Simulated enclave code does not check if rdrand is supported before calling it

[pdxjohnny]

I compiled the LocalAttestation sample with make SGX_MODE=SIM DEBUG=1 and am getting an illegal instruction.

The following logs are from set logging on in gdb and stepping through until it hits the illegal instruction.

I have checkedout and build version 2.4 of the SDK.

Breakpoint 1, main (argc=21845, argv=0x5555555580c0 <__libc_csu_init>) at App/App.cpp:109
Continuing.

Breakpoint 2, main (argc=1, argv=0x7fffffffdb98) at App/App.cpp:129
Enclave1_test_create_session (eid=122324963557378, retval=0x7fffffffdaa0, src_enclave_id=122324963557378, dest_enclave_id=122324963557379) at Enclave1/Enclave1_u.c:137
sgx_ecall (enclave_id=122324963557378, proc=0, ocall_table=0x55555575ac60 <ocall_table_Enclave1>, ms=0x7fffffffda60) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/routine.cpp:68
_sgx_ecall (enclave_id=122324963557378, proc=0, ocall_table=0x55555575ac60 <ocall_table_Enclave1>, ms=0x7fffffffda60, is_switchless=false) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/routine.cpp:42
CEnclave::ecall (this=0x555555773d20, proc=0, ocall_table=0x55555575ac60 <ocall_table_Enclave1>, ms=0x7fffffffda60, is_switchless=false) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/enclave.cpp:255
Ambiguous command "a": actions, add-auto-load-safe-path, add-auto-load-scripts-directory, add-inferior...
CEnclave::get_tcs (this=0x555555773d20, ecall_cmd=0) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/enclave.cpp:405
CEnclave::ecall (this=0x555555773d20, proc=0, ocall_table=0x55555575ac60 <ocall_table_Enclave1>, ms=0x7fffffffda60, is_switchless=false) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/enclave.cpp:287
do_ecall (fn=0, ocall_table=0x55555575ac60 <ocall_table_Enclave1>, ms=0x7fffffffda60, trust_thread=0x55555576ea10) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/sig_handler.cpp:228
CTrustThread::get_enclave (this=0x55555576ea10) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/tcs.h:57
do_ecall (fn=0, ocall_table=0x55555575ac60 <ocall_table_Enclave1>, ms=0x7fffffffda60, trust_thread=0x55555576ea10) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/sig_handler.cpp:233
CTrustThread::get_tcs (this=0x55555576ea10) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/tcs.h:56
do_ecall (fn=0, ocall_table=0x55555575ac60 <ocall_table_Enclave1>, ms=0x7fffffffda60, trust_thread=0x55555576ea10) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/sig_handler.cpp:240
__morestack () at enter_enclave.S:59
save_xregs () at /home/pdxjohnny/Documents/c/linux-sgx/psw/../common/src/linux/xsave_gnu.S:110
save_xregs () at /home/pdxjohnny/Documents/c/linux-sgx/psw/../common/src/linux/xsave_gnu.S:123
__morestack () at enter_enclave.S:60
_SE3 (xax=2, xbx=140737320304640, xcx=140737349626889, xdx=93824994356320, xsi=140737488345696, xdi=0) at u_instructions.cpp:216
CEnclaveMngr::get_instance () at enclave_mngr.cpp:176
_SE3 (xax=2, xbx=140737320304640, xcx=140737349626889, xdx=93824994356320, xsi=140737488345696, xdi=0) at u_instructions.cpp:239
CEnclaveMngr::get_enclave (this=0x7ffff7dd33a0 <CEnclaveMngr::get_instance()::mngr>, base_addr=0x7ffff5fbc000) at enclave_mngr.cpp:228
_SE3 (xax=2, xbx=140737320304640, xcx=140737349626889, xdx=93824994356320, xsi=140737488345696, xdi=0) at u_instructions.cpp:243
CEnclaveSim::is_tcs_page (this=0x55555576ec00, addr=0x7ffff5fbc000) at enclave_mngr.cpp:143
_SE3 (xax=2, xbx=140737320304640, xcx=140737349626889, xdx=93824994356320, xsi=140737488345696, xdi=0) at u_instructions.cpp:247
CEnclaveSim::get_secs (this=0x55555576ec00) at enclave_mngr.cpp:81
_SE3 (xax=2, xbx=140737320304640, xcx=140737349626889, xdx=93824994356320, xsi=140737488345696, xdi=0) at u_instructions.cpp:252
get_bp () at lowlib.S:40
get_bp () at lowlib.S:41
_SE3 (xax=2, xbx=140737320304640, xcx=140737349626889, xdx=93824994356320, xsi=140737488345696, xdi=0) at u_instructions.cpp:261
td_mngr_set_td (enclave_base=0x7ffff5bbc000, tcs=0x7ffff5fbc000) at set_tls.c:46
_SE3 (xax=2, xbx=140737320304640, xcx=140737349626790, xdx=93824994356320, xsi=140737488345696, xdi=0) at u_instructions.cpp:273
load_regs () at lowlib.S:54
load_regs () at lowlib.S:62
load_regs () at lowlib.S:63
load_regs () at lowlib.S:64

