enarx 0.3.0

Enarx Keep Loader
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

// SPDX-License-Identifier: Apache-2.0

use std::num::NonZeroU32;

use anyhow::{anyhow, Result};
use goblin::elf::program_header::{PF_R, PF_W, PF_X};
use sallyport::elf;
use sgx::page::{Flags, SecInfo};
use sgx::parameters::{Masked, Parameters};

#[derive(Debug)]
pub struct Config {
    pub parameters: Parameters,
    pub ssap: NonZeroU32,
    pub size: usize,
    pub sallyport_block_size: u64,
}

impl super::super::Config for Config {
    type Flags = (SecInfo, bool);

    fn flags(flags: u32) -> Self::Flags {
        let mut rwx = Flags::empty();
        if flags & PF_R != 0 {
            rwx |= Flags::READ;
        }
        if flags & PF_W != 0 {
            rwx |= Flags::WRITE;
        }
        if flags & PF_X != 0 {
            rwx |= Flags::EXECUTE;

            // Debugging with gdb also involves modifying executable memory
            if cfg!(feature = "gdb") {
                rwx |= Flags::WRITE;
            }
        }

        let m = flags & elf::pf::sgx::UNMEASURED == 0;
        let si = match flags & elf::pf::sgx::TCS {
            0 => SecInfo::reg(rwx),
            _ => SecInfo::tcs(),
        };

        (si, m)
    }

    fn new(shim: &super::super::Binary<'_>, _exec: &super::super::Binary<'_>) -> Result<Self> {
        unsafe {
            let params: Parameters = Parameters {
                misc: Masked {
                    data: shim
                        .note(elf::note::NAME, elf::note::sgx::MISC)
                        .ok_or_else(|| anyhow!("SGX shim is missing MISC"))?,
                    mask: shim
                        .note(elf::note::NAME, elf::note::sgx::MISCMASK)
                        .ok_or_else(|| anyhow!("SGX shim is missing MISCMASK"))?,
                },
                attr: Masked {
                    data: shim
                        .note(elf::note::NAME, elf::note::sgx::ATTR)
                        .ok_or_else(|| anyhow!("SGX shim is missing ATTR"))?,
                    mask: shim
                        .note(elf::note::NAME, elf::note::sgx::ATTRMASK)
                        .ok_or_else(|| anyhow!("SGX shim is missing ATTRMASK"))?,
                },
                pid: shim
                    .note(elf::note::NAME, elf::note::sgx::PID)
                    .ok_or_else(|| anyhow!("SGX shim is missing PID"))?,
                svn: shim
                    .note(elf::note::NAME, elf::note::sgx::SVN)
                    .ok_or_else(|| anyhow!("SGX shim is missing SVN"))?,
            };

            let ssap: u8 = shim
                .note(elf::note::NAME, elf::note::sgx::SSAP)
                .ok_or_else(|| anyhow!("SGX shim is missing SSAP"))?;
            let ssap =
                NonZeroU32::new(ssap.into()).ok_or_else(|| anyhow!("SGX shim SSAP is invalid"))?;

            let bits: u8 = shim
                .note(elf::note::NAME, elf::note::sgx::BITS)
                .ok_or_else(|| anyhow!("SGX shim is missing BITS"))?;

            let sallyport_block_size: u64 = shim
                .note(elf::note::NAME, elf::note::BLOCK_SIZE)
                .ok_or_else(|| anyhow!("SGX shim is missing BLOCK_SIZE"))?;

            Ok(Self {
                parameters: params,
                size: 1 << bits,
                ssap,
                sallyport_block_size,
            })
        }
    }
}