解決済み: Re:Dynamic Memory Allocation

morbitzer · ‎05-31-2023

Hey,

I'm trying to create an SGX enclave that makes use of the EMM feature. Unfortunately, I haven't been able to find an example, so I am already struggling with creating the correct configuration file.

To my understand, I need to define a UserRegionSize to be able to allocate memory. According to the developer reference, I therefore added this to my config:

<UserRegionSize>0x900000</UserRegionSize>

Furthermore, the developer reference states that when a UserRegionSize is set, "MiscSelect[0] and MiscMask[0] must be set to 1 and the enclave needs to be loaded on SGX 2.0 platform."

Setting MiscMask[0] should be the standard, as the default value for MiscMask is 0xFFFFFFFF.

However, the default value for MiscSelect is 0, so I need a different value there. I tried 0xFFFFFFFF and 1, but for both, sgx_create_enclave returns SGX_ERROR_INVALID_METADATA. So my random guesses didn't get me much further. The reference says that MiscSelect defines "The desired Extended SSA frame feature.", but I was not able to find any further information on what that is and which values I could use there.

Could you please point me to a working config file or maybe even an example enclave that uses EMM features?

I'm running my tests on a NUC with support for SGX2:

cpuid | grep -i sgx
      SGX: Software Guard Extensions supported = true                                                                                  
      SGX_LC: SGX launch config supported      = true                                                                                  
   Software Guard Extensions (SGX) capability (0x12/0):                                                                                
      SGX1 supported                           = true                                                                                  
      SGX2 supported                           = true  
      SGX ENCLV E*VIRTCHILD, ESETCONTEXT       = false
      SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false                                                                                 
   SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1):   
   SGX Enclave Page Cache (EPC) enumeration (0x12/0x2):
   SGX Enclave Page Cache (EPC) enumeration (0x12/0x3):

My current config file is the one from the SGX SampleCode: https://github.com/intel/linux-sgx/blob/master/SampleCode/SampleEnclave/Enclave/config.05.xml

Thanks for your help!

Aznie_Intel · ‎06-12-2023

Hi Morbitzer,

Thank you again for your patience.

Update from our engineering team, SGX EDMM support was not added into the Linux Kernel until v6.0. I would advise you to upgrade to v6.0 kernel and try it again.

Here is the reference for EDMM, "SGX EDMM support (v6.0 or later)" at https://github.com/intel/sgx-emm.

For EDMM support, you need to Build and install kernel with EDMM support by following the instruction in GitKernelBuild.

Regards,

Aznie

元の投稿で解決策を見る

Aznie_Intel · ‎06-01-2023

Hi Morbitzer,

Thanks for reaching out.

We are checking this with our developer team and it may take some time. We will update you with the information once available.

Regards,

Aznie

Aznie_Intel · ‎06-06-2023

Hi Morbitzer,

Thanks for your patience.

The SGX_ERROR_INVALID_METADATA error is referring to the metadata embedded within the enclave image being corrupt or missing. We are unable to replicate the issue from our end. Could you share your config file for us to further investigate from our end? Which Linux SGX version you are using?

In case you are using the dynamic features on SGX2 platform, we would suggest to set MiscMask[0]=0 and MiscSelect[0]=1 in your use cases.

Regards,

Aznie

morbitzer · ‎06-07-2023

Hi Aznie,

I created a minimal example by taking the SampleEnclave and replacing the Enclave.config.xml with config.05.xml According to my understanding, config.05.xml should support EMM. I attached a .zip containing this project, but as said, it's just an example from Intel with a different config provided with the example.

The config sets MiscMask and MiscSelect as follows:

  <MiscSelect>1</MiscSelect>
  <MiscMask>0xFFFFFFFF</MiscMask>

Is there also a way to specifically set the 0-th bit of each parameter?

When I execute "make" and "./app" in this project, I receive the following output:

Error: Invalid enclave metadata.
Enter a character before exit ...

Does this work on your systems? If so, at least I would know that this is a problem with the system, not with the project.

On my system, I run ubuntu 22.04 with a 5.15.0-69-generic kernel, so using the in-kernel SGX driver. As SDK, I installed version 2.19.100.3

Regards,

Mathias

Aznie_Intel · ‎06-07-2023

Hi Mathias,

Thanks for sharing the file. We are checking on this and will get back to you soon.

Regards,

Aznie

Aznie_Intel · ‎06-12-2023

Hi Morbitzer,

Thank you again for your patience.

Update from our engineering team, SGX EDMM support was not added into the Linux Kernel until v6.0. I would advise you to upgrade to v6.0 kernel and try it again.

Here is the reference for EDMM, "SGX EDMM support (v6.0 or later)" at https://github.com/intel/sgx-emm.

For EDMM support, you need to Build and install kernel with EDMM support by following the instruction in GitKernelBuild.

Regards,

Aznie

morbitzer · ‎06-13-2023

Indeed, the newer kernel fixed the problem! Using kernel v6.3, I'm now able to dynamically allocate memory in the enclave.

Thanks!

Aznie_Intel · ‎06-13-2023

Hi Morbitzer,

This thread will no longer be monitored since this issue has been resolved. If you need any additional information from Intel, please submit a new question.

Regards,

Aznie