diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 8bdc57e5..cd1df331 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -12,14 +12,14 @@ RUN apt-get update \ && rm -r /var/lib/apt/lists # Install SGX_SDK -ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.20/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.20.100.4.bin +ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.21/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.21.100.1.bin RUN curl -o sgx.bin "${SGX_URL}" \ && chmod +x ./sgx.bin \ && ./sgx.bin --prefix=/opt/intel \ && rm ./sgx.bin # Install DCAP libraries -ARG DCAP_VERSION=1.17.100.4-jammy1 +ARG DCAP_VERSION=1.18.100.1-jammy1 RUN mkdir -p /etc/apt/keyrings \ && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor | tee /etc/apt/keyrings/intel-sgx.gpg > /dev/null \ && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" | tee /etc/apt/sources.list.d/intel-sgx.list \ diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7913d9d1..2b4d7af1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -69,7 +69,7 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.17.100.4-jammy1 + version: 1.18.100.1-jammy1 - id: suppression run: | if [ "${{ matrix.rust }}" == "stable" ]; then @@ -98,10 +98,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.20.100.4 + version: 2.21.100.1 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.17.100.4-jammy1 + version: 1.18.100.1-jammy1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -122,10 +122,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.20.100.4 + version: 2.21.100.1 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.17.100.4-jammy1 + version: 1.18.100.1-jammy1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -146,10 +146,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.20.100.4 + version: 2.21.100.1 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.17.100.4-jammy1 + version: 1.18.100.1-jammy1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -187,10 +187,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.20.100.4 + version: 2.21.100.1 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.17.100.4-jammy1 + version: 1.18.100.1-jammy1 - uses: dtolnay/rust-toolchain@stable with: components: llvm-tools-preview diff --git a/CHANGELOG.md b/CHANGELOG.md index 81c0c416..ef04b3a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed -- The SGX SDK version is now 2.20.100.4 +- The SGX SDK version is now 2.21.100.1 ## [0.8.0] - 2023-09-21 diff --git a/core/build/headers/sgx_dcap_quoteverify.h b/core/build/headers/sgx_dcap_quoteverify.h index 68f9879b..a4ec1384 100644 --- a/core/build/headers/sgx_dcap_quoteverify.h +++ b/core/build/headers/sgx_dcap_quoteverify.h @@ -49,18 +49,23 @@ extern "C" { * When the Quoting Verification Library is linked to a process, it needs to know the proper enclave loading policy. * The library may be linked with a long lived process, such as a service, where it can load the enclaves and leave * them loaded (persistent). This better ensures that the enclaves will be available upon quote requests and not subject - * to EPC limitations if loaded on demand. However, if the Quoting library is linked with an application process, there - * may be many applications with the Quoting library and a better utilization of EPC is to load and unloaded the quoting - * enclaves on demand (ephemeral). The library will be shipped with a default policy of loading enclaves and leaving - * them loaded until the library is unloaded (PERSISTENT). If the policy is set to EPHEMERAL, then the QE and PCE will - * be loaded and unloaded on-demand. If either enclave is already loaded when the policy is change to EPHEMERAL, the - * enclaves will be unloaded before returning. + * to EPC limitations if loaded on demand. However, if the QVL is linked with an application process, there may be many + * applications with the QVL and a better utilization of EPC is to load and unloaded the quote verification enclaves on + * demand (ephemeral). The library will be shipped with a default policy of loading enclaves and leaving + * them loaded until the library is unloaded (PERSISTENT). If the policy is set to EPHEMERAL, then the QvE will + * be loaded and unloaded on-demand. + * Supported policies: + * SGX_QL_EPHEMERAL - Default policy. QvE is initialized and terminated on every quote verification function call. + * SGX_QL_PERSISTENT - All the threads will share single QvE instance, and