diff --git a/common/inc/internal/bit_array.h b/common/inc/internal/bit_array.h new file mode 120000 index 00000000..8b14d3a1 --- /dev/null +++ b/common/inc/internal/bit_array.h @@ -0,0 +1 @@ +../../../external/sgx-emm/emm_src/include/bit_array.h \ No newline at end of file diff --git a/common/inc/internal/bit_array_imp.h b/common/inc/internal/bit_array_imp.h new file mode 120000 index 00000000..c30a510f --- /dev/null +++ b/common/inc/internal/bit_array_imp.h @@ -0,0 +1 @@ +../../../external/sgx-emm/emm_src/include/bit_array_imp.h \ No newline at end of file diff --git a/common/inc/internal/ema.h b/common/inc/internal/ema.h new file mode 120000 index 00000000..1cd93621 --- /dev/null +++ b/common/inc/internal/ema.h @@ -0,0 +1 @@ +../../../external/sgx-emm/emm_src/include/ema.h \ No newline at end of file diff --git a/common/inc/internal/ema_imp.h b/common/inc/internal/ema_imp.h new file mode 120000 index 00000000..41b8b3d2 --- /dev/null +++ b/common/inc/internal/ema_imp.h @@ -0,0 +1 @@ +../../../external/sgx-emm/emm_src/include/ema_imp.h \ No newline at end of file diff --git a/common/inc/internal/emm_private.h b/common/inc/internal/emm_private.h new file mode 120000 index 00000000..cf6d63de --- /dev/null +++ b/common/inc/internal/emm_private.h @@ -0,0 +1 @@ +../../../external/sgx-emm/emm_src/include/emm_private.h \ No newline at end of file diff --git a/common/inc/sgx_mm.h b/common/inc/sgx_mm.h new file mode 120000 index 00000000..ec4db661 --- /dev/null +++ b/common/inc/sgx_mm.h @@ -0,0 +1 @@ +../../external/sgx-emm/emm_src/include/sgx_mm.h \ No newline at end of file diff --git a/common/inc/sgx_mm_primitives.h b/common/inc/sgx_mm_primitives.h new file mode 120000 index 00000000..88d2c9b6 --- /dev/null +++ b/common/inc/sgx_mm_primitives.h @@ -0,0 +1 @@ +../../external/sgx-emm/emm_src/include/sgx_mm_primitives.h \ No newline at end of file diff --git a/common/inc/sgx_mm_rt_abstraction.h b/common/inc/sgx_mm_rt_abstraction.h new file mode 120000 index 00000000..8ffd119d --- /dev/null +++ b/common/inc/sgx_mm_rt_abstraction.h @@ -0,0 +1 @@ +../../external/sgx-emm/emm_src/include/sgx_mm_rt_abstraction.h \ No newline at end of file diff --git a/docker/build/Dockerfile b/docker/build/Dockerfile index 0e363f46..92f842ce 100644 --- a/docker/build/Dockerfile +++ b/docker/build/Dockerfile @@ -59,6 +59,7 @@ RUN make sdk_install_pkg_no_mitigation WORKDIR /opt/intel RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' +ENV SGX_SDK=/opt/intel/sgxsdk WORKDIR /linux-sgx RUN make psw_install_pkg diff --git a/docker/build/build_and_run_aesm_deb_docker.sh b/docker/build/build_and_run_aesm_deb_docker.sh new file mode 100755 index 00000000..eed08103 --- /dev/null +++ b/docker/build/build_and_run_aesm_deb_docker.sh @@ -0,0 +1,41 @@ +#!/bin/sh +# +# Copyright (C) 2022 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +set -e +docker build --target aesm_deb --build-arg https_proxy=$https_proxy \ + --build-arg http_proxy=$http_proxy -t sgx_aesm_deb -f ./Dockerfile ../../ + +docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=rw aesmd-socket + +# If you use the Legacy Launch Control driver, replace /dev/sgx_enclave with /dev/isgx, and remove +# --device=/dev/sgx_provision + +docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave --device=/dev/sgx_provision -v /dev/log:/dev/log -v aesmd-socket:/var/run/aesmd -it sgx_aesm_deb diff --git a/docker/build/build_and_run_aesm_docker.sh b/docker/build/build_and_run_aesm_docker.sh index 6b5b9324..d5c51671 100755 --- a/docker/build/build_and_run_aesm_docker.sh +++ b/docker/build/build_and_run_aesm_docker.sh @@ -35,7 +35,7 @@ docker build --target aesm --build-arg https_proxy=$https_proxy \ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=rw aesmd-socket -# If you use the Legacy Launch Control driver, replace /dev/sgx/enclave with /dev/isgx, and remove -# --device=/dev/sgx/provision +# If you use the Legacy Launch Control driver, replace /dev/sgx_enclave with /dev/isgx, and remove +# --device=/dev/sgx_provision -docker run --env http_proxy --env https_proxy --device=/dev/sgx/enclave --device=/dev/sgx/provision -v /dev/log:/dev/log -v aesmd-socket:/var/run/aesmd -it sgx_aesm +docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave --device=/dev/sgx_provision -v /dev/log:/dev/log -v aesmd-socket:/var/run/aesmd -it sgx_aesm diff --git a/docker/build/build_and_run_qgs_docker.sh b/docker/build/build_and_run_qgs_docker.sh index 7acb3659..c9577999 100755 --- a/docker/build/build_and_run_qgs_docker.sh +++ b/docker/build/build_and_run_qgs_docker.sh @@ -35,7 +35,7 @@ docker build --target qgs --build-arg https_proxy=$https_proxy \ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=rw qgs-socket -# If you use the Legacy Launch Control driver, replace /dev/sgx/enclave with /dev/isgx, and remove -# --device=/dev/sgx/provision +# If you use the Legacy Launch Control driver, replace /dev/sgx_enclave with /dev/isgx, and remove +# --device=/dev/sgx_provision -docker run --device=/dev/sgx/enclave --device=/dev/sgx/provision -v /dev/log:/dev/log -v qgs-socket:/var/run/tdx-qgs/ -it --add-host=host.docker.internal:host-gateway tdx_qgs /opt/intel/tdx-qgs/qgs --no-daemon +docker run --device=/dev/sgx_enclave --device=/dev/sgx_provision -v /dev/log:/dev/log -v qgs-socket:/var/run/tdx-qgs/ -it --add-host=host.docker.internal:host-gateway tdx_qgs /opt/intel/tdx-qgs/qgs --no-daemon diff --git a/docker/build/build_and_run_sample_deb_docker.sh b/docker/build/build_and_run_sample_deb_docker.sh new file mode 100755 index 00000000..1b9161d0 --- /dev/null +++ b/docker/build/build_and_run_sample_deb_docker.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# +# Copyright (C) 2022 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +set -e +docker build --target sample_deb --build-arg https_proxy=$https_proxy \ + --build-arg http_proxy=$http_proxy -t sgx_sample_deb -f ./Dockerfile ../../ + +# Another container should expose AESM and its socket in aesmd-socket volume. +# Replace /dev/sgx_enclave with /dev/isgx if you use the Legacy Launch Control driver +docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave -v aesmd-socket:/var/run/aesmd -it sgx_sample_deb diff --git a/docker/build/build_and_run_sample_docker.sh b/docker/build/build_and_run_sample_docker.sh index 42cd33bb..49e40a50 100755 --- a/docker/build/build_and_run_sample_docker.sh +++ b/docker/build/build_and_run_sample_docker.sh @@ -34,5 +34,5 @@ docker build --target sample --build-arg https_proxy=$https_proxy \ --build-arg http_proxy=$http_proxy -t sgx_sample -f ./Dockerfile ../../ # Another container should expose AESM and its socket in aesmd-socket volume. -# Replace /dev/sgx/enclave with /dev/isgx