Support Intel SGX SDK 2.17 and DCAP 1.14
diff --git a/.gitignore b/.gitignore
index 3233540..64b8cb6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,9 @@
#object file
*.o
+#app
+app
+
#library
*.a
@@ -33,6 +36,7 @@
#libunwind
sgx_unwind/libunwind/INSTALL
+sgx_unwind/libunwind/m4/*
sgx_unwind/libunwind/config/*
sgx_unwind/libunwind/include/config.h.*
sgx_unwind/libunwind/Makefile.in
@@ -40,4 +44,3 @@
sgx_unwind/libunwind/autom4te.cache/*
sgx_unwind/libunwind/configure
sgx_unwind/libunwind/src/Makefile.in
-sgx_unwind/libunwind/m4/*
diff --git a/buildenv.mk b/buildenv.mk
index c834988..146649c 100644
--- a/buildenv.mk
+++ b/buildenv.mk
@@ -72,6 +72,8 @@
COMMON_FLAGS += -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG
endif
+COMMON_FLAGS += -ffunction-sections -fdata-sections
+
# turn on compiler warnings as much as possible
COMMON_FLAGS += -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type \
-Waddress -Wsequence-point -Wformat-security \
diff --git a/common/inc/mbusafecrt.h b/common/inc/mbusafecrt.h
index 3bdfe7a..91d888b 100644
--- a/common/inc/mbusafecrt.h
+++ b/common/inc/mbusafecrt.h
@@ -74,7 +74,9 @@
extern int _vsnwprintf_s( WCHAR* string, size_t sizeInWords, size_t count, const WCHAR* format, va_list arglist );
extern errno_t memcpy_s( void * dst, size_t sizeInBytes, const void * src, size_t count );
+extern errno_t memcpy_verw_s( void * dst, size_t sizeInBytes, const void * src, size_t count );
extern errno_t memmove_s( void * dst, size_t sizeInBytes, const void * src, size_t count );
+extern errno_t memmove_verw_s( void * dst, size_t sizeInBytes, const void * src, size_t count );
#ifdef __cplusplus
}
diff --git a/common/inc/string.h b/common/inc/string.h
index 0cc7206..1140fcc 100644
--- a/common/inc/string.h
+++ b/common/inc/string.h
@@ -61,8 +61,11 @@
void * _TLIBC_CDECL_ memchr(const void *, int, size_t);
int _TLIBC_CDECL_ memcmp(const void *, const void *, size_t);
void * _TLIBC_CDECL_ memcpy(void *, const void *, size_t);
+void * _TLIBC_CDECL_ memcpy_verw(void *, const void *, size_t);
void * _TLIBC_CDECL_ memmove(void *, const void *, size_t);
+void * _TLIBC_CDECL_ memmove_verw(void *, const void *, size_t);
void * _TLIBC_CDECL_ memset(void *, int, size_t);
+void * _TLIBC_CDECL_ memset_verw(void *, int, size_t);
char * _TLIBC_CDECL_ strchr(const char *, int);
int _TLIBC_CDECL_ strcmp(const char *, const char *);
int _TLIBC_CDECL_ strcoll(const char *, const char *);
@@ -80,6 +83,7 @@
size_t _TLIBC_CDECL_ strxfrm(char *, const char *, size_t);
size_t _TLIBC_CDECL_ strlcpy(char *, const char *, size_t);
errno_t _TLIBC_CDECL_ memset_s(void *s, size_t smax, int c, size_t n);
+errno_t _TLIBC_CDECL_ memset_verw_s(void *s, size_t smax, int c, size_t n);
/*
* Deprecated C99.