Program received signal SIGILL, Illegal instruction.
0x00007ffff5bc2f86 in ?? ()
quit

output of cpuid

CPU 0:
   vendor_id = "GenuineIntel"
   version information (1/eax):
      processor type  = primary processor (0)
      family          = Intel Pentium Pro/II/III/Celeron/Core/Core 2/Atom, AMD Athlon/Duron, Cyrix M2, VIA C3 (6)
      model           = 0xa (10)
      stepping id     = 0x7 (7)
      extended family = 0x0 (0)
      extended model  = 0x2 (2)
      (simple synth)  = Intel Core i3-2000 / Core i5-2000 / Core i7-2000 / Mobile Core i7-2000 (Sandy Bridge D2/J1/Q0) / Pentium G500/G600/G800 / Pentium B915C (Sandy Bridge Q0) / Celeron G400/G500/700/800/B800 (Sandy Bridge J1/Q0) / Xeon E1-1100 / E3-1200 (Sandy Bridge D2/J1/Q0), 32nm
   miscellaneous (1/ebx):
      process local APIC physical ID = 0x0 (0)
      cpu count                      = 0x10 (16)
      CLFLUSH line size              = 0x8 (8)
      brand index                    = 0x0 (0)
   brand id = 0x00 (0): unknown
   feature information (1/edx):
      x87 FPU on chip                        = true
      virtual-8086 mode enhancement          = true
      debugging extensions                   = true
      page size extensions                   = true
      time stamp counter                     = true
      RDMSR and WRMSR support                = true
      physical address extensions            = true
      machine check exception                = true
      CMPXCHG8B inst.                        = true
      APIC on chip                           = true
      SYSENTER and SYSEXIT                   = true
      memory type range registers            = true
      PTE global bit                         = true
      machine check architecture             = true
      conditional move/compare instruction   = true
      page attribute table                   = true
      page size extension                    = true
      processor serial number                = false
      CLFLUSH instruction                    = true
      debug store                            = true
      thermal monitor and clock ctrl         = true
      MMX Technology                         = true
      FXSAVE/FXRSTOR                         = true
      SSE extensions                         = true
      SSE2 extensions                        = true
      self snoop                             = true
      hyper-threading / multi-core supported = true
      therm. monitor                         = true
      IA64                                   = false
      pending break event                    = true
   feature information (1/ecx):
      PNI/SSE3: Prescott New Instructions     = true
      PCLMULDQ instruction                    = true
      64-bit debug store                      = true
      MONITOR/MWAIT                           = true
      CPL-qualified debug store               = true
      VMX: virtual machine extensions         = true
      SMX: safer mode extensions              = false
      Enhanced Intel SpeedStep Technology     = true
      thermal monitor 2                       = true
      SSSE3 extensions                        = true
      context ID: adaptive or shared L1 data  = false
      FMA instruction                         = false
      CMPXCHG16B instruction                  = true
      xTPR disable                            = true
      perfmon and debug                       = true
      process context identifiers             = true
      direct cache access                     = false
      SSE4.1 extensions                       = true
      SSE4.2 extensions                       = true
      extended xAPIC support                  = false
      MOVBE instruction                       = false
      POPCNT instruction                      = true
      time stamp counter deadline             = true
      AES instruction                         = true
      XSAVE/XSTOR states                      = true
      OS-enabled XSAVE/XSTOR                  = true
      AVX: advanced vector extensions         = true
      F16C half-precision convert instruction = false
      RDRAND instruction                      = false
      hypervisor guest status                 = false
   cache and TLB information (2):
      0x5a: data TLB: 2M/4M pages, 4-way, 32 entries
      0x03: data TLB: 4K pages, 4-way, 64 entries
      0x76: instruction TLB: 2M/4M pages, fully, 8 entries
      0xff: cache data is in CPUID 4
      0xb2: instruction TLB: 4K, 4-way, 64 entries
      0xf0: 64 byte prefetching
