Google Git
Sign in
apache / incubator-teaclave-website / refs/heads/asf-site / . / blog / 2019-12-03-mitigation-of-intel-sa-00219-in-teaclave-sgx-sdk / index.html
blob: ca89e90fc37ed96055f8368d555178659d563328 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Mitigation of Intel-SA-00219 in Teaclave SGX SDK | Apache Teaclave (incubating)</title>
<meta name="generator" content="VuePress 1.9.7">
<link rel="alternate" type="application/rss+xml" href="https://teaclave.apache.org/rss.xml" title="Apache Teaclave (incubating) RSS Feed">
<link rel="alternate" type="application/atom+xml" href="https://teaclave.apache.org/feed.atom" title="Apache Teaclave (incubating) Atom Feed">
<link rel="alternate" type="application/json" href="https://teaclave.apache.org/feed.json" title="Apache Teaclave (incubating) JSON Feed">
<meta name="description" content="Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.">
<meta property="article:published_time" content="2019-12-03T00:00:00.000Z">
<meta property="article:modified_time" content="2020-10-25T00:02:18.000Z">
<meta property="og:site_name" content="Apache Teaclave (incubating)">
<meta property="og:title" content="Mitigation of Intel-SA-00219 in Teaclave SGX SDK">
<meta property="og:type" content="article">
<meta property="og:url" content="https://teaclave.apache.org/blog/2019-12-03-mitigation-of-intel-sa-00219-in-teaclave-sgx-sdk/">
<meta name="twitter:title" content="Mitigation of Intel-SA-00219 in Teaclave SGX SDK">
<meta name="twitter:url" content="https://teaclave.apache.org/blog/2019-12-03-mitigation-of-intel-sa-00219-in-teaclave-sgx-sdk/">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@ApacheTeaclave">
<link rel="preload" href="/assets/css/0.styles.7a68c1e3.css" as="style"><link rel="preload" href="/assets/js/app.416a7edd.js" as="script"><link rel="preload" href="/assets/js/17.1555cdf6.js" as="script"><link rel="preload" href="/assets/js/1.d73ee85d.js" as="script"><link rel="preload" href="/assets/js/37.ba75de3f.js" as="script"><link rel="prefetch" href="/assets/js/10.dd5d6438.js"><link rel="prefetch" href="/assets/js/100.46160955.js"><link rel="prefetch" href="/assets/js/101.9f777f97.js"><link rel="prefetch" href="/assets/js/102.db34fcee.js"><link rel="prefetch" href="/assets/js/103.2c909920.js"><link rel="prefetch" href="/assets/js/104.62a09edf.js"><link rel="prefetch" href="/assets/js/105.1137ce46.js"><link rel="prefetch" href="/assets/js/106.7b874960.js"><link rel="prefetch" href="/assets/js/107.4acbae6d.js"><link rel="prefetch" href="/assets/js/108.dc9f4f34.js"><link rel="prefetch" href="/assets/js/109.a752bc7e.js"><link rel="prefetch" href="/assets/js/11.ae218e97.js"><link rel="prefetch" href="/assets/js/110.b94b1daf.js"><link rel="prefetch" href="/assets/js/111.5e1135dd.js"><link rel="prefetch" href="/assets/js/112.e62d88dd.js"><link rel="prefetch" href="/assets/js/12.1d03a56a.js"><link rel="prefetch" href="/assets/js/13.fc7df053.js"><link rel="prefetch" href="/assets/js/14.6ad08dcc.js"><link rel="prefetch" href="/assets/js/15.ac8415d3.js"><link rel="prefetch" href="/assets/js/16.196140b7.js"><link rel="prefetch" href="/assets/js/18.c4ade0d2.js"><link rel="prefetch" href="/assets/js/19.1f86150d.js"><link rel="prefetch" href="/assets/js/2.f85cce33.js"><link rel="prefetch" href="/assets/js/20.0106ee82.js"><link rel="prefetch" href="/assets/js/21.551cda9a.js"><link rel="prefetch" href="/assets/js/22.a1deb586.js"><link rel="prefetch" href="/assets/js/23.bea9a769.js"><link rel="prefetch" href="/assets/js/24.a111f8c3.js"><link rel="prefetch" href="/assets/js/25.94b105d2.js"><link rel="prefetch" href="/assets/js/26.6eb02834.js"><link rel="prefetch" href="/assets/js/27.cb815dd7.js"><link rel="prefetch" href="/assets/js/28.95da7ad2.js"><link rel="prefetch" href="/assets/js/29.41c82c76.js"><link rel="prefetch" href="/assets/js/30.2d4f6457.js"><link rel="prefetch" href="/assets/js/31.f85c3079.js"><link rel="prefetch" href="/assets/js/32.6327034e.js"><link rel="prefetch" href="/assets/js/33.3db23b15.js"><link rel="prefetch" href="/assets/js/34.4b677f53.js"><link rel="prefetch" href="/assets/js/35.74c2bfa1.js"><link rel="prefetch" href="/assets/js/36.aac34e45.js"><link rel="prefetch" href="/assets/js/38.25a187b5.js"><link rel="prefetch" href="/assets/js/39.a708e045.js"><link rel="prefetch" href="/assets/js/40.6961c007.js"><link rel="prefetch" href="/assets/js/41.33532c91.js"><link rel="prefetch" href="/assets/js/42.f5927854.js"><link rel="prefetch" href="/assets/js/43.223d6216.js"><link rel="prefetch" href="/assets/js/44.d8df7ac3.js"><link rel="prefetch" href="/assets/js/45.9a21ca3e.js"><link rel="prefetch" href="/assets/js/46.949f9fe6.js"><link rel="prefetch" href="/assets/js/47.ba103762.js"><link rel="prefetch" href="/assets/js/48.e7764c1b.js"><link rel="prefetch" href="/assets/js/49.d05175f8.js"><link rel="prefetch" href="/assets/js/5.0eeb0687.js"><link rel="prefetch" href="/assets/js/50.4240669f.js"><link rel="prefetch" href="/assets/js/51.b33563db.js"><link rel="prefetch" href="/assets/js/52.146509f4.js"><link