if you use the Legacy Launch Control driver -docker run --env http_proxy --env https_proxy --device=/dev/sgx/enclave -v aesmd-socket:/var/run/aesmd -it sgx_sample +# Replace /dev/sgx_enclave with /dev/isgx if you use the Legacy Launch Control driver +docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave -v aesmd-socket:/var/run/aesmd -it sgx_sample diff --git a/external/sgx-emm/Makefile b/external/sgx-emm/Makefile index 7ff92904..5066b1e9 100644 --- a/external/sgx-emm/Makefile +++ b/external/sgx-emm/Makefile @@ -41,6 +41,8 @@ C_Files := $(EMM_DIR)/bit_array.c \ $(EMM_DIR)/emm_private.c \ $(EMM_DIR)/sgx_mm.c +CPPFLAGS += -mno-sse + OBJS := $(C_Files:.c=.o) OBJS := $(sort $(OBJS)) diff --git a/external/sgx-emm/emm_src b/external/sgx-emm/emm_src index 41a3ead0..2ff25dcf 160000 --- a/external/sgx-emm/emm_src +++ b/external/sgx-emm/emm_src @@ -1 +1 @@ -Subproject commit 41a3ead0e350f255d82eb0f79a9f356816ea19ed +Subproject commit 2ff25dcfe181afa28fa112b4eca2b1dc7363118c diff --git a/linux/installer/common/psw/Makefile b/linux/installer/common/psw/Makefile index 022ca16d..1486ee1f 100644 --- a/linux/installer/common/psw/Makefile +++ b/linux/installer/common/psw/Makefile @@ -46,6 +46,8 @@ ECL_VER=1.0.0 LCH_VER=1.0.0 EPID_VER=1.0.0 QEX_VER=1.0.0 +URTS_VER:= 2.0.0.0 +QE3L_VER:=1.0.0 default: @@ -63,6 +65,9 @@ install: mv $(PSW_LIB_PATH)/libsgx_enclave_common.so $(USR_LIB_PATH) rmdir $(PSW_LIB_PATH) cd $(USR_LIB_PATH) && \ + mv libsgx_urts.so libsgx_urts.so.$(URTS_VER) && \ + ln -fs libsgx_urts.so.$(URTS_VER) libsgx_urts.so.$(call SPLIT_VERSION,$(URTS_VER),1) && \ + ln -fs libsgx_urts.so.$(call SPLIT_VERSION,$(URTS_VER),1) libsgx_urts.so &&\ mv libsgx_enclave_common.so libsgx_enclave_common.so.$(ECL_VER) && \ ln -fs libsgx_enclave_common.so.$(ECL_VER) libsgx_enclave_common.so.$(call SPLIT_VERSION,$(ECL_VER),1) && \ ln -fs libsgx_enclave_common.so.$(call SPLIT_VERSION,$(ECL_VER),1) libsgx_enclave_common.so && \ @@ -76,4 +81,5 @@ install: ln -fs libsgx_quote_ex.so.$(QEX_VER) libsgx_quote_ex.so.$(call SPLIT_VERSION,$(QEX_VER),1) && \ ln -fs libsgx_quote_ex.so.$(call SPLIT_VERSION,$(QEX_VER),1) libsgx_quote_ex.so cd $(INSTALL_PATH)/aesm && \ - ln -fs liburts_internal.so libsgx_urts.so + ln -fs liburts_internal.so libsgx_urts.so.$(call SPLIT_VERSION,$(URTS_VER),1) && \ + ln -fs libsgx_qe3_logic.so.$(call SPLIT_VERSION,$(QE3L_VER),1) libsgx_qe3_logic.so diff --git a/psw/urts/linux/edmm_utility.cpp b/psw/urts/linux/edmm_utility.cpp index 1f6f9e42..a7e9f73c 100644 --- a/psw/urts/linux/edmm_utility.cpp +++ b/psw/urts/linux/edmm_utility.cpp @@ -101,6 +101,11 @@ bool get_driver_type(int *driver_type) int hdev = open("/dev/sgx/enclave", O_RDWR); //attempt to open the in-kernel driver if (-1 == hdev) + { + //if /dev/sgx/enclave is not present, try to open /dev/sgx_enclave + hdev = open("/dev/sgx_enclave", O_RDWR); + } + if (-1 == hdev) { hdev = open("/dev/isgx", O_RDWR); //attempt to open the out-of-tree driver if (-1 == hdev) @@ -150,6 +155,11 @@ extern "C" bool open_se_device(int driver_type, int *hdevice) if (driver_type == SGX_DRIVER_IN_KERNEL) { *hdevice = open("/dev/sgx/enclave", O_RDWR); //attempt to open the in-kernel driver + //if /dev/sgx/enclave is not present, try to open /dev/sgx_enclave + if(-1 == *hdevice) + { + *hdevice = open("/dev/sgx_enclave", O_RDWR); + } } else if (driver_type == SGX_DRIVER_DCAP) { diff --git a/psw/urts/linux/sig_handler.cpp b/psw/urts/linux/sig_handler.cpp index 16eb79b7..800ac177 100644 --- a/psw/urts/linux/sig_handler.cpp +++ b/psw/urts/linux/sig_handler.cpp @@ -173,10 +173,12 @@ void sig_handler(int signum, siginfo_t* siginfo, void *priv) } else { ecmd = ECMD_INTERRUPT; } + UNUSED(ms); - CEnclave *enclave = param->trust_thread->get_enclave(); - unsigned int ret = enclave->ecall(ecmd, param->ocall_table, ms); - if(SGX_SUCCESS == ret) + // CEnclave *enclave = param->trust_thread->get_enclave(); + // unsigned int ret = enclave->ecall(ecmd, param->ocall_table, ms); + unsigned int ret = do_ecall(ecmd, param->ocall_table, NULL, param->trust_thread); + if (SGX_SUCCESS == ret) { //ERESUME execute return; @@ -192,8 +194,8 @@ void sig_handler(int signum, siginfo_t* siginfo, void *priv) //If we can't fix the exception within enclave, then give the handle to other signal hanlder. //Call the previous signal handler. The default signal handler should terminate the application. - enclave->rdunlock(); - CEnclavePool::instance()->unref_enclave(enclave); + // enclave->rdunlock(); + // CEnclavePool::instance()->unref_enclave(enclave); } else if (signum == SIGRT_INTERRUPT) { diff --git a/sdk/sign_tool/SignTool/manage_metadata.cpp b/sdk/sign_tool/SignTool/manage_metadata.cpp index 5d2023a0..b11e3c0d 100644 --- a/sdk/sign_tool/SignTool/manage_metadata.cpp +++ b/sdk/sign_tool/SignTool/manage_metadata.cpp @@ -599,6 +599,12 @@ bool CMetadata::check_xml_parameter(const xml_parameter_t *parameter) return true; } +uint64_t CMetadata::calc_overhead(uint64_t size) +{ + size_t bsize = ROUND_TO(size + sizeof(uint64_t), 0x8); + return (bsize < 0x10) ? 0x10 : bsize; +} + uint64_t CMetadata::calculate_rts_bk_overhead() { uint64_t ema_overhead = sizeof(struct ema_t_); @@ -606,71 +612,71 @@ uint64_t CMetadata::calculate_rts_bk_overhead() // MIN heap uint32_t page_count = (uint32_t)(m_create_param.heap_min_size >> SE_PAGE_SHIFT); - uint64_t heap_node_overhead = ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + uint64_t heap_node_overhead = calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); if(m_create_param.heap_init_size > m_create_param.heap_min_size) { // INIT heap page_count = (uint32_t)((m_create_param.heap_init_size - m_create_param.heap_min_size) >> SE_PAGE_SHIFT); - heap_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + heap_node_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); } if(m_create_param.heap_max_size > m_create_param.heap_init_size) { page_count = (uint32_t)((m_create_param.heap_max_size - m_create_param.heap_init_size) >> SE_PAGE_SHIFT); - heap_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + heap_node_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); } page_count = (uint32_t)(m_create_param.rsrv_min_size >> SE_PAGE_SHIFT); - uint64_t rsrv_node_overhead = ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + uint64_t rsrv_node_overhead = calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); if(m_create_param.rsrv_init_size > m_create_param.rsrv_min_size) { // INIT RSRV page_count = (uint32_t)((m_create_param.rsrv_init_size - m_create_param.rsrv_min_size) >> SE_PAGE_SHIFT); - rsrv_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + rsrv_node_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); } if(m_create_param.rsrv_max_size > m_create_param.rsrv_init_size) { page_count = (uint32_t)((m_create_param.rsrv_max_size - m_create_param.rsrv_init_size) >> SE_PAGE_SHIFT); - rsrv_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + rsrv_node_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); } // guard page | stack | guard page | TCS | SSA | guard page | TLS // guard page - uint64_t non_removed_ctx_overhead = ema_overhead; - uint64_t removed_ctx_overhead = ema_overhead; + uint64_t non_removed_ctx_overhead = calc_overhead(ema_overhead); + uint64_t removed_ctx_overhead = calc_overhead(ema_overhead); // stack page_count = (uint32_t)(m_create_param.stack_min_size >> SE_PAGE_SHIFT); - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); - removed_ctx_overhead += ema_overhead; + non_removed_ctx_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); + removed_ctx_overhead += calc_overhead(ema_overhead); if(m_create_param.stack_max_size > m_create_param.stack_min_size) { page_count = (uint32_t)((m_create_param.stack_max_size - m_create_param.stack_min_size) >> SE_PAGE_SHIFT); - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); - removed_ctx_overhead += ema_overhead; + non_removed_ctx_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); + removed_ctx_overhead += calc_overhead(ema_overhead); } // guard page - non_removed_ctx_overhead += ema_overhead; - removed_ctx_overhead += ema_overhead; + non_removed_ctx_overhead += calc_overhead(ema_overhead); + removed_ctx_overhead += calc_overhead(ema_overhead); // tcs page_count = TCS_SIZE >> SE_PAGE_SHIFT; - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); - removed_ctx_overhead += ema_overhead; + non_removed_ctx_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); + removed_ctx_overhead += calc_overhead(ema_overhead); // ssa page_count = m_metadata->ssa_frame_size * SSA_NUM; - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + non_removed_ctx_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); removed_ctx_overhead += ema_overhead; // guard page - non_removed_ctx_overhead += ema_overhead; - removed_ctx_overhead += ema_overhead; + non_removed_ctx_overhead += calc_overhead(ema_overhead); + removed_ctx_overhead += calc_overhead(ema_overhead); // td page_count = 1; @@ -679,8 +685,8 @@ uint64_t CMetadata::calculate_rts_bk_overhead() { page_count += (uint32_t)(ROUND_TO_PAGE(section->virtual_size()) >> SE_PAGE_SHIFT); } - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); - removed_ctx_overhead += ema_overhead; + non_removed_ctx_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(page_count, 8) >> 3)); + removed_ctx_overhead += calc_overhead(ema_overhead); uint32_t tcs_min_pool = 0; /* Number of static threads (EADD) */ uint32_t tcs_eremove = 0; @@ -730,9 +736,11 @@ uint64_t CMetadata::calculate_rts_bk_overhead() std::vector sections = m_parser->get_sections(); for (auto s : sections) { uint32_t p_count = (uint32_t)(ROUND_TO_PAGE(s->virtual_size()) >> SE_PAGE_SHIFT); - total_sections_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(p_count, 8) >> 3); + total_sections_overhead += calc_overhead(ema_overhead) + calc_overhead(bit_array_overhead) + calc_overhead((ROUND_TO(p_count, 8) >> 3)); } + printf("heap: %lx, rsrv: %lx, ctx: %lx, removed_ctx: %lx, sections: %lx\n", + heap_node_overhead, rsrv_node_overhead, total_non_removed_ctx_overhead, total_removed_ctx_overhead, total_sections_overhead); return