      0xca: L2 TLB: 4K pages, 4-way, 512 entries
   processor serial number: 0002-06A7-0000-0000-0000-0000
   deterministic cache parameters (4):
      --- cache 0 ---
      cache type                           = data cache (1)
      cache level                          = 0x1 (1)
      self-initializing cache level        = true
      fully associative cache              = false
      extra threads sharing this cache     = 0x1 (1)
      extra processor cores on this die    = 0x7 (7)
      system coherency line size           = 0x3f (63)
      physical line partitions             = 0x0 (0)
      ways of associativity                = 0x7 (7)
      ways of associativity                = 0x0 (0)
      WBINVD/INVD behavior on lower caches = false
      inclusive to lower caches            = false
      complex cache indexing               = false
      number of sets - 1 (s)               = 63
      --- cache 1 ---
      cache type                           = instruction cache (2)
      cache level                          = 0x1 (1)
      self-initializing cache level        = true
      fully associative cache              = false
      extra threads sharing this cache     = 0x1 (1)
      extra processor cores on this die    = 0x7 (7)
      system coherency line size           = 0x3f (63)
      physical line partitions             = 0x0 (0)
      ways of associativity                = 0x7 (7)
      ways of associativity                = 0x0 (0)
      WBINVD/INVD behavior on lower caches = false
      inclusive to lower caches            = false
      complex cache indexing               = false
      number of sets - 1 (s)               = 63
      --- cache 2 ---
      cache type                           = unified cache (3)
      cache level                          = 0x2 (2)
      self-initializing cache level        = true
      fully associative cache              = false
      extra threads sharing this cache     = 0x1 (1)
      extra processor cores on this die    = 0x7 (7)
      system coherency line size           = 0x3f (63)
      physical line partitions             = 0x0 (0)
      ways of associativity                = 0x7 (7)
      ways of associativity                = 0x0 (0)
      WBINVD/INVD behavior on lower caches = false
      inclusive to lower caches            = false
      complex cache indexing               = false
      number of sets - 1 (s)               = 511
      --- cache 3 ---
      cache type                           = unified cache (3)
      cache level                          = 0x3 (3)
      self-initializing cache level        = true
      fully associative cache              = false
      extra threads sharing this cache     = 0xf (15)
      extra processor cores on this die    = 0x7 (7)
      system coherency line size           = 0x3f (63)
      physical line partitions             = 0x0 (0)
      ways of associativity                = 0xf (15)
      ways of associativity                = 0x6 (6)
      WBINVD/INVD behavior on lower caches = false
      inclusive to lower caches            = true
      complex cache indexing               = true
      number of sets - 1 (s)               = 8191
   MONITOR/MWAIT (5):
      smallest monitor-line size (bytes)       = 0x40 (64)
      largest monitor-line size (bytes)        = 0x40 (64)
      enum of Monitor-MWAIT exts supported     = true
      supports intrs as break-event for MWAIT  = true
      number of C0 sub C-states using MWAIT    = 0x0 (0)
      number of C1 sub C-states using MWAIT    = 0x2 (2)
      number of C2 sub C-states using MWAIT    = 0x1 (1)
      number of C3 sub C-states using MWAIT    = 0x1 (1)
      number of C4 sub C-states using MWAIT    = 0x0 (0)
      number of C5 sub C-states using MWAIT    = 0x0 (0)
      number of C6 sub C-states using MWAIT    = 0x0 (0)
      number of C7 sub C-states using MWAIT    = 0x0 (0)
   Thermal and Power Management Features (6):
      digital thermometer                     = true
      Intel Turbo Boost Technology            = true
      ARAT always running APIC timer          = true
      PLN power limit notification            = true
      ECMD extended clock modulation duty     = true
      PTM package thermal management          = true
      HWP base registers                      = false
      HWP notification                        = false
      HWP activity window                     = false
      HWP energy performance preference       = false
      HWP package level request               = false
