From patchwork Wed Sep 13 15:21:04 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 9951547
Return-Path: <intel-sgx-kernel-dev-bounces@lists.01.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0518F6024A for <patchwork-intel-sgx@patchwork.kernel.org>;
	Wed, 13 Sep 2017 15:22:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E5F7B28EBC
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Wed, 13 Sep 2017 15:22:22 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E41AF28DA2; Wed, 13 Sep 2017 15:22:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.1
Received: from ml01.01.org (ml01.01.org [198.145.21.10])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CF24329138
	for <patchwork-intel-sgx@patchwork.kernel.org>;
	Wed, 13 Sep 2017 15:22:02 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id A57FC21D492DE;
	Wed, 13 Sep 2017 08:19:04 -0700 (PDT)
X-Original-To: intel-sgx-kernel-dev@lists.01.org
Delivered-To: intel-sgx-kernel-dev@lists.01.org
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ml01.01.org (Postfix) with ESMTPS id DB12C21E87978
	for <intel-sgx-kernel-dev@lists.01.org>;
	Wed, 13 Sep 2017 08:19:02 -0700 (PDT)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
	by orsmga105.jf.intel.com with ESMTP; 13 Sep 2017 08:22:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.42,388,1500966000"; d="scan'208";
	a="1171875585"
Received: from mp1-mobl.gar.corp.intel.com (HELO localhost)
	([10.249.254.124])
	by orsmga001.jf.intel.com with ESMTP; 13 Sep 2017 08:21:58 -0700
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: intel-sgx-kernel-dev@lists.01.org
Date: Wed, 13 Sep 2017 08:21:04 -0700
Message-Id: <20170913152104.21532-11-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20170913152104.21532-1-jarkko.sakkinen@linux.intel.com>
References: <20170913152104.21532-1-jarkko.sakkinen@linux.intel.com>
Subject: [intel-sgx-kernel-dev] [PATCH RFC v2 10/10] intel_sgx: update
	IA32_SGXLEPUBKEYHASH* MSRs
X-BeenThere: intel-sgx-kernel-dev@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Project: Intel&reg; Software Guard Extensions for Linux*:
	https://01.org/intel-software-guard-extensions"
	<intel-sgx-kernel-dev.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/intel-sgx-kernel-dev/>
List-Post: <mailto:intel-sgx-kernel-dev@lists.01.org>
List-Help: <mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/intel-sgx-kernel-dev>,
	<mailto:intel-sgx-kernel-dev-request@lists.01.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org
Sender: "intel-sgx-kernel-dev" <intel-sgx-kernel-dev-bounces@lists.01.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Check if IA32_SGXLEPUBKEYHASH* MSRs match. If they do not match, allow
the driver initialization to continue only if they are writable. In this
case update them with the MRSIGNER of the launch enclave.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/platform/x86/intel_sgx/sgx.h               |  3 +++
 drivers/platform/x86/intel_sgx/sgx_encl.c          | 30 ++++++++++++++++++++++
 .../platform/x86/intel_sgx/sgx_le_proxy_piggy.S    |  4 +++
 drivers/platform/x86/intel_sgx/sgx_main.c          | 26 +++++++++++++++++++
 4 files changed, 63 insertions(+)

diff --git a/drivers/platform/x86/intel_sgx/sgx.h b/drivers/platform/x86/intel_sgx/sgx.h
index 7f176d2a69b6..cac76ea61280 100644
--- a/drivers/platform/x86/intel_sgx/sgx.h
+++ b/drivers/platform/x86/intel_sgx/sgx.h
@@ -165,6 +165,9 @@ extern u64 sgx_encl_size_max_32;
 extern u64 sgx_encl_size_max_64;
 extern u64 sgx_xfrm_mask;
 extern u32 sgx_ssaframesize_tbl[64];
+extern bool sgx_locked_msrs;
+extern void *sgx_msrs_set;
+extern u64 sgx_le_pubkeyhash[4];
 
 extern const struct file_operations sgx_fops;
 extern const struct vm_operations_struct sgx_vm_ops;
diff --git a/drivers/platform/x86/intel_sgx/sgx_encl.c b/drivers/platform/x86/intel_sgx/sgx_encl.c
index 0e4fe47848aa..2850d43dda77 100644
--- a/drivers/platform/x86/intel_sgx/sgx_encl.c
+++ b/drivers/platform/x86/intel_sgx/sgx_encl.c
@@ -68,6 +68,7 @@
 #include <linux/slab.h>
 #include <linux/hashtable.h>
 #include <linux/shmem_fs.h>
+#include <linux/percpu.h>
 
 struct sgx_add_page_req {
 	struct sgx_encl *encl;
@@ -733,12 +734,32 @@ int sgx_encl_add_page(struct sgx_encl *encl, unsigned long addr, void *data,
 	return ret;
 }
 
+static void *sgx_set_pubkeyhash_msrs(void)
+{
+	bool *msrs_set;
+
+	msrs_set = get_cpu_ptr(sgx_msrs_set);
+	if (*msrs_set || sgx_locked_msrs) {
+		*msrs_set = true;
+		return msrs_set;
+	}
+
+	pr_info("intel_sgx: updating the LE public key MSRs\n");
+	wrmsrl(MSR_IA32_SGXLEPUBKEYHASH0, sgx_le_pubkeyhash[0]);
+	wrmsrl(MSR_IA32_SGXLEPUBKEYHASH1, sgx_le_pubkeyhash[1]);
+	wrmsrl(MSR_IA32_SGXLEPUBKEYHASH2, sgx_le_pubkeyhash[2]);
+	wrmsrl(MSR_IA32_SGXLEPUBKEYHASH3, sgx_le_pubkeyhash[3]);
+	*msrs_set = true;
+	return msrs_set;
+}
+
 int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
 		  struct sgx_einittoken *einittoken)
 {
 	int ret = SGX_UNMASKED_EVENT;
 	struct sgx_epc_page *secs_epc = encl->secs_page.epc_page;
 	void *secs_va = NULL;
+	void *cpu_lock;
 	int i;
 	int j;
 
@@ -753,9 +774,18 @@ int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,
 
 	for (i = 0; i < SGX_EINIT_SLEEP_COUNT; i++) {
 		for (j = 0; j < SGX_EINIT_SPIN_COUNT; j++) {
+			cpu_lock = sgx_set_pubkeyhash_msrs();
+			if (IS_ERR(cpu_lock)) {
+				mutex_unlock(&encl->lock);
+				return PTR_ERR(cpu_lock);
+			}
+
 			secs_va = sgx_get_page(secs_epc);
 			ret = __einit(sigstruct, einittoken, secs_va);
 			sgx_put_page(secs_va);
+
+			put_cpu_var(cpu_lock);
+
 			if (ret == SGX_UNMASKED_EVENT)
 				continue;
 			else
diff --git a/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S b/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S
index faced8a9a75a..e1e3742a0c93 100644
--- a/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S
+++ b/drivers/platform/x86/intel_sgx/sgx_le_proxy_piggy.S
@@ -9,3 +9,7 @@ GLOBAL(sgx_le_proxy)
 END(sgx_le_proxy)
 
 GLOBAL(sgx_le_proxy_end)
+
+GLOBAL(sgx_le_ss)
+	.incbin	"drivers/platform/x86/intel_sgx/le/enclave/sgx_le.ss"
+END(sgx_le_ss)
diff --git a/drivers/platform/x86/intel_sgx/sgx_main.c b/drivers/platform/x86/intel_sgx/sgx_main.c
index 0fa134a8287e..dd889913be33 100644
--- a/drivers/platform/x86/intel_sgx/sgx_main.c
+++ b/drivers/platform/x86/intel_sgx/sgx_main.c
@@ -68,6 +68,7 @@
 #include <linux/hashtable.h>
 #include <linux/kthread.h>
 #include <linux/platform_device.h>
+#include <linux/percpu.h>
 
 #define DRV_DESCRIPTION "Intel SGX Driver"
 #define DRV_VERSION "0.10"
@@ -80,6 +81,7 @@ MODULE_VERSION(DRV_VERSION);
  * Global data.
  */
 
+extern struct sgx_sigstruct sgx_le_ss;
 struct workqueue_struct *sgx_add_page_wq;
 #define SGX_MAX_EPC_BANKS 8
 struct sgx_epc_bank sgx_epc_banks[SGX_MAX_EPC_BANKS];
@@ -88,6 +90,9 @@ u64 sgx_encl_size_max_32;
 u64 sgx_encl_size_max_64;
 u64 sgx_xfrm_mask = 0x3;
 u32 sgx_ssaframesize_tbl[64];
+bool sgx_locked_msrs;
+void *sgx_msrs_set;
+u64 sgx_le_pubkeyhash[4];
 
 #ifdef CONFIG_COMPAT
 long sgx_compat_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
@@ -190,6 +195,14 @@ static int sgx_dev_init(struct device *dev)
 	if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
 		return -ENODEV;
 
+	sgx_msrs_set = alloc_percpu(bool);
+	if (!sgx_msrs_set)
+		return -ENOMEM;
+
+	ret = sgx_get_key_hash_simple(sgx_le_ss.modulus, sgx_le_pubkeyhash);
+	if (ret)
+		return ret;
+
 	for (i = 0; i < SGX_MAX_EPC_BANKS; i++) {
 		cpuid_count(SGX_CPUID, i + 2, &eax, &ebx, &ecx, &edx);
 		if (!(eax & 0xf))
@@ -267,6 +280,7 @@ static int sgx_dev_init(struct device *dev)
 static int sgx_drv_probe(struct platform_device *pdev)
 {
 	unsigned int eax, ebx, ecx, edx;
+	unsigned long fc;
 	int i;
 
 	if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
@@ -283,6 +297,17 @@ static int sgx_drv_probe(struct platform_device *pdev)
 		return -ENODEV;
 	}
 
+	if (!boot_cpu_has(X86_FEATURE_SGX_LC)) {
+		pr_err("intel_sgx: the CPU is missing launch control\n");
+		return -ENODEV;
+	}
+
+	rdmsrl(MSR_IA32_FEATURE_CONTROL, fc);
+	if (!(fc & FEATURE_CONTROL_SGX_LAUNCH_CONTROL_ENABLE)) {
+		pr_info("intel_sgx: the LE public key MSRs are locked\n");
+		sgx_locked_msrs = true;
+	}
+
 	cpuid_count(SGX_CPUID, 0x0, &eax, &ebx, &ecx, &edx);
 	if (!(eax & 1)) {
 		pr_err("intel_sgx: CPU does not support the SGX1 instructions\n");
@@ -325,6 +350,7 @@ static int sgx_drv_remove(struct platform_device *pdev)
 		iounmap((void *)sgx_epc_banks[i].va);
 #endif
 	sgx_page_cache_teardown();
+	free_percpu(sgx_msrs_set);
 
 	return 0;
 }