rel="prefetch" href="/assets/js/53.72230e92.js"><link rel="prefetch" href="/assets/js/54.7d5c4465.js"><link rel="prefetch" href="/assets/js/55.f0e9528b.js"><link rel="prefetch" href="/assets/js/56.6aa20eb5.js"><link rel="prefetch" href="/assets/js/57.793df332.js"><link rel="prefetch" href="/assets/js/58.2c88c658.js"><link rel="prefetch" href="/assets/js/59.29946c67.js"><link rel="prefetch" href="/assets/js/6.cb964028.js"><link rel="prefetch" href="/assets/js/60.987ce7ea.js"><link rel="prefetch" href="/assets/js/61.e911a08e.js"><link rel="prefetch" href="/assets/js/62.280f7f41.js"><link rel="prefetch" href="/assets/js/63.0f3bb444.js"><link rel="prefetch" href="/assets/js/64.2b6ea649.js"><link rel="prefetch" href="/assets/js/65.219b780b.js"><link rel="prefetch" href="/assets/js/66.96999c9e.js"><link rel="prefetch" href="/assets/js/67.c2dec1a1.js"><link rel="prefetch" href="/assets/js/68.42fec217.js"><link rel="prefetch" href="/assets/js/69.61ecb198.js"><link rel="prefetch" href="/assets/js/7.847a8d20.js"><link rel="prefetch" href="/assets/js/70.ae576e11.js"><link rel="prefetch" href="/assets/js/71.3578bb66.js"><link rel="prefetch" href="/assets/js/72.b649388b.js"><link rel="prefetch" href="/assets/js/73.c03d947c.js"><link rel="prefetch" href="/assets/js/74.74092564.js"><link rel="prefetch" href="/assets/js/75.f5fb1db6.js"><link rel="prefetch" href="/assets/js/76.5e90f553.js"><link rel="prefetch" href="/assets/js/77.0bf63761.js"><link rel="prefetch" href="/assets/js/78.04e1fbee.js"><link rel="prefetch" href="/assets/js/79.5f71740f.js"><link rel="prefetch" href="/assets/js/8.68e95cf5.js"><link rel="prefetch" href="/assets/js/80.5da4cdab.js"><link rel="prefetch" href="/assets/js/81.ce072043.js"><link rel="prefetch" href="/assets/js/82.25ce02b0.js"><link rel="prefetch" href="/assets/js/83.9f374702.js"><link rel="prefetch" href="/assets/js/84.d4de12eb.js"><link rel="prefetch" href="/assets/js/85.e934db2b.js"><link rel="prefetch" href="/assets/js/86.084c1fd9.js"><link rel="prefetch" href="/assets/js/87.fbf2870d.js"><link rel="prefetch" href="/assets/js/88.c480980d.js"><link rel="prefetch" href="/assets/js/89.6a5a74c1.js"><link rel="prefetch" href="/assets/js/9.be5ff211.js"><link rel="prefetch" href="/assets/js/90.67a108d9.js"><link rel="prefetch" href="/assets/js/91.7c7ba95c.js"><link rel="prefetch" href="/assets/js/92.0ae5dd81.js"><link rel="prefetch" href="/assets/js/93.5353cf22.js"><link rel="prefetch" href="/assets/js/94.f7d41210.js"><link rel="prefetch" href="/assets/js/95.5f5bed22.js"><link rel="prefetch" href="/assets/js/96.59de9d4b.js"><link rel="prefetch" href="/assets/js/97.0d914caf.js"><link rel="prefetch" href="/assets/js/98.d751f4be.js"><link rel="prefetch" href="/assets/js/99.2bb8c143.js"><link rel="prefetch" href="/assets/js/vuejs-paginate.8e583f31.js">
<link rel="stylesheet" href="/assets/css/0.styles.7a68c1e3.css">
</head>
<body>
<div id="app" data-server-rendered="true"><div class="theme-container no-sidebar"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><img src="/assets/img/logo.svg" alt="Apache Teaclave (incubating)" class="logo"> <span class="site-name can-hide" style="display:none;">Teaclave</span></a> <div class="links"><!----> <nav class="nav-links can-hide"><div class="nav-item"><a href="/" class="nav-link">
ABOUT
</a></div><div class="nav-item"><a href="/powered-by/" class="nav-link">
POWERED BY
</a></div><div class="nav-item"><a href="/community/" class="nav-link">
COMMUNITY
</a></div><div class="nav-item"><a href="/download/" class="nav-link">
DOWNLOAD
</a></div><div class="nav-item"><a href="/contributors/" class="nav-link">
CONTRIBUTORS
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="DOCS" class="dropdown-title"><span class="title">DOCS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/docs/" class="nav-link">
Teaclave
</a></li><li class="dropdown-item"><!----> <a href="/sgx-sdk-docs/" class="nav-link">
Teaclave SGX SDK
</a></li><li class="dropdown-item"><!----> <a href="/trustzone-sdk-docs/" class="nav-link">
Teaclave TrustZone SDK
</a></li><li class="dropdown-item"><h4>
APIS
</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-rust/" target="_self" rel="" class="nav-link external">
Teaclave Client SDK (Rust)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-python/" target="_self" rel="" class="nav-link external">
Teaclave Client SDK (Python)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/sgx-sdk/" target="_self" rel="" class="nav-link external">
Teaclave SGX SDK
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-teec" target="_self" rel="" class="nav-link external">
Teaclave TrustZone SDK (Host)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-utee" target="_self" rel="" class="nav-link external">
Teaclave TrustZone SDK (TA)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-enclave/" target="_self" rel="" class="nav-link external">
Crates in Teaclave (Enclave)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-app/" target="_self" rel="" class="nav-link external">
Crates in Teaclave (App)