diff --git a/dockerfile/02_binutils.sh b/dockerfile/02_binutils.sh
index eb4ed9c..bf52603 100644
--- a/dockerfile/02_binutils.sh
+++ b/dockerfile/02_binutils.sh
@@ -1,7 +1,7 @@
if [ $BINUTILS_DIST != "SELF_BUILT" ]
then
cd /root && \
- wget https://download.01.org/intel-sgx/sgx-linux/2.16/as.ld.objdump.r4.tar.gz && \
+ wget https://download.01.org/intel-sgx/sgx-linux/2.17/as.ld.objdump.r4.tar.gz && \
tar xzf as.ld.objdump.r4.tar.gz && \
cp -r external/toolset/$BINUTILS_DIST/* /usr/bin/ && \
rm -rf ./external ./as.ld.objdump.r4.tar.gz
diff --git a/dockerfile/03_sdk.sh b/dockerfile/03_sdk.sh
index bc4e5a2..f5ff31d 100644
--- a/dockerfile/03_sdk.sh
+++ b/dockerfile/03_sdk.sh
@@ -10,10 +10,10 @@
cd /root && \
git clone --recursive https://github.com/intel/linux-sgx && \
cd linux-sgx && \
- git checkout sgx_2.16 && \
+ git checkout sgx_2.17 && \
./download_prebuilt.sh && \
make -j "$(nproc)" sdk_install_pkg && \
- echo -e 'no\n/opt' | ./linux/installer/bin/sgx_linux_x64_sdk_2.16.100.4.bin && \
+ echo -e 'no\n/opt' | ./linux/installer/bin/sgx_linux_x64_sdk_2.17.100.3.bin && \
echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \
cd /root && \
rm -rf /root/linux-sgx
diff --git a/dockerfile/Dockerfile.1804.nightly b/dockerfile/Dockerfile.1804.nightly
index 7618c98..7b7d5f6 100644
--- a/dockerfile/Dockerfile.1804.nightly
+++ b/dockerfile/Dockerfile.1804.nightly
@@ -15,7 +15,7 @@
RUN bash /root/02_binutils.sh
ENV SDK_DIST="INTEL_BUILT"
-ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.16.100.4.bin"
+ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.17.100.3.bin"
#ENV SDK_DIST="SELF_BUILT"
ADD 03_sdk.sh /root
RUN bash /root/03_sdk.sh
@@ -23,8 +23,8 @@
# Sixth, PSW
ENV CODENAME bionic
-ENV VERSION 2.16.100.4-bionic1
-ENV DCAP_VERSION 1.13.100.4-bionic1
+ENV VERSION 2.17.100.3-bionic1
+ENV DCAP_VERSION 1.14.100.3-bionic1
ADD 04_psw.sh /root
RUN bash /root/04_psw.sh
diff --git a/dockerfile/Dockerfile.2004.nightly b/dockerfile/Dockerfile.2004.nightly
index 6203670..a0b37c7 100644
--- a/dockerfile/Dockerfile.2004.nightly
+++ b/dockerfile/Dockerfile.2004.nightly
@@ -19,15 +19,15 @@
#ENV SDK_DIST="SELF_BUILT"
ENV SDK_DIST="INTEL_BUILT"
-ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.16.100.4.bin"
+ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.17.100.3.bin"
ADD 03_sdk.sh /root
RUN bash /root/03_sdk.sh
# Sixth, PSW
ENV CODENAME focal
-ENV VERSION 2.16.100.4-focal1
-ENV DCAP_VERSION 1.13.100.4-focal1
+ENV VERSION 2.17.100.3-focal1
+ENV DCAP_VERSION 1.14.100.3-focal1
ADD 04_psw.sh /root
RUN bash /root/04_psw.sh
diff --git a/dockerfile/Dockerfile.centos8.nightly b/dockerfile/Dockerfile.centos8.nightly
index 939f948..8439ac7 100644
--- a/dockerfile/Dockerfile.centos8.nightly
+++ b/dockerfile/Dockerfile.centos8.nightly
@@ -13,12 +13,12 @@
RUN bash /root/02_binutils.sh
ENV SDK_DIST="INTEL_BUILT"
-ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/centos-stream/sgx_linux_x64_sdk_2.16.100.4.bin"
+ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/centos-stream/sgx_linux_x64_sdk_2.17.100.3.bin"
