sgx-lkl
sgx-lkl copied to clipboard
lsds
Support for non-FLC SGX1 machines broken
Summary: Currently the support for SGX1 machines that do not support FLC is broken.
Problem: We compile OE with HAS_QUOTE_PROVIDER=ON, which is only supported on machines with FLC support/DCAP attestation. SGX-LKL then tries to obtain an attestation report as a test (even when running without attestation), which consequently fails.
Solution: Instead, we should check if the platform supports FLC and change how we build OE depending on that. The user should be notified that this means that attestation or a RELEASE build is unavailable on their platform.
@wintersteiger @letmaik @jxyang can we also remove the invocation of oe_get_report here:
https://github.com/lsds/sgx-lkl/blob/4419f27c4859bcec6abfa936963b1ff10c2aa975/src/enclave/enclave_init.c#L160
This not only breaks on SGX1 machines without FLC but also on SGX2 machines.
When not running with attestation, we shouldn't have a dependency on attestation.
Yes, this was a total ad-hoc test, which we will never need in this fashion and it adds confusing warning/error messages to the output. I will kill this completely now. @letmaik there will be a replacement that comes with the new configs.
Instead, we should check if the platform supports FLC and change how we build OE depending on that.
This won't work, since your build machine may not be the machine where it runs and may not have SGX at all.
I think the easiest would be to always build with FLC support (and require the Intel SGX libraries to be installed on the build machine). OE loads the SGX libraries dynamically, so if you don't request a quote, nothing bad will happen. I think the launcher should check if the system supports FLC and if it doesn't then disable any attestation-related functionality, for example no support for disk encryption keys stored in a service that requires a quote for release.
If you build OE with FLC doesn't that break enclave creation on a non-FLC machine? The OE documentation says that this needs to be picked at build time. I think that we should allow the user to specify what they want at SGX-LKL build time.
Ah ok I wasn't aware of that. I'd like to avoid a build-time option as that would also mean having to distribute multiple package variants. I'll open an issue in OE to check whether this is really build time and whether it can be avoided.
EDIT: https://github.com/openenclave/openenclave/issues/3178
The OE instructions for non-FLC systems include -DHAS_QUOTE_PROVIDER=OFF, so it's disabled at build time.
Yeah, OE distinguishes between these cases: https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/Contributors/building_oe_sdk.md#1-determine-the-sgx-support-level-on-your-developmenttarget-system
They provide only binaries with FLC support.
Intel says it's easy to check FLC support at runtime: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/816625
cpuid -r -1find the 0x00000007 line and content of ecx, if ecx's 2nd bit from left side is 1, it supports FLC.
I don't think we want to make our build dependent on that though, as containers will usually run on machines that are different from the dev machines.
It was decided during triage that this is a "won't fix" but the issue is being left open so that we will document this as an incompatibility.
