diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 1ebb2dcf..8bdc57e5 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -12,14 +12,14 @@ RUN apt-get update \ && rm -r /var/lib/apt/lists # Install SGX_SDK -ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.19/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.19.100.3.bin +ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.20/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.20.100.4.bin RUN curl -o sgx.bin "${SGX_URL}" \ && chmod +x ./sgx.bin \ && ./sgx.bin --prefix=/opt/intel \ && rm ./sgx.bin # Install DCAP libraries -ARG DCAP_VERSION=1.16.100.2-jammy1 +ARG DCAP_VERSION=1.17.100.4-jammy1 RUN mkdir -p /etc/apt/keyrings \ && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor | tee /etc/apt/keyrings/intel-sgx.gpg > /dev/null \ && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" | tee /etc/apt/sources.list.d/intel-sgx.list \ diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 732ad5d4..7913d9d1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -69,7 +69,7 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.16.100.2-jammy1 + version: 1.17.100.4-jammy1 - id: suppression run: | if [ "${{ matrix.rust }}" == "stable" ]; then @@ -98,10 +98,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.19.100.3 + version: 2.20.100.4 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.16.100.2-jammy1 + version: 1.17.100.4-jammy1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -122,10 +122,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.19.100.3 + version: 2.20.100.4 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.16.100.2-jammy1 + version: 1.17.100.4-jammy1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -146,10 +146,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.19.100.3 + version: 2.20.100.4 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.16.100.2-jammy1 + version: 1.17.100.4-jammy1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -187,10 +187,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.19.100.3 + version: 2.20.100.4 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.16.100.2-jammy1 + version: 1.17.100.4-jammy1 - uses: dtolnay/rust-toolchain@stable with: components: llvm-tools-preview diff --git a/CHANGELOG.md b/CHANGELOG.md index a5b74fc3..81c0c416 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] - ReleaseDate +### Changed + +- The SGX SDK version is now 2.20.100.4 + ## [0.8.0] - 2023-09-21 ### Added diff --git a/core/build/headers/sgx_attributes.h b/core/build/headers/sgx_attributes.h index 523d22eb..5de45376 100644 --- a/core/build/headers/sgx_attributes.h +++ b/core/build/headers/sgx_attributes.h @@ -40,7 +40,9 @@ #define SGX_FLAGS_MODE64BIT 0x0000000000000004ULL /* If set, then the enclave is 64 bit */ #define SGX_FLAGS_PROVISION_KEY 0x0000000000000010ULL /* If set, then the enclave has access to provision key */ #define SGX_FLAGS_EINITTOKEN_KEY 0x0000000000000020ULL /* If set, then the enclave has access to EINITTOKEN key */ -#define SGX_FLAGS_KSS 0x0000000000000080ULL /* If set enclave uses KSS */ +#define SGX_FLAGS_KSS 0x0000000000000080ULL /* If set, then the enclave uses KSS */ +#define SGX_FLAGS_AEX_NOTIFY 0x0000000000000400ULL /* If set, then the enclave enables AEX Notify */ + #define SGX_FLAGS_NON_CHECK_BITS 0x00FF000000000000ULL /* BIT[55-48] will not be checked */ @@ -60,7 +62,9 @@ typedef struct _attributes_t uint64_t xfrm; } sgx_attributes_t; -/* define MISCSELECT - all bits are currently reserved */ +/* Define MISCSELECT + * bit 0: EXINFO + * bit 31-1: reserved(0) */ typedef uint32_t sgx_misc_select_t; typedef struct _sgx_misc_attribute_t { diff --git a/core/build/headers/sgx_dcap_quoteverify.h b/core/build/headers/sgx_dcap_quoteverify.h index bf53a57f..68f9879b 100644 --- a/core/build/headers/sgx_dcap_quoteverify.h +++ b/core/build/headers/sgx_dcap_quoteverify.h @@ -187,7 +187,7 @@ quote3_error_t tdx_qv_get_quote_supplemental_data_size(uint32_t *p_data_size); * @param p_quote_verification_result[OUT] - Address of the outputted quote verification result. * @param p_qve_report_info[IN/OUT] - This parameter can be used in 2 ways. * If p_qve_report_info is NOT NULL, the API will use Intel QvE to perform quote verification, and QvE will generate a report using the target_info in sgx_ql_qe_report_info_t structure. - * if p_qve_report_info is NULL, the API will use QVL library to perform quote verification, not that the results can not be cryptographically authenticated in this mode. + * if p_qve_report_info is NULL, the API will use QVL library to perform quote verification, note that the results can not be cryptographically authenticated in this mode. * @param supplemental_data_size[IN] - Size of the buffer pointed to by p_quote (in bytes). * @param p_supplemental_data[OUT] - The parameter is optional. If it is NULL, supplemental_data_size must be 0. * @@ -203,7 +203,7 @@ quote3_error_t tdx_qv_get_quote_supplemental_data_size(uint32_t *p_data_size); quote3_error_t tdx_qv_verify_quote( const uint8_t *p_quote, uint32_t quote_size, - const tdx_ql_qve_collateral_t *p_quote_collateral, + const tdx_ql_qv_collateral_t *p_quote_collateral, const time_t expiration_check_date, uint32_t *p_collateral_expiration_status, sgx_ql_qv_result_t *p_quote_verification_result, diff --git a/core/build/headers/sgx_ql_lib_common.h b/core/build/headers/sgx_ql_lib_common.h index 2e089270..289d84ca 100644 --- a/core/build/headers/sgx_ql_lib_common.h +++ b/core/build/headers/sgx_ql_lib_common.h @@ -59,7 +59,7 @@ typedef enum _quote3_error_t { SGX_QL_ATT_KEY_BLOB_ERROR = SGX_QL_MK_ERROR(0x000a), ///< There is a problem with the attestation key blob. SGX_QL_UNSUPPORTED_ATT_KEY_ID = SGX_QL_MK_ERROR(0x000b), ///< Unsupported attestation key ID. SGX_QL_UNSUPPORTED_LOADING_POLICY = SGX_QL_MK_ERROR(0x000c), ///< Unsupported enclave loading policy. - SGX_QL_INTERFACE_UNAVAILABLE = SGX_QL_MK_ERROR(0x000d), ///< Unable to load the QE enclave + SGX_QL_INTERFACE_UNAVAILABLE = SGX_QL_MK_ERROR(0x000d), ///< Unable to load the PCE enclave SGX_QL_PLATFORM_LIB_UNAVAILABLE = SGX_QL_MK_ERROR(0x000e), ///< Unable to find the platform library with the dependent APIs. Not fatal. SGX_QL_ATT_KEY_NOT_INITIALIZED = SGX_QL_MK_ERROR(0x000f), ///< The attestation key doesn't exist or has not been certified. SGX_QL_ATT_KEY_CERT_DATA_INVALID = SGX_QL_MK_ERROR(0x0010), ///< The certification data retrieved from the platform library is invalid. @@ -141,6 +141,8 @@ typedef enum _quote3_error_t { SGX_QL_TCB_NOT_SUPPORTED = SGX_QL_MK_ERROR(0x0066), ///< Current TCB level cannot be found in platform/enclave TCB info + SGX_QL_CONFIG_INVALID_JSON = SGX_QL_MK_ERROR(0x0067), ///< The QPL's config file is in JSON format but has a format error + SGX_QL_ERROR_MAX = SGX_QL_MK_ERROR(0x00FF), ///< Indicate max error to allow better translation. } quote3_error_t; @@ -159,7 +161,7 @@ typedef struct _sgx_ql_pck_cert_id_t uint32_t qe3_id_size; ///< The Size of hte QE_ID (currenlty 16 bytes) sgx_cpu_svn_t *p_platform_cpu_svn; ///< Pointer to the platform's raw CPUSVN sgx_isv_svn_t *p_platform_pce_isv_svn; ///< Pointer to the platform's raw PCE ISVSVN - uint8_t *p_encrypted_ppid; ///< Pointer to the enccrypted PPID (Optional) + uint8_t *p_encrypted_ppid; ///< Pointer to the encrypted PPID (Optional) uint32_t encrypted_ppid_size; ///< Size of