Skip to content

Commit

Permalink
Move communication structs / defines into shared headers
Browse files Browse the repository at this point in the history
  • Loading branch information
grg-haas committed Jan 12, 2024
1 parent 0b0d01a commit beb8392
Show file tree
Hide file tree
Showing 37 changed files with 228 additions and 226 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ jobs:
- name: Checkout Keystone
uses: actions/checkout@v3
with:
submodules: 'recursive'
submodules: 'true'

- name: Run ctest
run: |
Expand Down
6 changes: 6 additions & 0 deletions linux-keystone-driver/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ ifneq ($(KERNELRELEASE),)
keystone-enclave.o \
keystone-sbi.o
obj-m += keystone-driver.o

ifeq ($(KEYSTONE_SDK_DIR),)
$(error KEYSTONE_SDK_DIR not defined)
endif

ccflags-y := -I$(KEYSTONE_SDK_DIR)/include/shared
else

PWD := $(shell pwd)
Expand Down
8 changes: 4 additions & 4 deletions linux-keystone-driver/keystone-sbi.c
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
#include "keystone-sbi.h"

struct sbiret sbi_sm_create_enclave(struct keystone_sbi_create_t* args) {
return sbi_ecall(KEYSTONE_SBI_EXT_ID,
return sbi_ecall(SBI_EXT_EXPERIMENTAL_KEYSTONE_ENCLAVE,
SBI_SM_CREATE_ENCLAVE,
(unsigned long) args, 0, 0, 0, 0, 0);
}

struct sbiret sbi_sm_run_enclave(unsigned long eid) {
return sbi_ecall(KEYSTONE_SBI_EXT_ID,
return sbi_ecall(SBI_EXT_EXPERIMENTAL_KEYSTONE_ENCLAVE,
SBI_SM_RUN_ENCLAVE,
eid, 0, 0, 0, 0, 0);
}

struct sbiret sbi_sm_destroy_enclave(unsigned long eid) {
return sbi_ecall(KEYSTONE_SBI_EXT_ID,
return sbi_ecall(SBI_EXT_EXPERIMENTAL_KEYSTONE_ENCLAVE,
SBI_SM_DESTROY_ENCLAVE,
eid, 0, 0, 0, 0, 0);
}

struct sbiret sbi_sm_resume_enclave(unsigned long eid) {
return sbi_ecall(KEYSTONE_SBI_EXT_ID,
return sbi_ecall(SBI_EXT_EXPERIMENTAL_KEYSTONE_ENCLAVE,
SBI_SM_RESUME_ENCLAVE,
eid, 0, 0, 0, 0, 0);
}
30 changes: 2 additions & 28 deletions linux-keystone-driver/keystone-sbi.h
Original file line number Diff line number Diff line change
Expand Up @@ -6,35 +6,9 @@
#define _KEYSTONE_SBI_

#include "keystone_user.h"
#include <asm/sbi.h>

#define KEYSTONE_SBI_EXT_ID 0x08424b45
#define SBI_SM_CREATE_ENCLAVE 2001
#define SBI_SM_DESTROY_ENCLAVE 2002
#define SBI_SM_RUN_ENCLAVE 2003
#define SBI_SM_RESUME_ENCLAVE 2005


struct keystone_sbi_pregion_t
{
uintptr_t paddr;
size_t size;
};
#include "sm_call.h"

struct keystone_sbi_create_t
{
// Memory regions for the enclave
struct keystone_sbi_pregion_t epm_region;
struct keystone_sbi_pregion_t utm_region;

// physical addresses
uintptr_t runtime_paddr;
uintptr_t user_paddr;
uintptr_t free_paddr;

// Parameters
struct runtime_params_t params;
};
#include <asm/sbi.h>

struct sbiret sbi_sm_create_enclave(struct keystone_sbi_create_t* args);
struct sbiret sbi_sm_destroy_enclave(unsigned long eid);
Expand Down
3 changes: 2 additions & 1 deletion overlays/keystone/boot/keystone-sm/Config.in
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
config BR2_TARGET_KEYSTONE_SM
bool "Keystone security monitor"
select BR2_TARGET_OPENSBI
select BR2_TARGET_OPENSBI
depends on BR2_PACKAGE_HOST_KEYSTONE_SDK
help
Keystone security monitor augmentations
to OpenSBI
9 changes: 6 additions & 3 deletions overlays/keystone/boot/keystone-sm/keystone-sm.mk
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,12 @@ else
include $(KEYSTONE)/mkutils/pkg-keystone.mk
endif

# Make OpenSBI depend on this build
OPENSBI_DEPENDENCIES += keystone-sm
$(OPENSBI_TARGET_CONFIGURE): keystone-sm-install
# Make OpenSBI depend on this build, which depends on the SDK since it contains
# the shared headers which specify the communication protocol between the host
# <> kernel <> sm <> runtime <> eapp

OPENSBI_DEPENDENCIES += keystone-sm host-keystone-sdk
$(OPENSBI_TARGET_CONFIGURE): keystone-sm-install host-keystone-sdk-install

# Point OpenSBI at the correct location of the SM sources
OPENSBI_MAKE_ENV += PLATFORM_DIR=$(KEYSTONE_SM_BUILDDIR)/plat/
Expand Down
1 change: 1 addition & 0 deletions overlays/keystone/package/keystone-driver/Config.in
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
config BR2_PACKAGE_KEYSTONE_DRIVER
bool "Keystone driver"
depends on BR2_PACKAGE_HOST_KEYSTONE_SDK
help
Linux driver for the Keystone TEE system
2 changes: 2 additions & 0 deletions overlays/keystone/package/keystone-driver/keystone-driver.mk
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ else
include $(KEYSTONE)/mkutils/pkg-keystone.mk
endif

KEYSTONE_DRIVER_DEPENDENCIES += host-keystone-sdk

$(eval $(keystone-package))
$(eval $(kernel-module))
$(eval $(generic-package))
1 change: 1 addition & 0 deletions overlays/keystone/package/keystone-runtime/Config.in
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
config BR2_PACKAGE_KEYSTONE_RUNTIME
bool "Keystone Eyrie runtime"
depends on BR2_PACKAGE_HOST_KEYSTONE_SDK
help
Eyrie runtime
12 changes: 8 additions & 4 deletions overlays/keystone/package/keystone-sdk/keystone-sdk.mk
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,17 @@ else
include $(KEYSTONE)/mkutils/pkg-keystone.mk
endif

HOST_KEYSTONE_SDK_CONF_OPTS += -DKEYSTONE_SDK_DIR=$(HOST_DIR)/usr/share/keystone/sdk \
-DKEYSTONE_BITS=${KEYSTONE_BITS}
# Export the variable below for any other keystone packages to use
export KEYSTONE_SDK_DIR=$(HOST_DIR)/usr/share/keystone/sdk

HOST_KEYSTONE_SDK_CONF_OPTS += -DKEYSTONE_SDK_DIR=$(KEYSTONE_SDK_DIR) \
-DKEYSTONE_BITS=${KEYSTONE_BITS}
HOST_KEYSTONE_SDK_DEPENDENCIES += toolchain

# Clean the examples too if we clean this package
host-keystone-sdk-dirclean: keystone-examples-dirclean
# Clean dependant packages if we clean this one
host-keystone-sdk-dirclean: keystone-examples-dirclean \
keystone-sm-dirclean \
keystone-driver-dirclean

$(eval $(host-keystone-package))
$(eval $(host-cmake-package))
1 change: 1 addition & 0 deletions runtime/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ if(DEFINED EYRIE_SRCDIR)
endif()

include_directories(${KEYSTONE_SDK_DIR}/include/edge)
include_directories(${KEYSTONE_SDK_DIR}/include/shared)
include_directories(tmplib)
include_directories(include)

Expand Down
2 changes: 0 additions & 2 deletions runtime/call/sbi.c
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@

#include "mm/vm_defs.h"

#define SBI_EXT_EXPERIMENTAL_KEYSTONE_ENCLAVE 0x08424b45

#define SBI_CALL(___ext, ___which, ___arg0, ___arg1, ___arg2) \
({ \
register uintptr_t a0 __asm__("a0") = (uintptr_t)(___arg0); \
Expand Down
4 changes: 2 additions & 2 deletions runtime/call/syscall.c
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ uintptr_t dispatch_edgecall_syscall(struct edge_syscall* syscall_data_ptr, size_
return -1;
}

ret = sbi_stop_enclave(1);
ret = sbi_stop_enclave(STOP_EDGE_CALL_HOST);

if (ret != 0) {
return -1;
Expand Down Expand Up @@ -92,7 +92,7 @@ uintptr_t dispatch_edgecall_ocall( unsigned long call_id,
goto ocall_error;
}

ret = sbi_stop_enclave(1);
ret = sbi_stop_enclave(STOP_EDGE_CALL_HOST);

if (ret != 0) {
goto ocall_error;
Expand Down
20 changes: 1 addition & 19 deletions runtime/include/call/sbi.h
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,7 @@
#include <stdint.h>
#include <stddef.h>

#define SBI_SET_TIMER 0
#define SBI_CONSOLE_PUTCHAR 1
#define SBI_CONSOLE_GETCHAR 2

#define SBI_SM_CREATE_ENCLAVE 2001
#define SBI_SM_DESTROY_ENCLAVE 2002
#define SBI_SM_RUN_ENCLAVE 2003
#define SBI_SM_RESUME_ENCLAVE 2005
#define SBI_SM_RANDOM 3001
#define SBI_SM_ATTEST_ENCLAVE 3002
#define SBI_SM_GET_SEALING_KEY 3003
#define SBI_SM_STOP_ENCLAVE 3004
#define SBI_SM_EXIT_ENCLAVE 3006
#define SBI_SM_CALL_PLUGIN 4000

/* Plugin IDs and Call IDs */
#define SM_MULTIMEM_PLUGIN_ID 0x01
#define SM_MULTIMEM_CALL_GET_SIZE 0x01
#define SM_MULTIMEM_CALL_GET_ADDR 0x02
#include "sm_call.h"

void
sbi_putchar(char c);
Expand Down
7 changes: 1 addition & 6 deletions runtime/include/call/syscall.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,7 @@
#include "edge_syscall.h"
#include "mm/vm.h"

#define RUNTIME_SYSCALL_UNKNOWN 1000
#define RUNTIME_SYSCALL_OCALL 1001
#define RUNTIME_SYSCALL_SHAREDCOPY 1002
#define RUNTIME_SYSCALL_ATTEST_ENCLAVE 1003
#define RUNTIME_SYSCALL_GET_SEALING_KEY 1004
#define RUNTIME_SYSCALL_EXIT 1101
#include "eyrie_call.h"

void handle_syscall(struct encl_ctx* ctx);
void init_edge_internals(void);
Expand Down
1 change: 1 addition & 0 deletions runtime/test/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ include(AddCMockaTest)
enable_testing()

include_directories(../include)
include_directories(../../sdk/include/shared/)

add_cmocka_test(test_string SOURCES string.c COMPILE_OPTIONS -I${CMAKE_BINARY_DIR}/cmocka/include LINK_LIBRARIES cmocka)
add_cmocka_test(test_merkle
Expand Down
9 changes: 2 additions & 7 deletions sdk/include/app/syscall.h
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,8 @@
#include <stddef.h>
#include <stdint.h>
#include "sealing.h"
/* TODO We should be syncing these more explictly with the runtime
defs */
#define SYSCALL_OCALL 1001
#define SYSCALL_SHAREDCOPY 1002
#define SYSCALL_ATTEST_ENCLAVE 1003
#define SYSCALL_GET_SEALING_KEY 1004
#define SYSCALL_EXIT 1101

#include "shared/eyrie_call.h"

#define SYSCALL(which, arg0, arg1, arg2, arg3, arg4) \
({ \
Expand Down
4 changes: 3 additions & 1 deletion sdk/include/host/ElfFile.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@

#include <fcntl.h>
#include <unistd.h>

#include <iostream>
#include <string>

#include "./common.h"
#include "./keystone_user.h"
#include "shared/keystone_user.h"

extern "C" {
#include "./elf.h"
Expand Down
8 changes: 5 additions & 3 deletions sdk/include/host/KeystoneDevice.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,15 @@
#include <sys/ioctl.h>
#include <sys/types.h>
#include <unistd.h>

#include <cerrno>
#include <cstring>
#include <iostream>

#include "./common.h"
#include "./keystone_user.h"
#include "Error.hpp"
#include "Params.hpp"
#include "shared/keystone_user.h"

namespace Keystone {

Expand All @@ -40,7 +42,7 @@ class KeystoneDevice {
virtual uintptr_t initUTM(size_t size);
virtual Error finalize(
uintptr_t runtimePhysAddr, uintptr_t eappPhysAddr, uintptr_t freePhysAddr,
struct runtime_params_t params);
struct runtime_va_params_t params);
virtual Error destroy();
virtual Error run(uintptr_t* ret);
virtual Error resume(uintptr_t* ret);
Expand All @@ -60,7 +62,7 @@ class MockKeystoneDevice : public KeystoneDevice {
uintptr_t initUTM(size_t size);
Error finalize(
uintptr_t runtimePhysAddr, uintptr_t eappPhysAddr, uintptr_t freePhysAddr,
struct runtime_params_t params);
struct runtime_va_params_t params);
Error destroy();
Error run(uintptr_t* ret);
Error resume(uintptr_t* ret);
Expand Down
8 changes: 2 additions & 6 deletions sdk/include/host/common.h
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#ifndef __COMMON_H__
#define __COMMON_H__

#include "shared/sm_err.h"

#define RT_NOEXEC 0
#define USER_NOEXEC 1
#define RT_FULL 2
Expand All @@ -25,10 +27,4 @@
#define PERROR(str) perror(MSG(str))
#define IS_ALIGNED(x, align) (!((x) & (align - 1)))

/* Currently we have only one command avaiable from the enclave.
* We need to move it out to other header file (e.g., keystone-sm.h) */
#define KEYSTONE_ENCLAVE_DONE 0
#define KEYSTONE_ENCLAVE_INTERRUPTED 100002
#define KEYSTONE_ENCLAVE_EDGE_CALL_HOST 100011

#endif
12 changes: 4 additions & 8 deletions sdk/include/host/keystone_user.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@

#include <linux/ioctl.h>
#include <linux/types.h>

#include "sm_call.h"

// Linux generic TEE subsystem magic defined in <linux/tee.h>
#define KEYSTONE_IOC_MAGIC 0xa4

Expand All @@ -30,13 +33,6 @@
#define USER_FULL 3
#define UTM_FULL 4

struct runtime_params_t {
uintptr_t runtime_entry;
uintptr_t user_entry;
uintptr_t untrusted_ptr;
uintptr_t untrusted_size;
};

struct keystone_ioctl_create_enclave {
uintptr_t eid;

Expand All @@ -61,7 +57,7 @@ struct keystone_ioctl_create_enclave {
uintptr_t utm_size;

// Runtime Parameters
struct runtime_params_t params;
struct runtime_va_params_t params;
};

struct keystone_ioctl_run_enclave {
Expand Down
11 changes: 11 additions & 0 deletions sdk/include/shared/eyrie_call.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#ifndef __EYRIE_CALL_H__
#define __EYRIE_CALL_H__

#define RUNTIME_SYSCALL_UNKNOWN 1000
#define RUNTIME_SYSCALL_OCALL 1001
#define RUNTIME_SYSCALL_SHAREDCOPY 1002
#define RUNTIME_SYSCALL_ATTEST_ENCLAVE 1003
#define RUNTIME_SYSCALL_GET_SEALING_KEY 1004
#define RUNTIME_SYSCALL_EXIT 1101

#endif // __EYRIE_CALL_H__
Loading

0 comments on commit beb8392

Please sign in to comment.