This is the implementation of the Enclave Memory Manager proposed in this design doc.
The EMM public APIs defined in sgx_mm.h are intended to encapsulate low level details of managing the basic EDMM flows for dynamically allocating/deallocating EPC pages, changing EPC page permissions and page types. The typical target users of these APIs are intermediate level components in SGX runtimes: heap, stack managers with dynamic expansion capabilities, mmap/mprotect/pthread API implementations for enclaves, dynamic code loader and JIT compilers, etc.
This implementation aims to be reusable in any SGX runtime that provides a minimal C runtime and implements the abstraction layer APIs defined in sgx_mm_rt_abstraction.h. To port and integrate the EMM module into any SGX runtime, follow the porting guide in the design document.
The build instructions provided here are for developing and testing the EMM functionality with the Intel SDK and PSW build environment.
Note: The main-line kernel has builtin EDMM support since release v6.0. The original patches were reviewed on LKML in this thread.
On Ubuntu 18.04/20.04/22.04, follow the general instructions from here with these changes.
$ git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
$ cd linux
$ git checkout v6.0
Note: on Ubuntu 20.04, ensure that /dev does not have noexec set:
mount | grep "/dev .*noexec"
If so, remount it executable:
sudo mount -o remount,exec /dev
At the root of the kernel source repo,
$ cd tools/testing/selftests/sgx/ && make
#./test_sgx
Download 10-sgx.rules and activate it as follows.
$ sudo cp 10-sgx.rules /etc/udev/rules.d
$ sudo groupadd sgx_prv
$ sudo udevadm trigger
$ git clone https://github.com/intel/linux-sgx.git $repo_root
$ cd $repo_root
Following steps assume $repo_root is the top directory of the linux-sgx repo you cloned.
$ cd $repo_root
$ make preparation
$ make sdk_install_pkg_no_mitigation
$ cd linux/installer/bin
$ ./sgx_linux_x64_sdk_2.15.100.3.bin
# follow its prompt to set SDK installation destination directory, $SGX_SDK
$ source $SGX_SDK/environment
To test EMM functionalities without involving remote attestation, we only need libsgx_enclave_common and libsgx_urts built and point LD_LIBRARY_PATH to them.
$ cd $repo_root/psw/urts/linux
$ make
$ cd <repo_root>/build/linux
$ ln -s libsgx_enclave_common.so libsgx_enclave_common.so.1
$ export LD_LIBRARY_PATH=<repo_root>/build/linux/
$ cd $repo_root/external/sgx-emm/api_tests/
$ make
$ ./test_mm_api
# or run tests in loop in background
$ nohup bash ./test_loop.sh 1000 &
# check results in nohup log:
$ tail -f nohup.out
Note: On Ubuntu 22.04 or any distro with systemd v248 or later, /dev/sgx_enclave is only accessible by users in the group "sgx". The test or any enclave app should be run with a uid in the sgx group.
# check systemd version:
$ systemctl --version
# add sgx group to user if it's 248 or above:
$ sudo usermod -a -G sgx <user name>
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。