      HDC base registers                      = false
      digital thermometer thresholds          = 0x2 (2)
      ACNT/MCNT supported performance measure = true
      ACNT2 available                         = false
      performance-energy bias capability      = true
   extended feature flags (7):
      FSGSBASE instructions                    = false
      IA32_TSC_ADJUST MSR supported            = false
      SGX: Software Guard Extensions supported = false
      BMI instruction                          = false
      HLE hardware lock elision                = false
      AVX2: advanced vector extensions 2       = false
      FDP_EXCPTN_ONLY                          = false
      SMEP supervisor mode exec protection     = false
      BMI2 instructions                        = false
      enhanced REP MOVSB/STOSB                 = false
      INVPCID instruction                      = false
      RTM: restricted transactional memory     = false
      QM: quality of service monitoring        = false
      deprecated FPU CS/DS                     = false
      intel memory protection extensions       = false
      PQE: platform quality of service enforce = false
      AVX512F: AVX-512 foundation instructions = false
      AVX512DQ: double & quadword instructions = false
      RDSEED instruction                       = false
      ADX instructions                         = false
      SMAP: supervisor mode access prevention  = false
      AVX512IFMA: fused multiply add           = false
      CLFLUSHOPT instruction                   = false
      CLWB instruction                         = false
      Intel processor trace                    = false
      AVX512PF: prefetch instructions          = false
      AVX512ER: exponent & reciprocal instrs   = false
      AVX512CD: conflict detection instrs      = false
      SHA instructions                         = false
      AVX512BW: byte & word instructions       = false
      AVX512VL: vector length                  = false
      PREFETCHWT1                              = false
      AVX512VBMI: vector byte manipulation     = false
      UMIP: user-mode instruction prevention   = false
      PKU protection keys for user-mode        = false
      OSPKE CR4.PKE and RDPKRU/WRPKRU          = false
      BNDLDX/BNDSTX MAWAU value in 64-bit mode = 0x0 (0)
      RDPID: read processor D supported        = false
      SGX_LC: SGX launch config supported      = false
      AVX512_4VNNIW: neural network instrs     = false
      AVX512_4FMAPS: multiply acc single prec  = false
   Direct Cache Access Parameters (9):
      PLATFORM_DCA_CAP MSR bits = 0
   Architecture Performance Monitoring Features (0xa/eax):
      version ID                               = 0x3 (3)
      number of counters per logical processor = 0x4 (4)
      bit width of counter                     = 0x30 (48)
      length of EBX bit vector                 = 0x7 (7)
   Architecture Performance Monitoring Features (0xa/ebx):
      core cycle event not available           = false
      instruction retired event not available  = false
      reference cycles event not available     = false
      last-level cache ref event not available = false
      last-level cache miss event not avail    = false
      branch inst retired event not available  = false
      branch mispred retired event not avail   = false
   Architecture Performance Monitoring Features (0xa/edx):
      number of fixed counters    = 0x3 (3)
      bit width of fixed counters = 0x30 (48)
   x2APIC features / processor topology (0xb):
      --- level 0 (thread) ---
      bits to shift APIC ID to get next = 0x1 (1)
      logical processors at this level  = 0x2 (2)
      level number                      = 0x0 (0)
      level type                        = thread (1)
      extended APIC ID                  = 0
      --- level 1 (core) ---
      bits to shift APIC ID to get next = 0x4 (4)
      logical processors at this level  = 0x8 (8)
      level number                      = 0x1 (1)
      level type                        = core (2)
      extended APIC ID                  = 0
   XSAVE features (0xd/0):
      XCR0 lower 32 bits valid bit field mask = 0x00000007
      XCR0 upper 32 bits valid bit field mask = 0x00000000
         XCR0 supported: x87 state            = true
         XCR0 supported: SSE state            = true
         XCR0 supported: AVX state            = true
         XCR0 supported: MPX BNDREGS          = false
         XCR0 supported: MPX BNDCSR           = false
