jovanbulck
commented
2 years ago Some notes for future reference:
The driver /dev/sgx-step currently only relies on the /dev/isgx legacy driver in the following ways:
- [ ] discover enclave base address by retrieving the
sgx_enclobject from thevma->vm_private_datafield -- while this appears to still be the same in the upstream/dev/sgx_enclavedriver, we can probably do this cleaner from user space by simply querying the base address of the shared library enclave ELF file(?) - [ ] support EDBGRD/WR by calling
vma->vm_ops->access-- while we can always call the ENCLS leaves ourselves, doing it via the vma operations fields may still be preferable to not have to worry about page faults etc; the upstream driver's sgx_vma_access appears to do this the same way, so this "should" work out of the box hopefully w the new driver as well
edit for future reference: both requirements can probably be fulfilled without relying on driver specifics using standard Linux interfaces under /proc/self/maps and /proc/self/mem
SGX driver has finally been upstreamed into recent Linux kernels, meaning the dependence on linux-sgx-driver (
/dev/isgx) could eventually go, see:https://lwn.net/Articles/840129/ https://www.kernel.org/doc/html/latest/x86/sgx.html
Should check how
dev/sgx-steprelies on the legacy/dev/isgxdriver and ensure compatibility with the new upstreamed/dev/sgx_enclavedriver (probably want to support both drivers for now).