encrytped PPID. uint8_t crypto_suite; ///< Crypto algorithm used to encrypt the PPID uint16_t pce_id; ///< Identifies the PCE-Version used to generate the encrypted PPID. @@ -178,7 +180,7 @@ typedef struct _sgx_ql_config_t sgx_cpu_svn_t cert_cpu_svn; ///< The CPUSVN used to generate the PCK Signature used to certify the attestation key. sgx_isv_svn_t cert_pce_isv_svn; ///< The PCE ISVSVN used to generate the PCK Signature used to certify the attestation key. uint32_t cert_data_size; ///< The size of the buffer pointed to by p_cert_data - uint8_t *p_cert_data; ///< The certificaton data used for the quote. + uint8_t *p_cert_data; ///< The certification data used for the quote. ///todo: It is the assumed to be the PCK Cert Chain. May want to change to support other cert types. } sgx_ql_config_t; @@ -244,8 +246,17 @@ typedef enum _sgx_prod_type_t { SGX_PROD_TYPE_TDX = 1, } sgx_prod_type_t; +typedef enum _sgx_qpl_cache_type_t { + SGX_QPL_CACHE_CERTIFICATE = 1 << 0, + SGX_QPL_CACHE_QV_COLLATERAL = 1 << 1, + SGX_QPL_CACHE_MULTICERTS = 1 << 2, +} sgx_qpl_cache_type_t; + #ifndef tdx_ql_qve_collateral_t typedef sgx_ql_qve_collateral_t tdx_ql_qve_collateral_t; + +// Deprecate structure name tdx_ql_qve_collateral_t +typedef tdx_ql_qve_collateral_t tdx_ql_qv_collateral_t; #endif #endif //_SGX_QL_LIB_COMMON_H_ diff --git a/core/build/headers/sgx_qve_header.h b/core/build/headers/sgx_qve_header.h index 82cc045f..5c7d606a 100644 --- a/core/build/headers/sgx_qve_header.h +++ b/core/build/headers/sgx_qve_header.h @@ -77,8 +77,10 @@ typedef enum _pck_cert_flag_enum_t { #define PLATFORM_INSTANCE_ID_SIZE 16 // Each Intel Advisory size is ~16 bytes -// Assume each TCB level has 10 advisoryIDs at the very most -#define MAX_SA_LIST_SIZE 160 +// Assume each TCB level has 20 advisoryIDs at the very most +#define MAX_SA_SIZE 20 +#define MAX_SA_NUMBER_PER_TCB 20 +#define MAX_SA_LIST_SIZE 320 // Nameless struct generates C4201 warning in MS compiler, but it is allowed in c++ 11 standard // Should remove the pragma after Microsoft fixes this issue diff --git a/core/build/headers/sgx_trts_aex.h b/core/build/headers/sgx_trts_aex.h new file mode 100644 index 00000000..ea28ffc0 --- /dev/null +++ b/core/build/headers/sgx_trts_aex.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + + +/** + * File: sgx_trts_aex.h + * Description: + * Header file for aex notify handling APIs. + */ + +#ifndef _SGX_TRTS_AEX_H_ +#define _SGX_TRTS_AEX_H_ + +#include +#include +#include "sgx_defs.h" +#include "sgx_trts_exception.h" +#include "sgx_error.h" + +typedef void (*sgx_aex_mitigation_fn_t)(const sgx_exception_info_t *info, const void * args); + +typedef struct _aex_mitigation_node_t +{ + sgx_aex_mitigation_fn_t handler; + const void *args; + struct _aex_mitigation_node_t * next; +} sgx_aex_mitigation_node_t; + + +#ifdef __cplusplus +extern "C" { +#endif + +/* sgx_set_ssa_aexnotify() + * Parameters: + * flag - 0 to disable AEX-Notify + * non-zero to enable AEX-Notify + * Return Value: + * SGX_SUCCESS - success + * SGX_ERROR_UNEXPECTED - unexpected error + */ +sgx_status_t SGXAPI sgx_set_ssa_aexnotify(int flag); + + +/* sgx_register_aex_handler() + * Parameters: + * aex_node - A pointer to an AEX mitigation node. The mitigation node must exist and be valid until it is unregistered. + * handler - A function handler to call after being notified of an AEX + * args - Arguments to pass to the handler + * Return Value: + * SGX_SUCCESS - success + * SGX_ERROR_INVALID_PARAMETER - aex_node or handler are NULL + */ +sgx_status_t SGXAPI sgx_register_aex_handler(sgx_aex_mitigation_node_t *aex_node, sgx_aex_mitigation_fn_t handler, const void *args); + +/* sgx_unregister_aex_handler() + * Parameters: + * handler - A function handler that was previously registered + * Return Value: + * SGX_SUCCESS - success + * SGX_ERROR_INVALID_PARAMETER - handler was NULL or has not been previously registered + * SGX_ERROR_UNEXPECTED - There currently are no registered handlers + */ +sgx_status_t SGXAPI sgx_unregister_aex_handler(sgx_aex_mitigation_fn_t handler); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/core/build/headers/sgx_trts_exception.h b/core/build/headers/sgx_trts_exception.h index bd66e5e4..da8146cf 100644 --- a/core/build/headers/sgx_trts_exception.h +++ b/core/build/headers/sgx_trts_exception.h @@ -112,12 +112,22 @@ typedef struct _exinfo_t uint32_t reserved; }sgx_misc_exinfo_t; + __attribute__((aligned(64))) typedef struct _exception_info_t { sgx_cpu_context_t cpu_context; sgx_exception_vector_t exception_vector; sgx_exception_type_t exception_type; sgx_misc_exinfo_t exinfo; + uint32_t exception_valid; + uint32_t do_aex_mitigation; + uint64_t xsave_size; +#if defined (_M_X64) || defined (__x86_64__) + uint64_t reserved[1]; +#else + uint64_t reserved[6]; +#endif + uint8_t xsave_area[0]; // 64-byte aligned } sgx_exception_info_t; typedef int (*sgx_exception_handler_t)(sgx_exception_info_t *info); diff --git a/core/sys/types/build.rs b/core/sys/types/build.rs index 9b6cbda7..c1feb2b4 100644 --- a/core/sys/types/build.rs +++ b/core/sys/types/build.rs @@ -83,6 +83,7 @@ const CORE_CONSTS: &[&str] = &[ "SGX_FLAGS_PROVISION_KEY", "SGX_FLAGS_EINITTOKEN_KEY", "SGX_FLAGS_KSS", + "SGX_FLAGS_AEX_NOTIFY", "SGX_FLAGS_NON_CHECK_BITS", "SGX_XFRM_LEGACY", "SGX_XFRM_AVX", diff --git a/core/types/src/attributes.rs b/core/types/src/attributes.rs index 80002b6f..b0e085da 100644 --- a/core/types/src/attributes.rs +++ b/core/types/src/attributes.rs @@ -7,10 +7,10 @@ use bitflags::bitflags; use core::fmt::{Display, Formatter}; use core::ops::BitAnd; use mc_sgx_core_sys_types::{ - sgx_attributes_t, sgx_misc_attribute_t, sgx_misc_select_t, SGX_FLAGS_DEBUG, - SGX_FLAGS_EINITTOKEN_KEY, SGX_FLAGS_INITTED, SGX_FLAGS_KSS, SGX_FLAGS_MODE64BIT, - SGX_FLAGS_NON_CHECK_BITS, SGX_FLAGS_PROVISION_KEY, SGX_XFRM_AMX, SGX_XFRM_AVX, SGX_XFRM_AVX512, - SGX_XFRM_LEGACY, SGX_XFRM_MPX, SGX_XFRM_PKRU, + sgx_attributes_t, sgx_misc_attribute_t, sgx_misc_select_t, SGX_FLAGS_AEX_NOTIFY, + SGX_FLAGS_DEBUG, SGX_FLAGS_EINITTOKEN_KEY, SGX_FLAGS_INITTED, SGX_FLAGS_KSS, + SGX_FLAGS_MODE64BIT, SGX_FLAGS_NON_CHECK_BITS, SGX_FLAGS_PROVISION_KEY, SGX_XFRM_AMX, + SGX_XFRM_AVX, SGX_XFRM_AVX512, SGX_XFRM_LEGACY, SGX_XFRM_MPX, SGX_XFRM_PKRU, }; /// Attributes of the enclave @@ -122,6 +122,8 @@ bitflags! { const EINIT_TOKEN_KEY = SGX_FLAGS_EINITTOKEN_KEY as u64; /// If set, then the enclave uses KSS(Key Separation and Sharing) const KSS = SGX_FLAGS_KSS as u64; + /// If set, then the enclave enables AEX Notify + const AEX_NOTIFY = SGX_FLAGS_AEX_NOTIFY as u64; /// BIT[55-48] will not be checked */ const NON_CHECK_BITS = SGX_FLAGS_NON_CHECK_BITS; /// Value used by `sgx_seal_data()`. See `attribute_mask` description in diff --git a/dcap/types/src/error.rs b/dcap/types/src/error.rs index 76382777..1e67f3d3 100644 --- a/dcap/types/src/error.rs +++ b/dcap/types/src/error.rs @@ -283,6 +283,8 @@ pub enum QlError { RootCaUntrusted = quote3_error_t::SGX_QL_ROOT_CA_UNTRUSTED.0, /// The current TCB level cannot be found in the platform/enclave TCB info TcbNotSupported = quote3_error_t::SGX_QL_TCB_NOT_SUPPORTED.0, + /// The QPL's config file is in JSON format but has a format error + ConfigInvalidJson = quote3_error_t::SGX_QL_CONFIG_INVALID_JSON.0, /// Indicate max error to allow better translation Max = quote3_error_t::SGX_QL_ERROR_MAX.0,