         XCR0 supported: AVX-512 opmask       = false
         XCR0 supported: AVX-512 ZMM_Hi256    = false
         XCR0 supported: AVX-512 Hi16_ZMM     = false
         IA32_XSS supported: PT state         = false
         XCR0 supported: PKRU state           = false
      bytes required by fields in XCR0        = 0x00000340 (832)
      bytes required by XSAVE/XRSTOR area     = 0x00000340 (832)
   XSAVE features (0xd/1):
      XSAVEOPT instruction                        = true
      XSAVEC instruction                          = false
      XGETBV instruction                          = false
      XSAVES/XRSTORS instructions                 = false
      SAVE area size in bytes                     = 0x00000000 (0)
      IA32_XSS lower 32 bits valid bit field mask = 0x00000000
      IA32_XSS upper 32 bits valid bit field mask = 0x00000000
   AVX/YMM features (0xd/2):
      AVX/YMM save state byte size             = 0x00000100 (256)
      AVX/YMM save state byte offset           = 0x00000240 (576)
      supported in IA32_XSS or XCR0            = XCR0 (user state)
      64-byte alignment in compacted XSAVE     = false
   extended feature flags (0x80000001/edx):
      SYSCALL and SYSRET instructions        = true
      execution disable                      = true
      1-GB large page support                = false
      RDTSCP                                 = true
      64-bit extensions technology available = true
   Intel feature flags (0x80000001/ecx):
      LAHF/SAHF supported in 64-bit mode     = true
      LZCNT advanced bit manipulation        = false
      3DNow! PREFETCH/PREFETCHW instructions = false
   brand = "       Intel(R) Core(TM) i7-2700K CPU @ 3.50GHz"
   L1 TLB/cache information: 2M/4M pages & L1 TLB (0x80000005/eax):
      instruction # entries     = 0x0 (0)
      instruction associativity = 0x0 (0)
      data # entries            = 0x0 (0)
      data associativity        = 0x0 (0)
   L1 TLB/cache information: 4K pages & L1 TLB (0x80000005/ebx):
      instruction # entries     = 0x0 (0)
      instruction associativity = 0x0 (0)
      data # entries            = 0x0 (0)
      data associativity        = 0x0 (0)
   L1 data cache information (0x80000005/ecx):
      line size (bytes) = 0x0 (0)
      lines per tag     = 0x0 (0)
      associativity     = 0x0 (0)
      size (KB)         = 0x0 (0)
   L1 instruction cache information (0x80000005/edx):
      line size (bytes) = 0x0 (0)
      lines per tag     = 0x0 (0)
      associativity     = 0x0 (0)
      size (KB)         = 0x0 (0)
   L2 TLB/cache information: 2M/4M pages & L2 TLB (0x80000006/eax):
      instruction # entries     = 0x0 (0)
      instruction associativity = L2 off (0)
      data # entries            = 0x0 (0)
      data associativity        = L2 off (0)
   L2 TLB/cache information: 4K pages & L2 TLB (0x80000006/ebx):
      instruction # entries     = 0x0 (0)
      instruction associativity = L2 off (0)
      data # entries            = 0x0 (0)
      data associativity        = L2 off (0)
   L2 unified cache information (0x80000006/ecx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x0 (0)
      associativity     = 8-way (6)
      size (KB)         = 0x100 (256)
   L3 cache information (0x80000006/edx):
      line size (bytes)     = 0x0 (0)
      lines per tag         = 0x0 (0)
      associativity         = L2 off (0)
      size (in 512KB units) = 0x0 (0)
   Advanced Power Management Features (0x80000007/edx):
      temperature sensing diode      = false
      frequency ID (FID) control     = false
      voltage ID (VID) control       = false
      thermal trip (TTP)             = false
      thermal monitor (TM)           = false
      software thermal control (STC) = false
      100 MHz multiplier control     = false
      hardware P-State control       = false
      TscInvariant                   = true
   Physical Address and Linear Address Size (0x80000008/eax):
      maximum physical address bits         = 0x24 (36)
      maximum linear (virtual) address bits = 0x30 (48)
      maximum guest physical address bits   = 0x0 (0)
   Logical CPU cores (0x80000008/ecx):
      number of CPU cores - 1 = 0x0 (0)
      ApicIdCoreIdSize        = 0x0 (0)
   (multi-processing synth): multi-core (c=4), hyper-threaded (t=2)
   (multi-processing method): Intel leaf 0xb
   (APIC widths synth): CORE_width=4 SMT_width=1
   (APIC synth): PKG_ID=0 CORE_ID=0 SMT_ID=0
   (synth) = Intel Core i3-2000 / Core i5-2000 / Core i7-2000 (Sandy Bridge D2/J1/Q0), 32nm
CPU 1:
.... same stuff