QvE is initialized on first use and reused until process ends. + * SGX_QL_EPHEMERAL_QVE_MULTI_THREAD - QvE is loaded per thread and be unloaded before function exit. + * SGX_QL_PERSISTENT_QVE_MULTI_THREAD - QvE is loaded per thread and only be unloaded before thread exit. + * + * NOTE: QvE load policy should be only set once in one process, change the policy means all threads will be impacted. * * @param policy Sets the requested enclave loading policy to either SGX_QL_PERSISTENT, SGX_QL_EPHEMERAL or SGX_QL_DEFAULT. * * @return SGX_QL_SUCCESS Successfully set the enclave loading policy for the quoting library's enclaves. * @return SGX_QL_UNSUPPORTED_LOADING_POLICY The selected policy is not support by the quoting library. - * @return SGX_QL_ERROR_UNEXPECTED Unexpected internal error. * **/ quote3_error_t sgx_qv_set_enclave_load_policy(sgx_ql_request_policy_t policy); diff --git a/core/build/headers/sgx_pce.h b/core/build/headers/sgx_pce.h index d5305810..467aacee 100644 --- a/core/build/headers/sgx_pce.h +++ b/core/build/headers/sgx_pce.h @@ -73,6 +73,9 @@ typedef enum _sgx_ql_request_policy SGX_QL_PERSISTENT, ///< QE is initialized on first use and reused until process ends. SGX_QL_EPHEMERAL, ///< QE is initialized and terminated on every quote. ///< If a previous QE exists, it is stopped & restarted before quoting. + SGX_QL_EPHEMERAL_QVE_MULTI_THREAD, ///< Only used for quote verification, QvE is loaded per thread and be unloaded before function exit. + SGX_QL_PERSISTENT_QVE_MULTI_THREAD, ///< Only used for quote verification, QvE is loaded per thread and be unloaded before thread exit. + SGX_QL_DEFAULT = SGX_QL_PERSISTENT } sgx_ql_request_policy_t; diff --git a/core/build/headers/sgx_quote_4.h b/core/build/headers/sgx_quote_4.h index 1342821d..e1799431 100644 --- a/core/build/headers/sgx_quote_4.h +++ b/core/build/headers/sgx_quote_4.h @@ -46,7 +46,7 @@ #pragma pack(push, 1) -#define TD_INFO_RESERVED_BYTES 112 +#define TD_INFO_RESERVED_BYTES_V1 112 typedef struct _tee_info_t /* 512 bytes */ { tee_attributes_t attributes; /* ( 0) TD's attributes */ @@ -56,7 +56,7 @@ typedef struct _tee_info_t /* 512 bytes */ tee_measurement_t mr_owner; /* (112) Software defined ID for the guest TD's owner */ tee_measurement_t mr_owner_config; /* (160) Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS */ tee_measurement_t rt_mr[4]; /* (208) Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers */ - uint8_t reserved[TD_INFO_RESERVED_BYTES]; /* (400) Reserved, must be zero */ + uint8_t reserved[TD_INFO_RESERVED_BYTES_V1]; /* (400) Reserved, must be zero */ } tee_info_t; @@ -66,7 +66,7 @@ typedef struct _tee_tcb_svn_t uint8_t tcb_svn[TEE_TCB_SVN_SIZE]; } tee_tcb_svn_t; -#define TD_TEE_TCB_INFO_RESERVED_BYTES 111 +#define TD_TEE_TCB_INFO_RESERVED_BYTES_V1 111 typedef struct _tee_tcb_info_t { uint8_t valid[8]; /* ( 0) Indicates TEE_TCB_INFO fields which are valid @@ -77,7 +77,7 @@ typedef struct _tee_tcb_info_t tee_measurement_t mr_seam; /* ( 24) Measurement of the SEAM module */ tee_measurement_t mr_seam_signer; /* ( 72) Measurement of SEAM module signer. (Not populated for Intel SEAM modules) */ tee_attributes_t attributes; /* (120) Additional configuration attributes.(Not populated for Intel SEAM modules) */ - uint8_t reserved[TD_TEE_TCB_INFO_RESERVED_BYTES]; /* (128) Reserved, must be zero */ + uint8_t reserved[TD_TEE_TCB_INFO_RESERVED_BYTES_V1];/* (128) Reserved, must be zero */ } tee_tcb_info_t; /** The SGX_QL_SGX_QL_ALG_ECDSA_P256 specific data structure. Appears in the signature_data[] of the sgx_quote3_t @@ -123,7 +123,7 @@ typedef struct _sgx_quote4_header_t { typedef struct _sgx_report2_body_t { tee_tcb_svn_t tee_tcb_svn; ///< 0: TEE_TCB_SVN Array tee_measurement_t mr_seam; ///< 16: Measurement of the SEAM module - tee_measurement_t mrsigner_seam; ///< 64: Measurement of a 3rd party SEAM module’s signer (SHA384 hash). + tee_measurement_t mrsigner_seam; ///< 64: Measurement of a 3rd party SEAM module’s signer (SHA384 hash). /// The value is 0’ed for Intel SEAM module tee_attributes_t seam_attributes; ///< 112: MBZ: TDX 1.0 tee_attributes_t td_attributes; ///< 120: TD's attributes @@ -141,12 +141,12 @@ typedef struct _sgx_report2_body_t { typedef struct _sgx_quote4_t { sgx_quote4_header_t header; ///< 0: The quote header. sgx_report2_body_t report_body; ///< 48: The REPORT of the TD that is attesting remotely. - uint32_t signature_data_len; ///< 656: The length of