The implementation of the 'vSGX: Virtualizing SGX Enclaves on AMD SEV' paper

Related tags

Miscellaneous vSGX
Overview

vSGX: Virtualizing SGX Enclaves on AMD SEV

About the Project

This is a research project aims to enable binary compatibility execution of Intel SGX enclaves on AMD SEV machines. The paper is accepted to 2022 IEEE Symposium on Security and Privacy. You can download the paper here.

All implementations except for existing code bases (Linux, Intel SGX SDK, etc.) were written and debugged by NSKernel.

License

This project is opensourced under GPLv2. See LICENSE.

Copyright (C) 2022 NSKernel and OSU SecLab.

Other components included in this repository are also licensed under GPLv2.

Quick Start Guide

Disclaimer: vSGX IS NOT BUG FREE AND THERE IS NO WARRANTY FOR THE CODE. KERNEL CODE MODIFICATIONS IN IT MAY CAUSE KERNEL PANICS AND/OR DESTRUCTIVE CONSEQUENCES. DO NOT TEST THE CODE ON ANY MACHINE THAT YOU ARE NOT WILLING TO WIPE.

This project once was called 'EmuSGX'. Some of the naming in the code is still carrying this name.

The following assumes a Ubuntu environment. Suppose you are at ~/.

Step 0: Check if your machine meets the requirement and if you are ready

  • Machine has an SEV processor
  • Machine has SEV enabled in the UEFI
  • You know how to build and install Linux kernel
  • You know how to build and install Linux SGX SDK and build SGX software
  • You have read the paper

This is a relatively complicated system with multiple components down from kernels, kernel modules up to SDK and environments. I recommend you to have proper experiences on kernel coding and SGX SDK to minimize your frustration in your adventure.

Step 1: Clone this project

git clone https://github.com/OSUSecLab/vSGX.git

Step 2: Build the hypervisor infrustructure

Clone the AMD SEV project

git clone https://github.com/AMDESE/AMDSEV.git

Checkout the SEV-ES branch (Even if you just have SEV. SEV-ES works on both SEV and SEV-ES)

git checkout sev-es

The reference commit we tested is 222e2942a10e0174b5ef90439785641a956c45ad.

Follow the README.md to build the SEV environment. Install everything built EXCEPT FOR THE KERNEL.

Copy the 4 files under the vSGX/kvm folder to overwrite the corresponding ones in AMDSEV/build/linux/arch/x86/kvm.

cp vSGX/kvm/* AMDSEV/build/linux/arch/x86/kvm

Build the kernel again manually by

cd AMDSEV/build/linux
make -j $(getconf _NPROCESSORS_ONLN) LOCALVERSION='-vsgx' bindeb-pkg

Install the built kernel .deb packages. You can now launch your own VMs on SEV-ES using QEMU. Create two VMs: the AVM and the EVM, both using stock Ubuntu with OVMF according to the README.md. (Note that you do not need a GUI to run vSGX)

Step 3: Prepare the EVM

Clone the 5.10.20 version of 5.10.y branch of Linux Stable Tree

cd ~
git clone -b "v5.10.20" --depth 1 --single-branch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Apply the EVM patch

git am ~/vSGX/evm-kernel.patch
git am ~/vSGX/evm-kernel-fix1.patch

Create a build folder and use the given configuration evm-config to build the EVM kernel

cd ~
mkdir evm-kernel-obj
cd linux
make O=../evm-kernel-obj/ defconfig
cp ../vSGX/evm-config ../evm-kernel-obj/.config
make O=../evm-kernel-obj/ oldconfig

Build the EVM kernel

make O=../evm-kernel-obj/ -j $(getconf _NPROCESSORS_ONLN) LOCALVERSION='-vsgx-evm' bindeb-pkg

You can now launch the EVM you just created in Step 2 and install the kernels.

Copy kvm/enclave-manager into the EVM. Build the enclave manager by

cd enclave-manager
gcc -pthread asm_helpers.c manager.c

Step 4: Prepare the AVM

We suggest you to use a clean and plain Linux 5.10.20 on AVM. The kernel module might not work with a different version. To build a clean and plain Linux 5.10.20, checkout back to linux-5.10.y branch, build and install. You should have CONFIG_KALLSYMS and CONFIG_KALLSYMS_ALL enabled.

Copy vSGX/emusgx-guest-module, vSGX/sdk.patch and vSGX/linux-sgx-driver into the AVM. (See why and how the driver is modified in COMPATIBILITY.md)

Now in AVM, build the Linux SGX Driver we provided

cd linux-sgx-driver
make

Clone the Linux SGX SDK

cd ~
git clone https://github.com/intel/linux-sgx.git

Checkout the commit 9671c99941814c57be575cbfebc9fe64a05533a4 (We do not guarantee that there is no conflict of our code with other commits) and create a new branch out of it

git checkout -b vsgx

Apply our patch (See why and how the SDK is modified in COMPATIBILITY.md)

git am ~/sdk.patch

Build the SDK and PSW according to the README.md, install it.

