NOTE: The reference LE is only workable with linux-sgx-driver and is planned to be deprecated starting from Intel(R) SGX release 2.20.
A Launch Enclave (LE) is a special type of enclave, generates a Launch Token for other enclave to be initialized. The generated Launch Token is used by the Platform Software as part of the data passed to the driver on EINIT flow.
The Launch Enclave role is divided to two parts:
The default Launch Control in the Intel(R) SGX PSW is signed by Intel and generates tokens based on a control policy defined by Intel.
The Reference Launch Enclave (ref-LE) is a reference implementation of a Launch Enclave that can be used as a basis for enforcing different launch control policy by the platform developer or owner.
In the Intel(R) SGX architecture, LE must be signed by the Launch Control Policy Provider of the platform in order to be loaded as LE and in order to accept Launch Tokens generated by it.
To define a Launch Control Policy Provider, other than the default Intel, the SHA256 value of the enclave signer public key modulus must be written to the IA32_SGXPUBKEYHASH0..3 MSRs.
To write to these MSRs the platform must support the Flexible Launch Control (FLC) feature and the BIOS must enable it in one of the possible modes:
In order to use any LE other than the Intel signed one, the target platform must support the FLC feature and the hash value of the enclave signer must be configured into the IA32_SGXPUBKEYHASH0..3 MSRs.
The ref-LE launch policy is based on a white list of enclave signer (MR_SIGNER) and may also limit to a specific enclave hash (MR_ENCLAVE).
The white list record includes the following items:
The white key must be RSA 3072 signed by the signer of the ref-LE.
The ref-LE is part of the PSW source tree and located in the ref-le directory, including the following content:
|- ref_le [DIR] - Top level ref-LE directory
|- Makefile - A make file for the ref-LE enclave and white list generation
|- config_linux.xml - The enclave configuration XML, defines the LaunchKey property in order to be loaded as LE
|- ref_le.cpp - The ref-LE implementation (ref-le.h is located in psw/ae/inc/internal)
|- ref_le.edl - The ref-LE EDL file, defining the enclave interface
|- ref_wl_gen [DIR] - A reference tool for white list generation
|- ref_wl.cpp - The tool main function calling the generator class
|- ref_wl_gen.h/cpp - A white list generation class
|- ref_keys [DIR] - Contains a set of testing keys used by default in the build process
|- wl_cfg.csv - A sample CSV file to define the white list
|- le_private/public_test_key.pem - RSA 3072 key pair used for signing the ref-LE and white list
|- encalve_private/public_test_key.pem - RSA 3072 key pair included in the white list and enables signing of an arbitrary enclave
|- sgx_pubkey_hash_gen - A tool to generate SHA256 value of the enclave signer public key modulus
Note: the ref_keys directory is meant only for testing purposes and must not be used on a production build
The ref-LE build is part of the Intel(R) SGX PSW build and is conditioned by setting the build flag "BUILD_REF_LE=1" to the make line.
Refer to the README.md in the top of the repository for the Prerequisites of building and installing the Intel(R) SGX PSW.
$ make clean
$ make psw_install_pkg BUILD_REF_LE=1
$ cd ${top_dir}/linux/installer/bin
$ sudo ./sgx_linux_x64_psw_${version}.bin
$ sudo cp ${top_dir}/build/linux/libsgx_ref_le.signed.so /opt/intel/sgxpsw/aesm/
$ sudo cp ${top_dir}/build/linux/ref_white_list.bin /var/opt/aesmd/data
See the later topic, Generating a White List, for information on how to generate a white list file.
$ sudo service aesmd restart
Note: Building with ref-LE is replacing the standard LE in both the build process and also in the aesm_service, the aesm_service will load and configure only the ref-LE if the PSW is built with the flag BUILD_REF_LE=1. And the BUILD_REF_LE=1 is also building the LE shared object (ref_le.so), the ref-LE white list generation tool and a sample white list created with the tool and the test keys.
ref_wl_gen <Command> <Options>
Command:
gen-wl: Generate a white-list file based on the information provided in the config file.
Options:
-out <file-name>: The output file name for the white-list.
-cfg <file-name>: A CSV configuration file with the list of hash values or keys to sign.
-key <file-name>: The private key to sign the white-list with.
-ver <version>: An integer value of the white-list version.
-verbose: Print extended report while generating the white-list.
CSV file columns:
allow provision key, mr_enclave valid, mr_signer hash, mr_signer file, mr_enclave hash, mr_enclave file, comments (ignored)
Notes:
* Column 1 and 2 should be true or false.
* If mr_enclave valid is false the mr_enclave columns will be ignored.
* If mr_signer/mr_enclave hash is not empty the mr_signer/mr_enclave file will be ignored.
* mr_signer file should be key file (pem), mr_enclave file should be sigstruct (bin).
* Key hash representation should be in little endian, i.e. LSB byte first.
Example:
ref_wl_gen gen-wl -out wl.bin -cfg cfg.csv -key private.pem
The ref-LE exposes two functions for the platform software:
Generate SHA256 value of the enclave signer public key modulus of ref_LE to be written to the IA32_SGXPUBKEYHASH0..3 MSRs in order from hash0 to hash3.
sgx_pubkey_hash_gen [PUBLIC_KEY_FILE]
Example:
./sgx_pubkey_hash_gen ref_keys/le_public_test_key.pem
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。