<!----></a></li></ul></li></ul></div></div><div class="nav-item"><a href="/blog/" class="nav-link router-link-active">
BLOG
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="REPOS" class="dropdown-title"><span class="title">REPOS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-sgx-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave SGX SDK
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-trustzone-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave TrustZone SDK
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-java-tee-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave Java TEE SDK
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-website" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave Website
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Apache Software Foundation" class="dropdown-title"><span class="title">ASF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer" class="nav-link external">
ASF Homepage
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="nav-link external">
License
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Sponsorship
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="nav-link external">
Security
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Privacy
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Thanks
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/events/current-event.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Events
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/" class="nav-link">
ABOUT
</a></div><div class="nav-item"><a href="/powered-by/" class="nav-link">
POWERED BY
</a></div><div class="nav-item"><a href="/community/" class="nav-link">
COMMUNITY
</a></div><div class="nav-item"><a href="/download/" class="nav-link">
DOWNLOAD
</a></div><div class="nav-item"><a href="/contributors/" class="nav-link">
CONTRIBUTORS
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="DOCS" class="dropdown-title"><span class="title">DOCS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/docs/" class="nav-link">
Teaclave
</a></li><li class="dropdown-item"><!----> <a href="/sgx-sdk-docs/" class="nav-link">
Teaclave SGX SDK
</a></li><li class="dropdown-item"><!----> <a href="/trustzone-sdk-docs/" class="nav-link">
Teaclave TrustZone SDK
</a></li><li class="dropdown-item"><h4>
APIS
</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-rust/" target="_self" rel="" class="nav-link external">
Teaclave Client SDK (Rust)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-python/" target="_self" rel="" class="nav-link external">
Teaclave Client SDK (Python)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/sgx-sdk/" target="_self" rel="" class="nav-link external">
Teaclave SGX SDK
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-teec" target="_self" rel="" class="nav-link external">
Teaclave TrustZone SDK (Host)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-utee" target="_self" rel="" class="nav-link external">
Teaclave TrustZone SDK (TA)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-enclave/" target="_self" rel="" class="nav-link external">
Crates in Teaclave (Enclave)
<!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-app/" target="_self" rel="" class="nav-link external">
Crates in Teaclave (App)
<!----></a></li></ul></li></ul></div></div><div class="nav-item"><a href="/blog/" class="nav-link router-link-active">
BLOG
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="REPOS" class="dropdown-title"><span class="title">REPOS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-sgx-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave SGX SDK
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-trustzone-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave TrustZone SDK
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-java-tee-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave Java TEE SDK
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-website" target="_blank" rel="noopener noreferrer" class="nav-link external">
Teaclave Website
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Apache Software Foundation" class="dropdown-title"><span class="title">ASF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer" class="nav-link external">
ASF Homepage
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="nav-link external">
License
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Sponsorship
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="nav-link external">
Security
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Privacy
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Thanks
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/events/current-event.html" target="_blank" rel="noopener noreferrer" class="nav-link external">
Events
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav> <!----> </aside> <main class="page"> <div id="base-list-layout" class="theme-default-content"><article itemscope="itemscope" itemtype="https://schema.org/BlogPosting" class="vuepress-blog-theme-content"><header><h1 itemprop="name headline" class="post-title">