Step 5: Run the system

In AVM, install both the emusgx-guest-module and the provided linux-sgx-driver

cd ~/emusgx-guest-module
make install
<Type your password>
cd ~/linux-sgx-driver
sudo insmod isgx.ko

To ensure everything works, you can type dmesg and you should see this

[   xx.xxxxxx] EmuSGX: Initializing guest OS module...
[   xx.xxxxxx] vSGX: Fucking kallsyms...
[   xx.xxxxxx] vSGX: [email protected]
[   xx.xxxxxx] EmuSGX: Hooking IDT...
[   xx.xxxxxx] EmuSGX: IDT hooked. EmuSGX is now running
[   xx.xxxxxx] EmuSGX: Initializating shared page
[   xx.xxxxxx] EmuSGX: Share page initialization is done
[   xx.xxxxxx] vSGX: Worker threads successfully created
[   xx.xxxxxx] not_intel_vsgx: hey! I'm running on AMD??
[   xx.xxxxxx] not_intel_vsgx: not even having SGX??
[   xx.xxxxxx] not_intel_vsgx: you won't believe what I'm running on
[   xx.xxxxxx] intel_sgx: Not Intel SGX Driver v2.11.0
[   xx.xxxxxx] not-intel-sgx: EPC bank 0x80000000-0x95000000
[   xx.xxxxxx] not-intel-sgx: bank 0 mapped to va @ 0xFFFFXXXXXXXXXXXX
[   xx.xxxxxx] not_intel_sgx: now registering /dev/isgx
[   xx.xxxxxx] not_intel_sgx: registered

To see all the logs in AVM in real time, type sudo dmesg -n 8. The AVM side is now ready.

Now on EVM side, run the enclave manager by

cd enclave-manager
./a.out

You should see

vSGX: Switchless worker is on
vSGX: Dispatcher worker is on

To check the EVM is registered to the AVM, a dmesg on AVM side should show

[   xx.xxxxxx] EmuSGX: Registered VM at 0 with ID XXXXXXX

Now build a sample code from the Intel SGX SDK. Remember to source the environment as instructed by the SDK installer.

source ${sgx-sdk-install-path}/environment
cd linux-sgx/SampleCode/SampleEnclave
make

Run the code by typing

./app

The app should just work.

Step 6: Clean up

A launched EVM must be discarded. Just kill it. The AVM can be safely shutdown.

More to Come...

Graphene-SGX requires some more modifications to overcome the GenuineIntel check and CPUID related problems. We will provide a patch to it later so you can try running it yourself.

TODO List

  • EINIT's signature check is bypassed right now because I tried the kernel cryptographic APIs but failed to make it work. However this is an engineering effort and a person who is familiar with the APIs can help. Your patch is welcome.
  • Syscall interface in EVM is left open for debug purposes. You can disable syscalls by adding
if (current->is_enclave_thread) {
	panic("vSGX: Enclave accessed syscalls. Abort.\n");
	// or expand the AEX for UD and drop an AEX here
}
  • Minimisation of the EVM kernel. In fact, everything except for thread and memory management can be trimmed. The enclave does not rely on any conventional system service.
  • This is an implementation to demonstrate the feasibilty and to illustrate the performance of the paper. There might be some bugs remain in the system.
You might also like...
Repository Containing the Code associated with the Paper:
Repository Containing the Code associated with the Paper: "Learning High-Speed Flight in the Wild"

Learning High-Speed Flight in the Wild This repo contains the code associated with the paper Learning Agile Flight in the Wild. For more information,

lib release of paper [TopoTag: A Robust and Scalable Topological Fiducial Marker System]
lib release of paper [TopoTag: A Robust and Scalable Topological Fiducial Marker System]

Library release of paper TopoTag: A Robust and Scalable Topological Fiducial Marker System. Project page: https://herohuyongtao.github.io/research/pub

Code accompanying our SIGGRAPH 2021 Technical Communications paper
Code accompanying our SIGGRAPH 2021 Technical Communications paper "Transition Motion Tensor: A Data-Driven Approach for Versatile and Controllable Agents in Physically Simulated Environments"

SIGGRAPH ASIA 2021 Technical Communications Transition Motion Tensor: A Data-Driven Framework for Versatile and Controllable Agents in Physically Simu

This repo contains source code of our paper presented in IROS2021
This repo contains source code of our paper presented in IROS2021 "Single-Shot is Enough: Panoramic Infrastructure Based Calibration of Multiple Cameras and 3D LiDARs"

Single-Shot is Enough: Panoramic Infrastructure Based Calibration of Multiple Cameras and 3D LiDARs Updates [2021/09/01] first commit, source code of

Sandbox binary and source code for the Siggraph 2017 paper "Water Wave Packets" by Stefan Jeschke (NVIDIA) and Chris Wojtan (IST Austria)

----------------------------- Manual for wave packet viewer ----------------------------- System requirements: Windows8/8.1/10 with DirectX runtime e

Example code for the research paper "Masked Software Occlusion Culling"; implements an efficient alternative to the hierarchical depth buffer algorithm.

MaskedOcclusionCulling This code accompanies the research paper "Masked Software Occlusion Culling", and implements an efficient alternative to the hi

White paper describing the Autodesk Standard Surface shader.
White paper describing the Autodesk Standard Surface shader.

Autodesk Standard Surface A white paper specifying an uber surface shader that aims to provide a material representation capable of accurately modelin

Code for the paper Succinct k-mer Set Representations Using Subset Rank Queries on the Spectral Burrows-Wheeler Transform (SBWT)

SBWT This is the code for the paper Succinct k-mer Set Representations Using Subset Rank Queries on the Spectral Burrows-Wheeler Transform (SBWT). The

In DFS-BFS Implementation In One Program Using Switch Case I am Using an Simple And Efficient Code of DFS-BFS Implementation.
In DFS-BFS Implementation In One Program Using Switch Case I am Using an Simple And Efficient Code of DFS-BFS Implementation.

DFS-BFS Implementation-In-One-Program-Using-Switch-Case-in-C Keywords : Depth First Search(DFS), Breadth First Search(BFS) In Depth First Search(DFS),

Owner
Computer Security Laboratory @ OSU
Computer Security Laboratory @ OSU
Basic EFI with Opencore for AMD Ryzen and Threadripper

BASE EFI AMD - Ryzen and Threadripper (1XXX, 2XXX, 3XXX, 4XXX, 5XXX) and Athlon 2xxGE Note Description Initial macOS Support macOS 10.13, High Sierra.

Gabriel Luchina 53 Nov 27, 2022
A video input (V4L2) to NDI converter that works with Raspberry Pi (32-bit and 64-bit), and Intel/AMD CPUs

V4L2 to NDI V4L2 to NDI is an application that connects to attached V4L2 devices and encodes the video signal into NDI It uses the NDI library, allowi

Luke Plassman 49 Nov 12, 2022
Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)

Osiris This repository contains the implementation of the Osiris framework discussed in the research paper "Osiris: Automated Discovery of Microarchit

CISPA 41 Nov 11, 2022
Supplementary code for SIGGRAPH 2021 paper: Discovering Diverse Athletic Jumping Strategies

SIGGRAPH 2021: Discovering Diverse Athletic Jumping Strategies project page paper demo video Prerequisites Important Notes We suspect there are bugs i

null 53 Nov 22, 2022
The artifact associated with our ISSTA 2021 paper "Seed Selection for Successful Fuzzing"

Seed Selection for Successful Fuzzing The artifact associated with our ISSTA 2021 paper "Seed Selection for Successful Fuzzing". While our primary art

HexHive 33 Nov 5, 2022
DIY Zigbee CC2530 Motion sensor (AM312/ AM412/ BS312/ BS412), Temperature /Humidity /Pressure sensor (BME280), Ambient Light sensor (BH1750), 2.9inch e-Paper Module

How to join: If device in FN(factory new) state: Press and hold button (1) for 2-3 seconds, until device start flashing led Wait, in case of successfu

Sergey Koptyakov 5 Feb 13, 2022
Next gen. of NekoCal: An open-source hackable and programmable e-paper display

NekoInk NekoInk is an open-source, programmable, and versatile E-paper display platform. It offers connectivity options to various type of E-paper scr

Wenting Zhang 51 Nov 16, 2022
DIY Zigbee CC2530 Motion sensor (AM312/ AM412/ BS312/ BS412), Temperature /Humidity /Pressure sensor (BME280), Ambient Light sensor (BH1750), 2.9/2.13/1.54 inch e-Paper Module

How to join: If device in FN(factory new) state: Press and hold button (1) for 2-3 seconds, until device start flashing led Wait, in case of successfu

Sergey Koptyakov 32 Nov 14, 2022
A customizable hardware prefetching framework using online reinforcement learning as described in the MICRO 2021 paper by Bera and Kanellopoulos et al.

A Customizable Hardware Prefetching Framework Using Online Reinforcement Learning Table of Contents What is Pythia? About the Framework Prerequisites

SAFARI Research Group at ETH Zurich and Carnegie Mellon University 53 Nov 21, 2022
Custom BLE firmware for Hanshow E-Paper Shelf Labels / Price Tags

ATC_TLSR_Paper Custom BLE firmware for Hanshow E-Paper Shelf Labels / Price Tags using the TLSR8359 ARM SOC You can support my work via PayPal: https:

null 81 Oct 23, 2022