the signature_data. Varies depending on the type of sign_type. + uint32_t signature_data_len; ///< 632: The length of the signature_data. Varies depending on the type of sign_type. #ifdef _MSC_VER #pragma warning(push) #pragma warning ( disable:4200 ) #endif - uint8_t signature_data[]; ///< 660: Contains the variable length containing the quote signature and support data for the signature. + uint8_t signature_data[]; ///< 636: Contains the variable length containing the quote signature and support data for the signature. #ifdef _MSC_VER #pragma warning(pop) #endif diff --git a/core/build/headers/sgx_report2.h b/core/build/headers/sgx_report2.h index 14f76423..355bee8a 100644 --- a/core/build/headers/sgx_report2.h +++ b/core/build/headers/sgx_report2.h @@ -36,6 +36,8 @@ #ifndef _SGX_REPORT2_H_ #define _SGX_REPORT2_H_ +#include + #define TEE_HASH_384_SIZE 48 /* SHA384 */ #define TEE_MAC_SIZE 32 /* Message SHA 256 HASH Code - 32 bytes */ @@ -67,6 +69,7 @@ typedef struct _tee_attributes_t #define TEE_REPORT2_TYPE 0x81 /* TEE Report Type2 */ #define TEE_REPORT2_SUBTYPE 0x0 /* SUBTYPE for Report Type2 is 0 */ #define TEE_REPORT2_VERSION 0x0 /* VERSION for Report Type2 is 0 */ +#define TEE_REPORT2_VERSION_SERVICETD 0x1 /* VERSION for Report Type2 which mr_servicetd is used */ typedef struct _tee_report_type_t { uint8_t type; /* Trusted Execution Environment(TEE) type: diff --git a/dcap/types/src/request_policy.rs b/dcap/types/src/request_policy.rs index c7d25263..495975cc 100644 --- a/dcap/types/src/request_policy.rs +++ b/dcap/types/src/request_policy.rs @@ -17,6 +17,12 @@ pub enum RequestPolicy { /// previous quoting enclave exists, it is stopped and restarted before /// quoting. Ephemeral, + /// Only used for quote verification, QvE is loaded per thread and be + /// unloaded before thread exit. + PersistentQveMultiThread, + /// Only used for quote verification, QvE is loaded per thread and be + /// unloaded before function exit. + EphemeralQveMultiThread, } impl TryFrom for RequestPolicy { @@ -26,6 +32,12 @@ impl TryFrom for RequestPolicy { match p { sgx_ql_request_policy_t::SGX_QL_PERSISTENT => Ok(Self::Persistent), sgx_ql_request_policy_t::SGX_QL_EPHEMERAL => Ok(Self::Ephemeral), + sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD => { + Ok(Self::PersistentQveMultiThread) + } + sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD => { + Ok(Self::EphemeralQveMultiThread) + } p => Err(FfiError::UnknownEnumValue(p.0.into())), } } @@ -36,6 +48,12 @@ impl From for sgx_ql_request_policy_t { match p { RequestPolicy::Persistent => sgx_ql_request_policy_t::SGX_QL_PERSISTENT, RequestPolicy::Ephemeral => sgx_ql_request_policy_t::SGX_QL_EPHEMERAL, + RequestPolicy::PersistentQveMultiThread => { + sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD + } + RequestPolicy::EphemeralQveMultiThread => { + sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD + } } } } @@ -48,6 +66,8 @@ mod test { #[parameterized( persistent = { sgx_ql_request_policy_t::SGX_QL_PERSISTENT, RequestPolicy::Persistent }, ephemeral = { sgx_ql_request_policy_t::SGX_QL_EPHEMERAL, RequestPolicy::Ephemeral }, + persistent_qve_multi_thread = { sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD, RequestPolicy::PersistentQveMultiThread }, + ephemeral_qve_multi_thread = { sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD, RequestPolicy::EphemeralQveMultiThread }, defualt = { sgx_ql_request_policy_t::SGX_QL_DEFAULT, RequestPolicy::Persistent }, )] fn from_sgx_to_policy(sgx_policy: sgx_ql_request_policy_t, expected: RequestPolicy) { @@ -58,6 +78,8 @@ mod test { #[parameterized( persistent = { RequestPolicy::Persistent, sgx_ql_request_policy_t::SGX_QL_PERSISTENT }, ephemeral = { RequestPolicy::Ephemeral, sgx_ql_request_policy_t::SGX_QL_EPHEMERAL }, + persistent_qve_multi_thread = { RequestPolicy::PersistentQveMultiThread, sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD }, + ephemeral_qve_multi_thread = { RequestPolicy::EphemeralQveMultiThread, sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD }, )] fn from_policy_to_sgx(policy: RequestPolicy, expected: sgx_ql_request_policy_t) { let sgx_policy: sgx_ql_request_policy_t = policy.into(); @@ -65,7 +87,7 @@ mod test { } #[test] fn sgx_policy_out_of_bounds_panics() { - let result = RequestPolicy::try_from(sgx_ql_request_policy_t(2)); + let result = RequestPolicy::try_from(sgx_ql_request_policy_t(4)); assert!(result.is_err()); } }