Possibly related: #240

[pdxjohnny]

It works fine on a machine with SGX, but that leads me to think its just not simulating on that machine.

[yuyuany]

The log only contains the untrusted part. Could you use sgx-gdb to step into the enclave?

[andyzyb]

@pdxjohnny, can you try other sample code in simulation mode and see if they fail too? That may help us narrow down the issue.

[pdxjohnny]

Yes the others fail too. I'll try with sgx gdb

[pdxjohnny]

Here's for SampleEnclave

Breakpoint 1 at 0x236e: file App/App.cpp, line 182.
Starting program: /home/pdxjohnny/Documents/c/linux-sgx/SampleCode/SampleEnclave/app 
detect urts is loaded, initializing
Function "random_stack_notify_gdb" not defined.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, main (argc=0, argv=0x7fffffffdb50) at App/App.cpp:182
initialize_enclave () at App/App.cpp:157
sgx_create_enclave (file_name=0x555555558047 "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x55555575a198 <global_eid>, misc_attr=0x0)
    at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/urts.cpp:120
__sgx_create_enclave_ex (file_name=0x555555558047 "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x55555575a198 <global_eid>, misc_attr=0x0, ex_features=0, ex_features_p=0x0)
    at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/urts.cpp:76
_check_ex_params_ (ex_features=0, ex_features_p=0x0) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/urts.cpp:50
__sgx_create_enclave_ex (file_name=0x555555558047 "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x55555575a198 <global_eid>, misc_attr=0x0, ex_features=0, ex_features_p=0x0)
    at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/urts.cpp:88
add-symbol-file '/home/pdxjohnny/Documents/c/linux-sgx/SampleCode/SampleEnclave/enclave.signed.so' 0x7ffff53bd340 -readnow -s .interp 0x7ffff53bc238  -s .note.gnu.build-id 0x7ffff53bc254  -s .gnu.hash 0x7ffff53bc278  -s .dynsym 0x7ffff53bc2b0  -s .dynstr 0x7ffff53bc358  -s .gnu.version 0x7ffff53bc3b4  -s .gnu.version_d 0x7ffff53bc3c8  -s .rela.dyn 0x7ffff53bc400  -s .plt 0x7ffff53bd320  -s .plt.got 0x7ffff53bd330  -s .nipx 0x7ffff53fd312  -s .rodata 0x7ffff53fdf80  -s .eh_frame_hdr 0x7ffff5400f00  -s .eh_frame 0x7ffff54022f0  -s .gcc_except_table 0x7ffff54080f8  -s .fini_array 0x7ffff5608948  -s .data.rel.ro 0x7ffff5608980  -s .dynamic 0x7ffff5608e48  -s .got 0x7ffff5608fc8  -s .data 0x7ffff5609000  -s .niprod 0x7ffff5609ec0  -s .nipd 0x7ffff560a700  -s .bss 0x7ffff560a720 
sgx_create_enclave (file_name=0x555555558047 "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x55555575a198 <global_eid>, misc_attr=0x0)
    at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/urts.cpp:121
initialize_enclave () at App/App.cpp:162
main (argc=1, argv=0x7fffffffdb58) at App/App.cpp:195

Program received signal SIGILL, Illegal instruction.
rdrand<unsigned int> () at /home/pdxjohnny/Documents/c/linux-sgx/common/inc/sgx_random_buffers.h:55

Program terminated with signal SIGILL, Illegal instruction.
The program no longer exists.
quit

[ScottR-Intel]

It is failing on the rdrand instruction. Per your CPUID, you're running on a 2nd gen (2000 series) Intel processor. The rdrand instruction wasn't introduced until the 3rd gen (3000 series) processors. So, it makes sense that it is failing with Illegal instruction.

Scott

[pdxjohnny]

Sweet!! Thanks! Will you take a PR for compatibility with older systems? Or are there other places where its going to fail anyway (and I should not go through the effort)

Edit

It looks like there is already support

https://github.com/intel/linux-sgx/blob/ba7f4defb679eab809fdb1f96062fcb2189619be/common/src/sgx_read_rand.cpp#L86-L99

Program received signal SIGILL, Illegal instruction.
rdrand<unsigned int> () at /home/pdxjohnny/Documents/c/linux-sgx/common/inc/sgx_random_buffers.h:55
55          __asm__ volatile ("rdrand %0" : "=r"(r));
(gdb) bt
#0  rdrand<unsigned int> () at /home/pdxjohnny/Documents/c/linux-sgx/common/inc/sgx_random_buffers.h:55
#1  0x00007ffff53c3d92 in random_stack_advance<2048u, _status_t, unsigned int, void*, int&, void*&> (f=0x7ffff53c374d <trts_ecall(uint32_t, void*)>, args#0=@0x7ffff5b82cac: 18,
    args#1=@0x7ffff5b82ca0: 0x7fffffffd9a0) at /home/pdxjohnny/Documents/c/linux-sgx/common/inc/sgx_random_buffers.h:84
#2  0x00007ffff53c3b6d in do_ecall (index=18, ms=0x7fffffffd9a0, tcs=0x7ffff5b93000) at /home/pdxjohnny/Documents/c/linux-sgx/sdk/trts/trts_ecall.cpp:375
#3  0x00007ffff53fd793 in enter_enclave (index=18, ms=0x7fffffffd9a0, tcs=0x7ffff5b93000, cssa=0) at /home/pdxjohnny/Documents/c/linux-sgx/sdk/trts/trts_nsp.cpp:96
#4  0x00007ffff53fdb55 in enclave_entry () at /home/pdxjohnny/Documents/c/linux-sgx/sdk/trts/linux/trts_pic.S:164
#5  0x00007ffff7bb2ba6 in __morestack () at enter_enclave.S:80
#6  0x00007ffff7ba6e27 in do_ecall (fn=18, ocall_table=0x555555759c00 <ocall_table_Enclave>, ms=0x7fffffffd9a0, trust_thread=0x555555777a00)
    at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/linux/sig_handler.cpp:240
#7  0x00007ffff7b971c4 in CEnclave::ecall (this=0x555555777340, proc=18, ocall_table=0x555555759c00 <ocall_table_Enclave>, ms=0x7fffffffd9a0, is_switchless=false)
    at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/enclave.cpp:328
#8  0x00007ffff7ba2b2a in _sgx_ecall (enclave_id=69814693396482, proc=18, ocall_table=0x555555759c00 <ocall_table_Enclave>, ms=0x7fffffffd9a0, is_switchless=false)
    at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/routine.cpp:55
#9  0x00007ffff7ba2b7d in sgx_ecall (enclave_id=69814693396482, proc=18, ocall_table=0x555555759c00 <ocall_table_Enclave>, ms=0x7fffffffd9a0) at /home/pdxjohnny/Documents/c/linux-sgx/psw/urts/routine.cpp:68
#10 0x0000555555555dc4 in ecall_array_user_check (eid=69814693396482, arr=0x7fffffffd9e0) at App/Enclave_u.c:440
#11 0x0000555555556c96 in edger8r_array_attributes () at App/Edger8rSyntax/Arrays.cpp:45
#12 0x00005555555563a6 in main (argc=1, argv=0x7fffffffdb58) at App/App.cpp:195

It's just not being used here. So then this is in fact a bug, right?

[pdxjohnny]

Here is a hack of a patch for others with the same issue. Someone else probably knows better than me how to use cpuid and rand

https://github.com/intel/linux-sgx/compare/master...pdxjohnny:rdrand_compat

0001-sgx_random_buffers-rdrand-compatability.patch.txt

[yuyuany]

It will be fixed in the next release. Thank you for your contribution.

[pdxjohnny]

Sweet thanks!

[lamouriner]

What is the status of this fix? This ticket is still open and it seems like the issue still exists as of 2.9.1