#ENV SDK_DIST="SELF_BUILT"
ADD 03_sdk.sh /root
RUN bash /root/03_sdk.sh
-ENV PSW_REPO="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/centos-stream/sgx_rpm_local_repo.tgz"
+ENV PSW_REPO="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/centos-stream/sgx_rpm_local_repo.tgz"
ADD 04_psw_rpm.sh /root
RUN bash /root/04_psw_rpm.sh
diff --git a/sgx_trts/src/enclave.rs b/sgx_trts/src/enclave.rs
index 76f510f..374fbb1 100644
--- a/sgx_trts/src/enclave.rs
+++ b/sgx_trts/src/enclave.rs
@@ -52,6 +52,7 @@
pub rsrv_executable: usize,
pub thread_policy: usize,
pub tcs_max_num: usize,
+ pub tcs_num: usize,
pub td_template: thread_data_t,
pub tcs_template: [u8; TCS_TEMPLATE_SIZE],
pub layout_entry_num: u32,
@@ -559,7 +560,13 @@
///
#[inline]
pub fn rsgx_get_tcs_max_num() -> u32 {
- unsafe { g_global_data.tcs_max_num as u32 }
+ unsafe {
+ if EDMM_supported != 0 {
+ g_global_data.tcs_max_num as u32
+ } else {
+ g_global_data.tcs_num as u32
+ }
+ }
}
#[allow(clippy::collapsible_if, clippy::nonminimal_bool)]
diff --git a/sgx_types/src/function.rs b/sgx_types/src/function.rs
index 900e64d..025c4a0 100644
--- a/sgx_types/src/function.rs
+++ b/sgx_types/src/function.rs
@@ -1022,6 +1022,16 @@
pub fn sgx_ql_free_quote_verification_collateral(
p_quote_collateral: *const sgx_ql_qve_collateral_t,
) -> sgx_quote3_error_t;
+ /* intel DCAP 1.14 */
+ pub fn tdx_ql_get_quote_verification_collateral(
+ fmspc: *const uint8_t,
+ fmspc_size: u16,
+ pck_ra: *const c_char,
+ pp_quote_collateral: *mut *mut tdx_ql_qve_collateral_t,
+ ) -> sgx_quote3_error_t;
+ pub fn tdx_ql_free_quote_verification_collateral(
+ p_quote_collateral: *const sgx_ql_qve_collateral_t,
+ ) -> sgx_quote3_error_t;
pub fn sgx_ql_get_qve_identity(
pp_qve_identity: *mut *mut c_char,
p_qve_identity_size: *mut uint32_t,
@@ -1069,6 +1079,15 @@
p_tcbinfo_size: *mut uint16_t,
) -> sgx_qcnl_error_t;
pub fn sgx_qcnl_free_tcbinfo(p_tcbinfo: *const uint8_t);
+ /* intel DCAP 1.14 */
+ pub fn tdx_qcnl_get_tcbinfo(
+ fmspc: *const c_char,
+ fmspc_size: uint16_t,
+ custom_param_b64_string: *const c_char,
+ p_tcbinfo: *mut *mut uint8_t,
+ p_tcbinfo_size: *mut uint16_t,
+ ) -> sgx_qcnl_error_t;
+ pub fn tdx_qcnl_free_tcbinfo(p_tcbinfo: *const uint8_t);
pub fn sgx_qcnl_get_qe_identity(
qe_type: uint8_t,
custom_param_b64_string: *const c_char,
diff --git a/sgx_types/src/types.rs b/sgx_types/src/types.rs
index 2f865fb..6241136 100644
--- a/sgx_types/src/types.rs
+++ b/sgx_types/src/types.rs
@@ -1373,7 +1373,16 @@
pub type tdx_ql_qve_collateral_t = sgx_ql_qve_collateral_t;
-/* intel DCAP 2.14 */
+impl_enum! {
+ #[repr(u8)]
+ #[derive(Copy, Clone, PartialEq, Eq, Debug)]
+ pub enum sgx_prod_type_t {
+ SGX_PROD_TYPE_SGX = 0,
+ SGX_PROD_TYPE_TDX = 1,
+ }
+}
+
+/* intel DCAP 1.11 */
impl_enum! {
#[repr(u32)]
#[derive(Copy, Clone, PartialEq, Eq, Debug)]
@@ -1450,8 +1459,8 @@
pub struct sgx_ql_ecdsa_sig_data_t {
pub sig: [uint8_t; 64],
pub attest_pub_key: [uint8_t; 64],
- pub qe3_report: sgx_report_body_t,
