"
#include "defines.h"
#include "../../../../../arch/x86/kernel/cpu/sgx/arch.h"
@@ -189,7 +190,8 @@ static bool encl_add_page(int dev_fd, unsigned long addr, void *data,
return true;
}
-static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
+static bool encl_build(struct sgx_secs *secs, void *bin,
+ unsigned long bin_size, struct sgx_sigstruct *sigstruct)
{
struct sgx_enclave_init ioc;
uint64_t offset;
@@ -215,11 +217,11 @@ static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
SGX_SECINFO_W | SGX_SECINFO_X;
if (!encl_add_page(dev_fd, secs->base + offset,
- encl_bin + offset, flags))
+ bin + offset, flags))
goto out_map;
}
- ioc.sigstruct = (uint64_t)&encl_ss;
+ ioc.sigstruct = (uint64_t)sigstruct;
rc = ioctl(dev_fd, SGX_IOC_ENCLAVE_INIT, &ioc);
if (rc) {
printf("EINIT failed rc=%d\n", rc);
@@ -241,7 +243,6 @@ static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
return false;
}
-
close(dev_fd);
return true;
out_map:
@@ -251,20 +252,95 @@ static bool encl_load(struct sgx_secs *secs, unsigned long bin_size)
return false;
}
+bool get_file_size(const char *path, off_t *bin_size)
+{
+ struct stat sb;
+ int ret;
+
+ ret = stat(path, &sb);
+ if (ret) {
+ perror("stat");
+ return false;
+ }
+
+ if (!sb.st_size || sb.st_size & 0xfff) {
+ fprintf(stderr, "Invalid blob size %lu\n", sb.st_size);
+ return false;
+ }
+
+ *bin_size = sb.st_size;
+ return true;
+}
+
+bool encl_data_map(const char *path, void **bin, off_t *bin_size)
+{
+ int fd;
+
+ fd = open(path, O_RDONLY);
+ if (fd == -1) {
+ fprintf(stderr, "open() %s failed, errno=%d.\n", path, errno);
+ return false;
+ }
+
+ if (!get_file_size(path, bin_size))
+ goto err_out;
+
+ *bin = mmap(NULL, *bin_size, PROT_READ, MAP_PRIVATE, fd, 0);
+ if (*bin == MAP_FAILED) {
+ fprintf(stderr, "mmap() %s failed, errno=%d.\n", path, errno);
+ goto err_out;
+ }
+
+ close(fd);
+ return true;
+
+err_out:
+ close(fd);
+ return false;
+}
+
+bool load_sigstruct(const char *path, void *sigstruct)
+{
+ int fd;
+
+ fd = open(path, O_RDONLY);
+ if (fd == -1) {
+ fprintf(stderr, "open() %s failed, errno=%d.\n", path, errno);
+ return false;
+ }
+
+ if (read(fd, sigstruct, sizeof(struct sgx_sigstruct)) !=
+ sizeof(struct sgx_sigstruct)) {
+ fprintf(stderr, "read() %s failed, errno=%d.\n", path, errno);
+ close(fd);
+ return false;
+ }
+
+ close(fd);
+ return true;
+}
+
int sgx_call(void *rdi, void *rsi, long rdx, void *rcx, void *r8, void *r9,
void *tcs, struct sgx_enclave_exception *ei, void *cb);
int main(int argc, char *argv[], char *envp[])
{
- unsigned long bin_size = encl_bin_end - encl_bin;
- unsigned long ss_size = encl_ss_end - encl_ss;
struct sgx_enclave_exception exception;
- Elf64_Sym *eenter_sym;
+ struct sgx_sigstruct sigstruct;
struct vdso_symtab symtab;
+ Elf64_Sym *eenter_sym;
struct sgx_secs secs;
uint64_t result = 0;
+ off_t bin_size;
+ void *bin;
void *addr;
+ if (!encl_data_map("encl.bin", &bin, &bin_size))
+ exit(1);
+
+ if (!load_sigstruct("encl.ss", &sigstruct))
+ exit(1);
+
memset(&exception, 0, sizeof(exception));
addr = vdso_get_base_addr(envp);
@@ -279,16 +355,7 @@ int main(int argc, char *argv[], char *envp[])
exit(1);
eenter = addr + eenter_sym->st_value;
- printf("Binary size %lu (0x%lx), SIGSTRUCT size %lu\n", bin_size,
- bin_size, ss_size);
- if (ss_size != sizeof(struct sgx_sigstruct)) {
- fprintf(stderr, "The size of SIGSTRUCT should be %lu\n",
- sizeof(struct sgx_sigstruct));
- exit(1);
- }
-
- printf("Loading the enclave.\n");
- if (!encl_load(&secs, bin_size))
+ if (!encl_build(&secs, bin, bin_size, &sigstruct))
exit(1);
printf("Input: 0x%lx\n", MAGIC);
Do not link encl.bin and encl.ss to the test application binary. Linking data files directly to the ELF are legacy from in-kernel LE implementation. Cc: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- tools/testing/selftests/x86/sgx/Makefile | 14 +-- tools/testing/selftests/x86/sgx/encl_piggy.S | 19 ---- tools/testing/selftests/x86/sgx/main.c | 101 +++++++++++++++---- 3 files changed, 88 insertions(+), 46 deletions(-) delete mode 100644 tools/testing/selftests/x86/sgx/encl_piggy.S