Remove support for OOT (out-of-tree) SGX driver #2061
Conversation
Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
There was a problem hiding this comment.
Reviewed 49 of 49 files at r1, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @woju)
debian/control line 13 at r1 (raw file):
libprotobuf-c-dev, libsgx-dcap-quote-verify-dev, linux-libc-dev (>= 5.11) | linux-headers-amd64 (>= 5.11),
Don't we need linux-headers for sgx.h? Where does sgx.h come from?
pal/src/host/linux-sgx/host_framework.c line 551 at r1 (raw file):
int init_enclave(sgx_arch_secs_t* secs, sgx_sigstruct_t* sigstruct, sgx_arch_token_t* token) { #ifndef CONFIG_SGX_DRIVER_OOT __UNUSED(token);
Now we can just remove this argument.
pal/src/host/linux-sgx/host_main.c line 224 at r1 (raw file):
log_debug("Token file: %s", token_path); ret = read_enclave_token(token_fd, enclave_token);
read_enclave_token() is unused now
There was a problem hiding this comment.
Reviewed 49 of 49 files at r1, all commit messages.
Reviewable status: all files reviewed, 6 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @woju)
pal/src/host/linux-sgx/host_main.c line 204 at r1 (raw file):
static int get_enclave_token(sgx_arch_token_t* enclave_token, sgx_sigstruct_t* enclave_sigstruct) { return create_dummy_enclave_token(enclave_sigstruct, enclave_token); }
Since the get_enclave_token function is only creating a dummy token, wondering if the function and the code related to the generated dummy token can all be removed.
Code quote:
static int get_enclave_token(sgx_arch_token_t* enclave_token, sgx_sigstruct_t* enclave_sigstruct) {
return create_dummy_enclave_token(enclave_sigstruct, enclave_token);
}pal/src/host/linux-sgx/host_main.c line 274 at r1 (raw file):
log_error("Reading enclave token failed: %s", unix_strerror(ret)); goto out; }
The error message should be updated (or removed?), the function is no longer reading token file. Also create_dummy_enclave_token() never returns ret < 0
Code quote:
ret = get_enclave_token(&enclave_token, &enclave_sigstruct);
if (ret < 0) {
log_error("Reading enclave token failed: %s", unix_strerror(ret));
goto out;
}pal/src/host/linux-sgx/host_main.c line 278 at r1 (raw file):
#ifdef DEBUG if (enclave->profile_enable) { if (!(enclave_token.body.attributes.flags & SGX_FLAGS_DEBUG)) {
Maybe consider checkingenclave_sigstruct.body instead since the dummy token value was derived from it?
Description of the changes
See commit message.
How to test this PR?
CI.
This change is