diff options
| author |   Jarkko Sakkinen <jarkko@kernel.org> | 2021-11-15 10:35:16 -0800 |
|---|---|---|
| committer |   Dave Hansen <dave.hansen@linux.intel.com> | 2021-11-15 11:34:01 -0800 |
| commit | 5f0ce664d8c6c160ce4333e809545a8a57fe2baf (patch) | |
| tree | 37bc1877185833d5c02a39d5509317c8818004f3 /tools/testing/selftests/sgx/load.c | |
| parent | selftests/sgx: Assign source for each segment (diff) | |
| download | wireguard-linux-5f0ce664d8c6c160ce4333e809545a8a57fe2baf.tar.xz wireguard-linux-5f0ce664d8c6c160ce4333e809545a8a57fe2baf.zip | |
selftests/sgx: Make data measurement for an enclave segment optional
For a heap makes sense to leave its contents "unmeasured" in the SGX
enclave build process, meaning that they won't contribute to the
cryptographic signature (a RSA-3072 signed SHA56 hash) of the enclave.
Enclaves are signed blobs where the signature is calculated both from
page data and also from "structural properties" of the pages. For
instance a page offset of *every* page added to the enclave is hashed.
For data, this is optional, not least because hashing a page has a
significant contribution to the enclave load time. Thus, where there is
no reason to hash, do not. The SGX ioctl interface supports this with
SGX_PAGE_MEASURE flag. Only when the flag is *set*, data is measured.
Add seg->measure boolean flag to struct encl_segment. Only when the
flag is set, include the segment data to the signature (represented
by SIGSTRUCT architectural structure).
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lkml.kernel.org/r/625b6fe28fed76275e9238ec4e15ec3c0d87de81.1636997631.git.reinette.chatre@intel.com
Diffstat (limited to 'tools/testing/selftests/sgx/load.c')
| -rw-r--r-- | tools/testing/selftests/sgx/load.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c index 5605474aab73..f1be78984c50 100644 --- a/tools/testing/selftests/sgx/load.c +++ b/tools/testing/selftests/sgx/load.c @@ -111,7 +111,10 @@ static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) ioc.offset = seg->offset; ioc.length = seg->size; ioc.secinfo = (unsigned long)&secinfo; - ioc.flags = SGX_PAGE_MEASURE; + if (seg->measure) + ioc.flags = SGX_PAGE_MEASURE; + else + ioc.flags = 0; rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); if (rc < 0) { @@ -230,6 +233,7 @@ bool encl_load(const char *path, struct encl *encl) seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; seg->src = encl->src + seg->offset; + seg->measure = true; j++; } |