diff mbox

[intel-sgx-kernel-dev,RFC] intel_sgx: load or generate LE signing key.

Message ID 20170702142545.12483-1-jarkko.sakkinen@linux.intel.com (mailing list archive)
State New, archived
Headers show

Commit Message

Jarkko Sakkinen July 2, 2017, 2:25 p.m. UTC 
Load or generate an RSA key in x.509 format. This key is used for
signing the in-kernel Launch Enclave's SIGSTRUCT. The digest of the
public key should be set to IA32_SGXLEPUBKEYHASHn MSRs.

arch/x86/sgx is meant for generating an object file that piggy packs the
Launch Enclave host program. This object file is linked to vmlinux.  The
SGX driver can locate the binary by using the 'sgx_lehost' symbol and
run the host program by using the user mode helper framework.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
This is the first commit for series that integrates LE from

https://github.com/jsakkine-intel/sgx-le

I'll send them first as RFC patches one by one and finally as a series.
Commits will be available at 'le' branch as they are released.
 arch/x86/Kbuild             |  4 ++++
 arch/x86/Kconfig            |  2 ++
 arch/x86/sgx/Kconfig        | 17 +++++++++++++++
 arch/x86/sgx/Makefile       | 51 +++++++++++++++++++++++++++++++++++++++++++++
 arch/x86/sgx/lehost_piggy.S |  8 +++++++
 5 files changed, 82 insertions(+)
 create mode 100644 arch/x86/sgx/Kconfig
 create mode 100644 arch/x86/sgx/Makefile
 create mode 100644 arch/x86/sgx/lehost_piggy.S

Comments

Jarkko Sakkinen July 3, 2017, 12:51 p.m. UTC | #1 
On Sun, Jul 02, 2017 at 05:25:45PM +0300, Jarkko Sakkinen wrote:
> Load or generate an RSA key in x.509 format. This key is used for
> signing the in-kernel Launch Enclave's SIGSTRUCT. The digest of the
> public key should be set to IA32_SGXLEPUBKEYHASHn MSRs.
> 
> arch/x86/sgx is meant for generating an object file that piggy packs the
> Launch Enclave host program. This object file is linked to vmlinux.  The
> SGX driver can locate the binary by using the 'sgx_lehost' symbol and
> run the host program by using the user mode helper framework.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

I'm sending rather soon an RFC patch set with all stuff pulled from my
sgx-le PoC project so need to comment this (necessarily).

/Jarkko
Jethro Beekman July 3, 2017, 3:39 p.m. UTC | #2 
On 2017-07-02 07:25, Jarkko Sakkinen wrote:
> +         Provide the file name of a private key/certificate in PEM format,

Why are you using a certificate? Just supplying a private key should be 
enough.

Jethro Beekman | Fortanix
Jarkko Sakkinen July 3, 2017, 5:42 p.m. UTC | #3 
On Mon, Jul 03, 2017 at 08:39:41AM -0700, Jethro Beekman wrote:
> On 2017-07-02 07:25, Jarkko Sakkinen wrote:
> > +         Provide the file name of a private key/certificate in PEM format,
> 
> Why are you using a certificate? Just supplying a private key should be
> enough.
> 
> Jethro Beekman | Fortanix

Excellent question. Key management is the reason why I sent this before
pushing the full implementation. My PoC [1] uses RSA keys. I chose to
use x.509 certificate here because that's what is used for module
singing.

[1] https://github.com/jsakkine-intel/sgx-le

/Jarkko
Jethro Beekman July 3, 2017, 10:02 p.m. UTC | #4 
On 2017-07-03 10:42, Jarkko Sakkinen wrote:
> On Mon, Jul 03, 2017 at 08:39:41AM -0700, Jethro Beekman wrote:
>> On 2017-07-02 07:25, Jarkko Sakkinen wrote:
>>> +         Provide the file name of a private key/certificate in PEM format,
>>
>> Why are you using a certificate? Just supplying a private key should be
>> enough.
>>
>> Jethro Beekman | Fortanix
> 
> Excellent question. Key management is the reason why I sent this before
> pushing the full implementation. My PoC [1] uses RSA keys. I chose to
> use x.509 certificate here because that's what is used for module
> singing.

Module signing is different, because the kernel is also expected to 
verify signatures. This never happens for the LE.

Jethro Beekman | Fortanix
Jarkko Sakkinen July 4, 2017, 5:27 p.m. UTC | #5 
On Mon, Jul 03, 2017 at 03:02:47PM -0700, Jethro Beekman wrote:
> On 2017-07-03 10:42, Jarkko Sakkinen wrote:
> > On Mon, Jul 03, 2017 at 08:39:41AM -0700, Jethro Beekman wrote:
> > > On 2017-07-02 07:25, Jarkko Sakkinen wrote:
> > > > +         Provide the file name of a private key/certificate in PEM format,
> > > 
> > > Why are you using a certificate? Just supplying a private key should be
> > > enough.
> > > 
> > > Jethro Beekman | Fortanix
> > 
> > Excellent question. Key management is the reason why I sent this before
> > pushing the full implementation. My PoC [1] uses RSA keys. I chose to
> > use x.509 certificate here because that's what is used for module
> > singing.
> 
> Module signing is different, because the kernel is also expected to verify
> signatures. This never happens for the LE.
> 
> Jethro Beekman | Fortanix

That is a valid point. I'll start with RSA keys and make a note to the
corresponding commit why we chose that route instead x.509. The only
counter argument I could give would be that in some ways it would make
sense for kbuild to eat this type of data in the same format everywhere.

Thanks for for your comments!

/Jarkko
diff mbox

Patch

diff --git a/arch/x86/Kbuild b/arch/x86/Kbuild
index 586b786b3edf..2f2ca3048e5a 100644
--- a/arch/x86/Kbuild
+++ b/arch/x86/Kbuild
@@ -25,3 +25,7 @@  obj-y += platform/
 obj-y += net/
 
 obj-$(CONFIG_KEXEC_FILE) += purgatory/
+
+ifdef CONFIG_INTEL_SGX
+obj-y += sgx/
+endif
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0efb4c9497bc..fdc3b2034694 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2810,3 +2810,5 @@  source "crypto/Kconfig"
 source "arch/x86/kvm/Kconfig"
 
 source "lib/Kconfig"
+
+source "arch/x86/sgx/Kconfig"
diff --git a/arch/x86/sgx/Kconfig b/arch/x86/sgx/Kconfig
new file mode 100644
index 000000000000..02a5a59971de
--- /dev/null
+++ b/arch/x86/sgx/Kconfig
@@ -0,0 +1,17 @@ 
+menu "Intel SGX"
+
+config INTEL_SGX_SIG_KEY
+	string "File name or PKCS#11 URI of Intel SGX LE signing key"
+	default "arch/x86/sgx/sgx_sig_key.pem"
+	depends on INTEL_SGX
+	help
+         Provide the file name of a private key/certificate in PEM format,
+         or a PKCS#11 URI according to RFC7512. The file should contain, or
+         the URI should identify, both the certificate and its corresponding
+         private key.
+
+         If this option is unchanged from its default "certs/intel_sgx_sig_key.pem",
+         then the kernel will automatically generate the private key and
+         certificate as described in Documentation/module-signing.txt
+
+endmenu
diff --git a/arch/x86/sgx/Makefile b/arch/x86/sgx/Makefile
new file mode 100644
index 000000000000..a528c00b2ec6
--- /dev/null
+++ b/arch/x86/sgx/Makefile
@@ -0,0 +1,51 @@ 
+#
+# Makefile for the Intel SGX Launch Enclave
+#
+
+ifeq ($(CONFIG_INTEL_SGX_SIG_KEY),"$(obj)/sgx_sig_key.pem")
+$(obj)/sgx_sig_key.pem: $(obj)/x509.genkey
+	@$(kecho) "###"
+	@$(kecho) "### Now generating the Intel SGX Launch Enclave x.509 certificate"
+	@$(kecho) "###"
+	@$(kecho) "### If this takes a long time, you might wish to run rngd in the"
+	@$(kecho) "### background to keep the supply of entropy topped up.  It"
+	@$(kecho) "### needs to be run as root, and uses a hardware random"
+	@$(kecho) "### number generator if one is available."
+	@$(kecho) "###"
+	$(Q)openssl genrsa -3 -out $(obj)/sgx_sign_rsa_key.pem 3072
+	$(Q)openssl req -new -nodes -utf8 -days 36500 \
+		-batch -x509 -config $(obj)/x509.genkey \
+		-outform PEM -out $(obj)/sgx_sig_key.pem \
+		-key $(obj)/sgx_sign_rsa_key.pem \
+		-keyout $(obj)/sgx_sig_key.pem \
+		2>&1
+	@$(kecho) "###"
+	@$(kecho) "### Key pair generated."
+	@$(kecho) "###"
+
+$(obj)/x509.genkey:
+	@$(kecho) Generating Intel SGX LE key generation config
+	@echo  >$@ "[ req ]"
+	@echo >>$@ "default_md = 256"
+	@echo >>$@ "distinguished_name = req_distinguished_name"
+	@echo >>$@ "prompt = no"
+	@echo >>$@ "string_mask = utf8only"
+	@echo >>$@ "x509_extensions = myexts"
+	@echo >>$@
+	@echo >>$@ "[ req_distinguished_name ]"
+	@echo >>$@ "#O = Unspecified company"
+	@echo >>$@ "CN = Build time autogenerated kernel key"
+	@echo >>$@ "#emailAddress = unspecified.user@unspecified.company"
+	@echo >>$@
+	@echo >>$@ "[ myexts ]"
+	@echo >>$@ "basicConstraints=critical,CA:FALSE"
+	@echo >>$@ "keyUsage=digitalSignature"
+	@echo >>$@ "subjectKeyIdentifier=hash"
+	@echo >>$@ "authorityKeyIdentifier=keyid"
+endif # CONFIG_INTEL_SGX_SIG_KEY
+
+$(eval $(call config_filename,INTEL_SGX_SIG_KEY))
+
+$(obj)/lehost_piggy.o: $(INTEL_SGX_SIG_KEY_SRCPREFIX)$(INTEL_SGX_SIG_KEY_FILENAME)
+
+obj-y += lehost_piggy.o
diff --git a/arch/x86/sgx/lehost_piggy.S b/arch/x86/sgx/lehost_piggy.S
new file mode 100644
index 000000000000..0b52eedae38c
--- /dev/null
+++ b/arch/x86/sgx/lehost_piggy.S
@@ -0,0 +1,8 @@ 
+#include <linux/linkage.h>
+#include <asm/page_types.h>
+
+	.section ".rodata","a"
+
+GLOBAL(sgx_lehost)
+	/* .incbin	"lehost" */
+END(sgx_lehost)