![]() ![]() ![]() * Implemented a proper device model in order to allow sysfs attributes * Implemented consistent exception handling to _encls() and _encls_ret(). * Fixed SSA frame size calculation to take the misc region into account. * Validate miscselect in sgx_encl_create(). ![]() * Fixed struct sgx_secinfo alignment from 128 to 64 bytes. * Removed redundant sgx_sys_exit() from le/main.c. * Added remark about AES implementation used inside the LE. got.plt, which will cause an inconsistent size for the LE. * Added -remove-section=.got.plt to objcopy flags in order to prevent aĭummy. * If mmu_notifier_register() fails with -EINTR, return -ERESTARTSYS. * Use unused bits in epc_page->pa to store the bank number. * Return -ERESTARTSYS in _sgx_encl_add_page() when sgx_alloc_page() fails. * Check that FEATURE_CONTROL_LOCKED and FEATURE_CONTROL_SGX_ENABLE are set. * Retry EINIT 2nd time only if MSRs are not locked. * Replaced subsys_system_register() with plain bus_register(). * Refactored a more lean API for sgx_encl_find() and documented the behavior. * Updated sgx_alloc_page() to require encl parameter and documented the * Removed unused symbol exports for sgx_page_cache.c. * Fixed a leak of a backing page in sgx_process_add_page_req() in the * Removed _exit annotation from sgx_drv_subsys_exit(). * Tied life-cycle of the sgx_le_proxy process to /dev/sgx. * Removed SGX_ENCLAVE_INIT_ARCH constant. * Collect epc pages to a temp list in sgx_add_epc_bank * Encapsulated properly page cache init and teardown. * Forgot to check the return value of sgx_drv_subsys_init(). * Fixed spelling mistakes in the documentation. Versions except those that exist in the imported Tin圜rypt code. * Fixed all relevant issues that I have forgot fix in earlier * Described IPC between the Launch Enclave and kernel in the commit messages. * Style fixes based on Darren's comments to sgx_le.c. * Sorted local variable declarations according to the line length in * Refined commit messages for new architectural constants. Released back to the EPC bank concurrently. * Relaxed locking requirements for EPC management. The locking has been moved to the EPC bank level instead Struct sgx_epc_page instances there is an array of integers thatĮncodes address and bank of an EPC page (the same data as 'pa' fieldĮarlier). * Reworked EPC management in a way that instead of a linked list of ![]() * Changed the default filename for the signing key as signing_key.pem. * Removed virtualization chapter from the documentation. * In sgx_encl_create() s/IS_ERR(secs)/IS_ERR(encl)/. * Fixed semaphore underrun when accessing /dev/sgx from the launch enclave. Restructured the codeĪ bit in order to better align with kernel conventions. * Modified TC's CMAC to use kernel AES-NI. * Fixed deferencing of an RSA key on OpenSSL 1.1.0. * Squeezed struct sgx_encl_page to 32 bytes. * Simplified swapping code by using a pointer array for a cluster * Fixed a memory leak in sgx_ioc_enclave_create(). When it should have been masked with ~PAGE_MASK. * Fixed offset calculation in sgx_edbgr/wr(). * does not use flexible launch control but instead relies on SDK provided * top-level patch modifies the ioctl API to be SDK compatible 'master' branch contains the same patches with the following differences: 'le' branch contains the upstream candidate patches. The GIT repositoy for SGX driver resides in You can tell if your CPU supports SGX by looking into /proc/cpuinfo: The data is encrypted using a random key whose life-time is The MEE automatically encrypts the data leaving the processor package to the MEE regions that can hold enclave data by configuring them with PRMRR (MEE) starting from the Skylake microacrhitecture. There is a new hardware unit in the processor called Memory Encryption Engine In a way you can think that SGX provides inverted sandbox. The code outside the enclave isĭisallowed to access the memory inside the enclave by the CPU access control. Set aside private regions of code and data. Intel(R) SGX is a set of CPU instructions that can be used by applications to Randy Dunlap, Sean Christopherson, Thomas Gleixner, Tom Lendacky Open list:FILESYSTEMS (VFS and infrastructure), Janakarajan Natarajan, Jim Mattson, Kan Liang, Kyle Huey, Greg Kroah-Hartman, Grzegorz Andrejczuk, Ingo Molnar, To: intel-sgx-kernel-dev, platform-driver-x86, x86Ĭc: linux-kernel, Jarkko Sakkinen, Borislav Petkov, David S. ` (7 more replies) 0 siblings, 8 replies 21+ messages in threadįrom: Jarkko Sakkinen 1:54 UTC ( / raw) 1:54 ` intel_sgx: updated MAINTAINERS Jarkko Sakkinen Intel SGX Driver LKML Archive on help / color / mirror / Atom feed * Intel SGX Driver 1:54 Jarkko Sakkinen ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |