From b2ee2d55c302686c3961f082d82bd7de8f20f802 Mon Sep 17 00:00:00 2001 From: Adrian Cruceru Date: Tue, 5 May 2020 14:55:34 +0200 Subject: [PATCH] Update fortanix-sgx-tools version due to libunwind update Update aesm-client version due to ECDSA operations --- Cargo.lock | 2 +- doc/FORTANIX-SGX-ABI.md | 61 +++++++---------------------- doc/FORTANIX-SGX-ELF.md | 72 +++++++++++++++++++++++++++++++++++ fortanix-sgx-tools/Cargo.toml | 2 +- 4 files changed, 87 insertions(+), 50 deletions(-) create mode 100644 doc/FORTANIX-SGX-ELF.md diff --git a/Cargo.lock b/Cargo.lock index 2ad1b807..8a059b15 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -648,7 +648,7 @@ dependencies = [ [[package]] name = "fortanix-sgx-tools" -version = "0.3.1" +version = "0.4.0" dependencies = [ "aesm-client", "clap", diff --git a/doc/FORTANIX-SGX-ABI.md b/doc/FORTANIX-SGX-ABI.md index 154d11ef..796a027c 100644 --- a/doc/FORTANIX-SGX-ABI.md +++ b/doc/FORTANIX-SGX-ABI.md @@ -1,4 +1,4 @@ -# Fortanix SGX ABI v0.3.0 +# Fortanix SGX ABI v0.3.2 This document describes the ABI of SGX enclaves built using `libenclave`. @@ -6,8 +6,9 @@ This document describes the ABI of SGX enclaves built using `libenclave`. | ABI version | Rust std version | enclave-runner version | | -----------:| ----------------:| ----------------------:| -| 0.3.1 | TBD | 0.1.0 | -| 0.3.0 | 15a2607.. | 0.1.0 | +| 0.3.2 | 50f3d6e.. | 0.1.0~0.3.1 | +| 0.3.1 | bd47d68.. | 0.1.0~0.3.1 | +| 0.3.0 | 15a2607.. | 0.1.0~0.3.1 | | ABI version | libenclave version | enclave-interface version | | -----------:| ------------------:| -------------------------:| @@ -18,19 +19,19 @@ This document describes the ABI of SGX enclaves built using `libenclave`. | 0.1.3 | 0.1.0-0.1.3 | 0.1.0-0.1.1 | | 0.1.0 | 0.1.0-0.1.3 | 0.1.0-0.1.1 | -## Changelog +### Changelog -### Version 0.3.2 +#### Version 0.3.2 * *No semantic changes.* * More changes to allow building as a crates.io dependency of `std`. -### Version 0.3.1 +#### Version 0.3.1 * *No semantic changes.* * Changes to allow building as a crates.io dependency of `std`. -### Version 0.3.0 +#### Version 0.3.0 * Return values are now two registers wide instead of one. * No longer distinguish between “panic exit” and “usercall exit”. Panic @@ -38,64 +39,28 @@ This document describes the ABI of SGX enclaves built using `libenclave`. * Renamed “libenclave ABI” to “Fortanix SGX ABI”. * TLS size and contents updated. -### Version 0.2.3 +#### Version 0.2.3 * TLS size and contents updated. -### Version 0.2.2 +#### Version 0.2.2 * TLS size updated. Debug TLS size is now the same as non-debug size. -### Version 0.2.1 +#### Version 0.2.1 * AEX debug handler removed. -### Version 0.2.0 +#### Version 0.2.0 * Usercall register saving semantics changed. The enclave no longer distinguishes between normal enters and usercall enters for purposes of saving user register state. -### Version 0.1.3 +#### Version 0.1.3 * TLS size and contents updated. -## Thread settings - -This section describes the requirements on the SGX thread control structure -(TCS), thread local storage (TLS) and thread stacks. - -### TCS - -- `NSSA` should be set to 1. -- `OGSBASGX` should point to a thread-specific memory region (e.g. TLS) of at - least 112 bytes. - -### TLS - -The memory region pointed to by `OGSBASGX` should be initialized as follows: - -- Offset `0x0`: Top-of-Stack offset from image base. -- Offset `0x8`: `1` if this is an executable and this is a secondary TCS, `0` - otherwise. -- Offsets `0x10`, `0x18`, `0x20`: `0` -- Other offsets: uninitialized. - -## Globals - -This section describes the requirements for various global constants in the SGX -binary. - -- `HEAP_BASE`. Size 8 bytes. The base address (relative to enclave start) of - the heap area, little-endian. -- `HEAP_SIZE`. Size 8 bytes. The heap size in bytes, little-endian. -- `ENCLAVE_SIZE`. Size 8 bytes. The enclave size in bytes, little-endian. -- `CFGDATA_BASE`. Size 8 bytes. The base address (relative to enclave start) of - the enclave configuration area, little-endian. -- `RELA`. Size 8 bytes. Value of the RELA entry in the dynamic table. -- `RELACOUNT`. Size 8 bytes. Value of the RELACOUNT entry in the dynamic table. -- `DEBUG`. Size 1 byte. Non-zero if debugging is enabled, zero otherwise. - ## Enclave calling convention Upon `EENTER`, besides the standard SGX control registers, parameters are diff --git a/doc/FORTANIX-SGX-ELF.md b/doc/FORTANIX-SGX-ELF.md new file mode 100644 index 00000000..231c1e9b --- /dev/null +++ b/doc/FORTANIX-SGX-ELF.md @@ -0,0 +1,72 @@ +# Fortanix SGX ELF specification + +ELF is only an intermediate stage for the Fortanix SGX toolchain. Compatibility +is maintained at the source code and SGXS ABI level (see +[FORTANIX-SGX-ABI.md](FORTANIX-SGX-ABI.md)). + +Nonetheless, this document describes the intermediate ELF format. This is for +reference purposes only, third parties should *not* rely on this format. + +## ELF compatibility level + +The compatibility level is contained in an ELF note section named +`.note.x86_64-fortanix-unknown-sgx`, note type `NT_VERSION` with name +`toolchain-version`. The contents of the note is a 32-bit little-endian number. + +| toolchain-version | fortanix-sgx-tools version | Rust std version | +| -----------------:| --------------------------:|-----------------:| +| 1 | 0.4.0 | TBD | +| 0 | 0.1.0~0.4.0 | 33e6df4.. | + +### Changelog + +#### Version 1 + +* Updated libunwind integration for new libunwind version + +## Thread settings + +This section describes the requirements on the SGX thread control structure +(TCS), thread local storage (TLS) and thread stacks. + +### TCS + +- `NSSA` should be set to 1. +- `OGSBASGX` should point to a thread-specific memory region (e.g. TLS) of at + least 112 bytes. + +### TLS + +The memory region pointed to by `OGSBASGX` should be initialized as follows: + +- Offset `0x0`: Top-of-Stack offset from image base. +- Offset `0x8`: `1` if this is an executable and this is a secondary TCS, `0` + otherwise. +- Offsets `0x10`, `0x18`, `0x20`: `0` +- Other offsets: uninitialized. + +## Globals + +This section describes the requirements for various global constants in the SGX +binary. + +- `HEAP_BASE`. Size 8 bytes. The base address (relative to enclave start) of + the heap area, little-endian. +- `HEAP_SIZE`. Size 8 bytes. The heap size in bytes, little-endian. +- `ENCLAVE_SIZE`. Size 8 bytes. The enclave size in bytes, little-endian. +- `CFGDATA_BASE`. Size 8 bytes. The base address (relative to enclave start) of + the enclave configuration area, little-endian. +- `RELA`. Size 8 bytes. Value of the RELA entry in the dynamic table. +- `RELACOUNT`. Size 8 bytes. Value of the RELACOUNT entry in the dynamic table. +- `DEBUG`. Size 1 byte. Non-zero if debugging is enabled, zero otherwise. +- `TEXT_BASE`. Size 8 bytes. The base address (relative to enclave start) of + the enclave text section. +- `TEXT_SIZE`. Size 8 bytes. The size in bytes of the enclave text section. +- `EH_FRM_HDR_OFFSET`. Size 8 bytes. The base address (relative to enclave + start) of the ELF section named '.eh_frame_hdr'. +- `EH_FRM_HDR_LEN`. Size 8 bytes. The size in bytes of the ELF section named + '.eh_frame_hdr'. +- `EH_FRM_OFFSET`. Size 8 bytes. The base address (relative to enclave start) + of the ELF section named '.eh_frame'. +- `EH_FRM_LEN`. Size 8 bytes. The size in bytes of the ELF section named + '.eh_frame'. diff --git a/fortanix-sgx-tools/Cargo.toml b/fortanix-sgx-tools/Cargo.toml index ac3c5b69..79977059 100644 --- a/fortanix-sgx-tools/Cargo.toml +++ b/fortanix-sgx-tools/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "fortanix-sgx-tools" -version = "0.3.1" +version = "0.4.0" authors = ["Fortanix, Inc."] license = "MPL-2.0" description = """