Mitigation of Intel-SA-00219 in Teaclave SGX SDK
</h1> <div class="publish-date-author">December 3, 2019 · Yu Ding</div></header> <div itemprop="articleBody" class="content__default"><h2 id="background"><a href="#background" class="header-anchor">#</a> Background</h2> <p>Intel issued <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html" rel="noopener noreferrer">Intel SA-00219</a> on Nov 12, 2019, with CVE number <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0117" rel="noopener noreferrer">CVE-2019-0117</a>. Intel also published a <a href="https://software.intel.com/en-us/download/intel-sgx-sdk-developer-guidance-intel-sa-00219" rel="noopener noreferrer">guidance</a> to instruct the developers/researchers. Then Intel released <a href="https://01.org/intel-softwareguard-extensions/downloads/intel-sgx-linux-2.7.1-release-version-string-2.7.101.3" rel="noopener noreferrer">Intel SGX SDK v2.7.1</a>, including new memory allocation primitives and corresponding patches in PSW enclaves.</p> <p>This article is to help people understand Intel-SA-00219, and how Teaclave SGX SDK handles it.</p> <h2 id="the-problem-statement-and-my-thoughts"><a href="#the-problem-statement-and-my-thoughts" class="header-anchor">#</a> The problem statement and my thoughts</h2> <p>The only statement I found is on the <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html" rel="noopener noreferrer">Intel-SA-00219 page</a>:</p> <blockquote><p>Organize the code/data within enclave memory to avoid putting sensitive materials in DWORD0 and DWORD1 of cache line. The effectiveness of this mitigation is dependent on the ability for the software to avoid the affected memory region. To assist the enclave application providers to modify their code, Intel is releasing SGX SDK update (Windows version 2.5.101.3, Linux version 2.7.101.3) with new memory allocation APIs to avoid the affected memory region. More details about the APIs can be found <a href="https://software.intel.com/en-us/download/intel-sgx-sdk-developer-guidance-intel-sa-00219" rel="noopener noreferrer">here</a>.</p></blockquote> <p>Intel does not directly describe the vulnerability here. But it's clear that the 64-byte cache line would contain 8-byte or sensitive data, which can be keys protected by Intel SGX. So the following memory layout can be problematic in SGX:</p> <div class="language- extra-class"><pre class="language-text"><code> --------------------------------------------------------------------------------------
| attacker accessible data A | private key (inaccessible) | attacker accessible data B |
--------------------------------------------------------------------------------------
</code></pre></div><p>It's equal to a vulnerable data structure like:</p> <div class="language- extra-class"><pre class="language-text"><code>struct foo {
uint64_t A;
uint64_t secret;
uint64_t B;
}
</code></pre></div><p>where <code>foo.A</code> and <code>foo.B</code> are accessible by design, while <code>foo.secret</code> is not.</p> <p>If an attacker somehow can access either A or B, he probably will have first or last 8-byte of the &quot;inaccessible&quot; secret in cache line. Then something bad may happen.</p> <p>So, the most straightforward mitigation is to insert additional &quot;guard bytes&quot; before and after the sensitive data:</p> <div class="language- extra-class"><pre class="language-text"><code> ----------------------------------------------------------------------------------------------
| attacker data A | 8-byte guard | private key (inaccessible) | 8-byte guard | attacker data B |
----------------------------------------------------------------------------------------------
</code></pre></div><p>It results in a modified structure like</p> <div class="language- extra-class"><pre class="language-text"><code>struct foo {
uint64_t A;
(private) uint64_t _guard0;
uint64_t secret;
(private) uint64_t _guard1;
uint64_t B;
}
</code></pre></div><p>Further investigation from Intel's code reveals that <code>_guard1</code> is not required. So it can be:</p> <div class="language- extra-class"><pre class="language-text"><code> -------------------------------------------------------------------------------
| attacker data A | 8-byte guard | private key (inaccessible) | attacker data B |
-------------------------------------------------------------------------------
</code></pre></div><h2 id="intel-s-new-allocator-primitive"><a href="#intel-s-new-allocator-primitive" class="header-anchor">#</a> Intel's new allocator primitive</h2> <p>Intel's guidance provides:</p> <p>(1) A C++ template <code>custom_alignment_aligned</code>
(2) A C function <code>sgx_get_aligned_ptr</code> and one of its parameter's type <code>struct align_req_t</code>
(3) A dynamic memory allocator function <code>sgx_aligned_malloc</code></p> <p>After spending hours on Intel's code, I realized that these primitives are helping developers allocate a larger object which:</p> <p>a) contains all fields of the original object.
b) adds &quot;guard bytes&quot; before and after each &quot;specified secret field&quot;.
c) align each &quot;specified secret field&quot; on demand</p> <h2 id="intel-s-patches-on-psw-enclaves"><a href="#intel-s-patches-on-psw-enclaves" class="header-anchor">#</a> Intel's patches on PSW enclaves</h2> <p>The most easy to understand example is from <code>psw/ae/pse_op/session_mgr.cpp</code>:</p> <div class="language-diff extra-class"><pre class="language-text"><code>@@ -417,7 +461,12 @@ pse_op_error_t pse_exchange_report(uint64_t tick,
{
pse_op_error_t status = OP_SUCCESS;
sgx_dh_session_t sgx_dh_session;
- sgx_key_128bit_t aek;
+ //
+ // securely align aek
+ //
+ //sgx_key_128bit_t aek;
+ sgx::custom_alignment_aligned&lt;sgx_key_128bit_t, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t)&gt; oaek;
+ sgx_key_128bit_t&amp; aek = oaek.v;
sgx_dh_session_enclave_identity_t initiator_identity;
cse_sec_prop_t * pcse_sec = NULL;
secu_info_t* psec_info = NULL;
</code></pre></div><p>The template generates a larger struct <code>oaek</code>. Size of <code>sgx_key_128bit_t</code> is 16 bytes, and <code>sizeof(oaek)</code> equals to 32. And the offset of <code>oaek.v</code> is 8.</p> <p>And in the same file, another fix is:</p> <div class="language-diff extra-class"><pre class="language-text"><code>--- a/psw/ae/pse/pse_op/session_mgr.cpp
+++ b/psw/ae/pse/pse_op/session_mgr.cpp
@@ -29,21 +29,65 @@
*
*/
-
+#include &lt;sgx_secure_align.h&gt;
#include &quot;utility.h&quot;
#include &quot;session_mgr.h&quot;
#include &quot;pse_op_t.h&quot;
#include &quot;sgx_dh.h&quot;
// ISV enclave &lt;-&gt; pse-op sessions
-static pse_session_t g_session[SESSION_CONNECTION];
+//
+// securely align all ISV enclave - pse sessions' secrets
+//
+static sgx::custom_alignment_aligned&lt;pse_session_t, 16, __builtin_offsetof(pse_session_t, active.AEK), 16&gt; og_session[SESSION_CONNECTION];
+//
+// following allows existing references to g_session[index]
+// to not have to change
+//
+class CSessions
+{
+public:
+ pse_session_t&amp; operator[](int index) {
+ return og_session[index].v;
+ }
+};
+static CSessions g_session;
static uint32_t g_session_count = 0;
</code></pre></div><p>It seems that the original global <code>g_session</code> array is vulnerabile to INTEL-SA-00219. So Intel created a new structure <code>CSessions</code> and reloaded the <code>[]</code> operator, and used <code>custom_alignment_aligned</code> template to create the array of guarded <code>CSessions</code>.</p> <p>We can see some more complex samples in the same file, such as:</p> <div class="language-diff extra-class"><pre class="language-text"><code> // ephemeral session global variables
static uint8_t g_nonce_r_pse[EPH_SESSION_NONCE_SIZE] = {0}; // nonce R(PSE) for ephemeral session establishment
static uint8_t g_nonce_r_cse[EPH_SESSION_NONCE_SIZE] = {0}; // nonce R(CSE) for ephemeral session establishment
-static pairing_data_t g_pairing_data; // unsealed pairing data
-eph_session_t g_eph_session; // ephemeral session information
+
+//
+// securely align pairing data
+// Id_pse and Id_cse aren't secrets
+// I don't think pairingNonce is a secret and even if it is, we can't align
+// all of [mk, sk, pairingID, pairingNonce]
+//
+//static pairing_data_t g_pairing_data; // unsealed pairing data
+static sgx::custom_alignment&lt;pairing_data_t,
+ //__builtin_offsetof(pairing_data_t, secret_data.Id_pse), sizeof(((pairing_data_t*)0)-&gt;secret_data.Id_pse),
+ //__builtin_offsetof(pairing_data_t, secret_data.Id_cse), sizeof(((pairing_data_t*)0)-&gt;secret_data.Id_cse),
+ __builtin_offsetof(pairing_data_t, secret_data.mk), sizeof(((pairing_data_t*)0)-&gt;secret_data.mk),
+ __builtin_offsetof(pairing_data_t, secret_data.sk), sizeof(((pairing_data_t*)0)-&gt;secret_data.sk),
+ __builtin_offsetof(pairing_data_t, secret_data.pairingID), sizeof(((pairing_data_t*)0)-&gt;secret_data.pairingID)
+ //__builtin_offsetof(pairing_data_t, secret_data.pairingNonce), sizeof(((pairing_data_t*)0)-&gt;secret_data.pairingNonce)
+ &gt; opairing_data;
+pairing_data_t&amp; g_pairing_data = opairing_data.v;
+//
+// securely align pse - cse/psda ephemeral session secrets
+//
+//eph_session_t g_eph_session; // ephemeral session information
+sgx::custom_alignment&lt;eph_session_t,
+ __builtin_offsetof(eph_session_t, TSK), sizeof(((eph_session_t*)0)-&gt;TSK),
+ __builtin_offsetof(eph_session_t, TMK), sizeof(((eph_session_t*)0)-&gt;TMK)
+&gt; oeph_session;
+//
+// this reference trick requires change to declaration
+// in other files, but still cleaner than changing
+// all references
+//
+eph_session_t&amp; g_eph_session = oeph_session.v;
/**
* @brief Check the status of the ephemeral session
</code></pre></div><p>To understand it, let me expand <code>struct pairing_data_t</code> here:</p> <div class="language- extra-class"><pre class="language-text"><code>/* Pairing blob unsealed and usable inside of enclave*/
typedef struct _pairing_data_t
{
se_plaintext_pairing_data_t plaintext; // does not involved
struct se_secret_pairing_data_t {
SHA256_HASH Id_pse;
SHA256_HASH Id_cse;
SIGMA_MAC_KEY mk;
SIGMA_SECRET_KEY sk;
SIGMA_SECRET_KEY pairingID; // old_sk used for repairing check
Nonce128_t pairingNonce;
EcDsaPrivKey VerifierPrivateKey;
} secret_data;
} pairing_data_t;
</code></pre></div><p>The patch seems to protect <code>mk</code>, <code>sk</code>, and <code>pairingID</code>, and all the other fields are commented out. What's more, this patch uses a <strong>undocumented</strong> template <code>sgx::custom_alignment</code> defined as:</p> <div class="language-cpp extra-class"><pre class="language-text"><code> template &lt;class T, std::size_t... OLs&gt;
using custom_alignment = custom_alignment_aligned&lt;T, alignof(T), OLs...&gt;;
</code></pre></div><h2 id="experiments-on-the-undocument-template"><a href="#experiments-on-the-undocument-template" class="header-anchor">#</a> Experiments on the undocument template</h2> <p>To test how the undocumented template work, I write the following codes:</p> <div class="language-cpp extra-class"><pre class="language-text"><code> struct foo {
uint64_t secret1[5]; // offset = 0
};
typedef sgx::custom_alignment&lt;foo, __builtin_offsetof(foo, secret1), sizeof(((foo*)0)-&gt;secret1)&gt; AFOO;
printf(&quot;=== Size of foo = %u ===\n&quot;, sizeof(foo)); // 40
printf(&quot;=== Size of bar = %u ===\n&quot;, sizeof(AFOO)); // 64
printf(&quot;=== offset of AROO.v = %u ===\n&quot;, __builtin_offsetof(AFOO, v)); // 8
printf(&quot;=== offset of secret1 = %u ===\n&quot;, __builtin_offsetof(AFOO, v.secret1)); // 8
</code></pre></div><p>So we can see that the structure of AROO is:</p> <div class="language-cpp extra-class"><pre class="language-text"><code>struct AROO {
uint64_t _padding_head[1] // offset = 0, len = 8
struct {
uint64_t secret1[5]; // offset = 8, len = 40
} v;
uint64_t _padding_tail[2]; // offset = 40, len = 16
</code></pre></div><p>It seems the undocumented C++ template aligns <code>AROO</code> to the next level, and add 8-byte headings into it. If we add the second secret in <code>foo</code> like:</p> <div class="language-cpp extra-class"><pre class="language-text"><code> struct foo {
uint64_t secret1[5]; // offset = 0
uint64_t secret2[1]; // offset = 40
};
typedef sgx::custom_alignment&lt;foo,
__builtin_offsetof(foo, secret1), sizeof(((foo*)0)-&gt;secret1),
__builtin_offsetof(foo, secret2), sizeof(((foo*)0)-&gt;secret2)
&gt; AFOO;
printf(&quot;=== Size of foo = %u ===\n&quot;, sizeof(foo)); // 48
printf(&quot;=== Size of bar = %u ===\n&quot;, sizeof(AFOO)); // 64
printf(&quot;=== offset of AROO.v = %u ===\n&quot;, __builtin_offsetof(AFOO, v)); // 8