heap_node_overhead + rsrv_node_overhead + total_non_removed_ctx_overhead + @@ -1183,7 +1191,9 @@ bool CMetadata::build_layout_table() { // 0x20000 comes from initial emalloc reserve size (0x10000 bytes), // plus two guard pages (0x8000 bytes each) - uint64_t rts_bk_overhead = calculate_rts_bk_overhead() + 0x20000; + uint64_t rts_bk_overhead_tmp = ROUND_TO(calculate_rts_bk_overhead(), 0x10000); + printf("rts_bk_overhead: %lx\n", rts_bk_overhead_tmp); + uint64_t rts_bk_overhead = (rts_bk_overhead_tmp + 0x10000) * 2; uint64_t user_region_size = ROUND_TO_PAGE(rts_bk_overhead); se_trace(SE_TRACE_ERROR, "RTS bookkeeping overhead: 0x%016llX\n", user_region_size); diff --git a/sdk/sign_tool/SignTool/manage_metadata.h b/sdk/sign_tool/SignTool/manage_metadata.h index 337e1307..335e75f2 100644 --- a/sdk/sign_tool/SignTool/manage_metadata.h +++ b/sdk/sign_tool/SignTool/manage_metadata.h @@ -136,6 +136,7 @@ class CMetadata: private Uncopyable bool vaildate_elrange_config(); bool build_elrange_config_entry(); uint64_t calculate_rts_bk_overhead(); + uint64_t calc_overhead(uint64_t size); bool check_config(); uint8_t m_meta_verions; diff --git a/sdk/simulation/trtssim/linux/Makefile b/sdk/simulation/trtssim/linux/Makefile index bac8e2c6..b037f00a 100644 --- a/sdk/simulation/trtssim/linux/Makefile +++ b/sdk/simulation/trtssim/linux/Makefile @@ -67,11 +67,15 @@ TRTS1_OBJS := init_enclave.o \ trts_xsave.o \ init_optimized_lib.o \ trts_add_trim.o \ - trts_interrupt.o \ - trts_emm_sim.o + trts_interrupt.o + # trts_emm_sim.o TRTS2_OBJS := trts_nsp.o -TRTS_OBJS := $(TRTS1_OBJS) $(TRTS2_OBJS) + +TRTS3_OBJS := ema_rt.o + +TRTS_OBJS := $(TRTS1_OBJS) $(TRTS2_OBJS) $(TRTS3_OBJS) + TINST_OBJS := t_instructions.o \ deriv.o @@ -94,6 +98,9 @@ TLDR_OBJS := $(TLDR_ASM_OBJS) $(TLDR_C_OBJS) LIBTRTS := libsgx_trts_sim.a +LIBSGX_MM_PATH = $(LINUX_EXTERNAL_DIR)/sgx-emm +LIBSGX_MM = libsgx_mm.a + vpath %.cpp $(TRTS_DIR):$(TINST_DIR) vpath %.S $(LOWLIB_DIR):$(TLDR_DIR):$(XSAVE_DIR) vpath %.c $(TLS_DIR):$(TLDR_DIR) @@ -103,8 +110,15 @@ vpath %.c $(TLS_DIR):$(TLDR_DIR) all: $(LIBTRTS) | $(BUILD_DIR) $(CP) $< $| -$(LIBTRTS): $(TRTS_OBJS) $(TINST_OBJS) $(LOWLIB_OBJS) $(TLS_OBJS) $(TLDR_OBJS) +$(LIBTRTS): $(TRTS_OBJS) $(TINST_OBJS) $(LOWLIB_OBJS) $(TLS_OBJS) $(TLDR_OBJS) $(LIBSGX_MM) $(AR) rcsD $@ $(TRTS_OBJS) $(TINST_OBJS) $(LOWLIB_OBJS) $(TLS_OBJS) $(TLDR_OBJS) + $(MKDIR) $(BUILD_DIR)/.libsgx_mm + $(RM) $(BUILD_DIR)/.libsgx_mm/* && cd $(BUILD_DIR)/.libsgx_mm && $(AR) x $(LIBSGX_MM_PATH)/libsgx_mm.a + $(AR) rsD $@ $(BUILD_DIR)/.libsgx_mm/*.o + @$(RM) -rf $(BUILD_DIR)/.libsgx_mm + +$(LIBSGX_MM): + $(MAKE) -C $(LIBSGX_MM_PATH) # ------------------------------------------------------------ $(TRTS1_OBJS): CPPFLAGS += -I$(COMMON_DIR)/inc/tlibc \ @@ -112,6 +126,9 @@ $(TRTS1_OBJS): CPPFLAGS += -I$(COMMON_DIR)/inc/tlibc \ $(TRTS2_OBJS): %.o:%.cpp $(CXX) -c $(filter-out -fstack-protector-strong, $(CXXFLAGS)) -I$(SIM_DIR)/tinst/ $(CPPFLAGS) $< -o $@ +$(TRTS3_OBJS): %.o:../%.c + $(CC) -c $(TCFLAGS) $(CFLAGS) -I$(COMMON_DIR)/inc -I$(COMMON_DIR)/inc/internal -I$(COMMON_DIR)/inc/internal/linux -I$(COMMON_DIR)/inc/tlibc -I$(SIM_DIR)/tinst/ -fPIC $< -o $@ + # Explicitly disable optimization for tRTS simulation library, # since the '_SE3' function has assumptions on stack layout.