- pub qe3_report_sig: [uint8_t; 64],
+ pub qe_report: sgx_report_body_t,
+ pub qe_report_sig: [uint8_t; 64],
pub auth_certification_data: [uint8_t; 0],
}
}
@@ -1493,6 +1502,104 @@
sgx_quote3_t;
}
+/* intel DCAP 1.14 */
+//
+// sgx_quote_4.h
+//
+pub const TEE_TCB_SVN_SIZE: usize = 16;
+
+impl_struct! {
+ pub struct tee_tcb_svn_t {
+ pub tcb_svn: [uint8_t; TEE_TCB_SVN_SIZE],
+ }
+}
+
+pub const TD_INFO_RESERVED_BYTES: usize = 112;
+pub const TD_TEE_TCB_INFO_RESERVED_BYTES: usize = 111;
+
+impl_packed_copy_clone! {
+ pub struct tee_info_t {
+ pub attributes: tee_attributes_t,
+ pub xfam: tee_attributes_t,
+ pub mr_td: tee_measurement_t,
+ pub mr_config_id: tee_measurement_t,
+ pub mr_owner: tee_measurement_t,
+ pub mr_owner_config: tee_measurement_t,
+ pub rt_mr: [tee_measurement_t; 4],
+ pub reserved: [uint8_t; TD_INFO_RESERVED_BYTES],
+ }
+
+ pub struct tee_tcb_info_t {
+ pub valid: [uint8_t; 8],
+ pub tee_tcb_svn: tee_tcb_svn_t,
+ pub mr_seam: tee_measurement_t,
+ pub mr_seam_signer: tee_measurement_t,
+ pub attributes: tee_attributes_t,
+ pub reserved: [uint8_t; TD_TEE_TCB_INFO_RESERVED_BYTES],
+ }
+
+ pub struct sgx_qe_report_certification_data_t {
+ pub qe_report: sgx_report_body_t,
+ pub qe_report_sig: [uint8_t; 64],
+ pub auth_certification_data: [uint8_t; 0],
+ }
+
+ pub struct sgx_ecdsa_sig_data_v4_t {
+ pub sig: [uint8_t; 64],
+ pub attest_pub_key: [uint8_t; 64],
+ pub certification_data: [uint8_t; 0],
+ }
+
+ pub struct sgx_quote4_t {
+ pub header: sgx_quote4_header_t,
+ pub report_body: sgx_report2_body_t,
+ pub signature_data_len: uint32_t,
+ pub signature_data: [uint8_t; 0],
+ }
+}
+
+impl_struct_default! {
+ tee_info_t; //512
+ tee_tcb_info_t; //239
+ sgx_qe_report_certification_data_t; //448
+ sgx_ecdsa_sig_data_v4_t; //128
+ sgx_quote4_t; //636
+}
+
+impl_struct_ContiguousMemory! {
+ tee_info_t;
+ tee_tcb_info_t;
+ sgx_qe_report_certification_data_t;
+ sgx_ecdsa_sig_data_v4_t;
+ sgx_quote4_t;
+}
+
+impl_packed_struct! {
+ pub struct sgx_quote4_header_t {
+ pub version: uint16_t,
+ pub att_key_type: uint16_t,
+ pub tee_type: uint32_t,
+ pub reserved: uint32_t,
+ pub vendor_id: [uint8_t; 16],
+ pub user_data: [uint8_t; 20],
+ }
+
+ pub struct sgx_report2_body_t {
+ pub tee_tcb_svn: tee_tcb_svn_t,
+ pub mr_seam: tee_measurement_t,
+ pub mrsigner_seam: tee_measurement_t,
+ pub seam_attributes: tee_attributes_t,
+ pub td_attributes: tee_attributes_t,
+ pub xfam: tee_attributes_t,
+ pub mr_td: tee_measurement_t,
+ pub mr_config_id: tee_measurement_t,
+ pub mr_owner: tee_measurement_t,
+ pub mr_owner_config: tee_measurement_t,
+ pub rt_mr: [tee_measurement_t; 4],
+ pub report_data: tee_report_data_t,
+ }
+}
+
//
// sgx_ql_quote.h
//
@@ -1594,6 +1701,19 @@
}
}
+/* intel DCAP 1.14 */
+//
+// sgx_default_qcnl_wrapper.h
+//
+impl_enum! {
+ #[repr(u8)]
+ #[derive(Copy, Clone, PartialEq, Eq, Debug)]
+ pub enum sgx_qe_type_t {
+ SGX_QE_TYPE_ECDSA = 0,
+ SGX_QE_TYPE_TD = 1,
+ }
+}
+
/* intel sgx sdk 2.7.1 */
//
// sgx_secure_align_api.h