printf(&quot;=== offset of AROO.v.secret1 = %u ===\n&quot;, __builtin_offsetof(AFOO, v.secret1)); // 8
printf(&quot;=== offset of AROO.v.secret2 = %u ===\n&quot;, __builtin_offsetof(AFOO, v.secret2)); // 48
</code></pre></div><p>we can see that the structure of AROO is:</p> <div class="language-cpp extra-class"><pre class="language-text"><code>struct AROO {
uint64_t _padding_head[1] // offset = 0, len = 8
struct {
uint64_t secret1[5]; // offset = 8, len = 40
uint64_t secret2[1]; // offset = 48, len = 8
} v;
uint64_t _padding_tail[1]; // offset = 56, len = 8
</code></pre></div><p>If we increase <code>secret2</code> to 16-bytes, it works well as usual. And the <code>_padding_tail</code> will have <strong>zero length</strong>. So does it means that <em>only extra heading is required for mitigation</em>? But it'll not compile if we make <code>secret2</code> 24-bytes, like:</p> <div class="language-c++ extra-class"><pre class="language-text"><code> struct foo {
uint64_t secret1[5]; // offset = 0
uint64_t secret2[3]; // offset = 40
};
typedef sgx::custom_alignment&lt;foo,
__builtin_offsetof(foo, secret1), sizeof(((foo*)0)-&gt;secret1),
__builtin_offsetof(foo, secret2), sizeof(((foo*)0)-&gt;secret2)
&gt; AFOO;
</code></pre></div><p>GCC would terminate on:</p> <div class="language- extra-class"><pre class="language-text"><code>make[1]: Entering directory '/root/linux-sgx/SampleCode/Cxx11SGXDemo'
In file included from Enclave/TrustedLibrary/Libcxx.cpp:47:0:
/opt/sgxsdk/include/sgx_secure_align.h: In instantiation of 'struct sgx::__custom_alignment_internal::custom_alignment&lt;ecall_lambdas_demo()::foo, 8ul, -1&gt;':
Enclave/TrustedLibrary/Libcxx.cpp:125:53: required from here
/opt/sgxsdk/include/sgx_secure_align.h:123:13: error: static assertion failed: No viable offset
static_assert(LZ &gt; 0, &quot;No viable offset&quot;);
^
/opt/sgxsdk/include/sgx_secure_align.h:125:48: error: size of array is negative
char __no_secret_allowed_in_here[LZ];
^
Makefile:255: recipe for target 'Enclave/TrustedLibrary/Libcxx.o' failed
</code></pre></div><p>Nothing changes if we switch to the original template <code>sgx::custom_alignment_aligned</code>. So I guess the template does not support structures:</p> <ul><li>contains secrets consecutively, and</li> <li>the consecutive secrets' size is larger than a certain number (not sure yet)</li></ul> <p>If we break down <code>secret1</code> and <code>secret2</code> by inserting something in the middle, the template works:</p> <div class="language-c++ extra-class"><pre class="language-text"><code>struct foo {
uint64_t secret1[5]; // offset = 0
char dumb; // offset = 40
uint64_t secret2[3]; // offset = 48
};
typedef sgx::custom_alignment&lt;foo,
__builtin_offsetof(foo, secret1), sizeof(((foo*)0)-&gt;secret1),
__builtin_offsetof(foo, secret2), sizeof(((foo*)0)-&gt;secret2)
&gt; AFOO;
printf(&quot;=== Size of foo = %u ===\n&quot;, sizeof(foo)); // 72
printf(&quot;=== Size of bar = %u ===\n&quot;, sizeof(AFOO)); // 128
printf(&quot;=== offset of AROO.v = %u ===\n&quot;, __builtin_offsetof(AFOO, v)); // 24
printf(&quot;=== offset of AROO.v.secret1 = %u ===\n&quot;, __builtin_offsetof(AFOO, v.secret1)); // 24
printf(&quot;=== offset of AROO.v.secret2 = %u ===\n&quot;, __builtin_offsetof(AFOO, v.secret2)); // 72
</code></pre></div><h2 id="changes-actions-required"><a href="#changes-actions-required" class="header-anchor">#</a> Changes/Actions required</h2> <p>From Intel's usage, we can learn that:</p> <p>**Don't construct a sensitive data structure directly. Always allocate an aligned structure and fill it up later **</p> <p>It means:</p> <ul><li>if you allocate something sensitive (e.g. keys in <code>sgx_key_128bit_t</code>) on stack/heap, you probably need to allocate another guarded structure first, and get a mutable reference to its inner data.</li> <li>if you want to make <code>sgx_key_128bit_t</code> as the type of return value, you can choose between (1) return a guarded structure, or (2) takes an additional argument of caller-allocated, mutuable reference of <code>sgx_key_128bit_t</code> and fill it.</li></ul> <h2 id="rust-sgx-provided-primitive"><a href="#rust-sgx-provided-primitive" class="header-anchor">#</a> Rust SGX provided primitive</h2> <ul><li><p>We provided <code>AlignBox</code> as a replacement of <code>Box</code></p> <ul><li><p><code>Box</code> is somewhat tricky because it always &quot;initialize on stack first and copy to heap later&quot;. <a href="https://github.com/kvark/copyless" rel="noopener noreferrer">copyless</a> provides a novel primitive to solve <a href="https://github.com/dingelish/realbox" rel="noopener noreferrer">it but it does not always effective</a>. To this end, we created <code>AlignBox</code> which guarantees &quot;on-heap initialization&quot; without copying any bits. Usage:</p> <div class="language-rust extra-class"><pre class="language-text"><code>let heap_align_obj = AlignBox::&lt;struct_align_t&gt;::heap_init_with_req(|mut t| {
t.key1 = [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff];
t.pad1 = [0x00; 16];
t.key2 = [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff];
t.pad2 = [0x00; 16];
t.key3 = [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff];
t.pad3 = [0x00; 16];
t.key4 = [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff];
}, 16, &amp;str_slice);
assert!(heap_align_obj.is_some());
</code></pre></div></li></ul></li> <li><p>We provided aligned key type for each built-in key type. The layout are calculated by Intel's template.</p> <ul><li><code>sgx_align_key_128bit_t</code></li> <li><code>sgx_align_mac_128bit_t</code></li> <li><code>sgx_align_key_256bit_t</code></li> <li><code>sgx_align_mac_256bit_t</code></li> <li><code>sgx_align_ec256_dh_shared_t</code></li> <li><code>sgx_align_ec256_private_t</code></li></ul></li></ul> <p>We modified <code>sgx_tcrypto</code>, <code>sgx_tse</code>, and <code>sgx_tdh</code> and use the above primitives for enhancement, following the above required changes. One sample is from <code>sgx_tcrypto</code>:</p> <div class="language-rust extra-class"><pre class="language-text"><code>+ let mut align_mac = sgx_align_mac_128bit_t::default();
+ let ret = unsafe {
+ sgx_rijndael128_cmac_msg(key as * const sgx_cmac_128bit_key_t,
+ src.as_ptr() as * const u8,
+ size as u32,
+ &amp;mut align_mac.mac as * mut sgx_cmac_128bit_tag_t)
+ };
</code></pre></div><p>We allocate an aligned structure first, and then fill it up using Intel's crypto primitive later.</p></div></article></div> <div class="footer">
Apache Teaclave (incubating) is an effort undergoing incubation at The Apache
Software Foundation (ASF), sponsored by the Apache Incubator.
Incubation is required of all newly accepted projects until a further review
indicates that the infrastructure, communications, and decision making process
have stabilized in a manner consistent with other successful ASF projects. While
incubation status is not necessarily a reflection of the completeness or
stability of the code, it does indicate that the project has yet to be fully
endorsed by the ASF.
Copyright © 2020 The Apache Software Foundation.
Licensed under the Apache License, Version 2.0.
Apache Teaclave, Apache, the Apache feather, and the Apache Teaclave project logo are either
trademarks or registered trademarks of the Apache Software Foundation.
</div></main></div><div class="global-ui"><!----></div></div>
<script src="/assets/js/app.416a7edd.js" defer></script><script src="/assets/js/17.1555cdf6.js" defer></script><script src="/assets/js/1.d73ee85d.js" defer></script><script src="/assets/js/37.ba75de3f.js" defer></script>
</body>
</html>