Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

Commit

Permalink
fixup! [Pal] Linux-SGX: remove sgx-driver submodule
Browse files Browse the repository at this point in the history
  • Loading branch information
@woju
woju committed Dec 22, 2020
1 parent 6ed3691 commit db43e79
Showing 1 changed file with 11 additions and 12 deletions.
23 changes: 11 additions & 12 deletions Documentation/building.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,14 @@ Run the following commands on Ubuntu to install SGX-related dependencies::
FSGSBASE is a feature in recent processors which allows direct access to the FS
and GS segment base addresses. For more information about FSGSBASE and its
benefits, see `this discussion <https://lwn.net/Articles/821719>`__.
FSGSBASE patchset was merged in 5.9. For older kernels it is available as
`separate patches <https://github.com/oscarlab/graphene-sgx-driver/tree/master/fsgsbase_patches>`__.

FSGSBASE patchset was merged in 5.9. For older kernels it is available as separate
patches.

Enabling FSGSBASE support requires building and installing a custom kernel with
backported patches. The instructions to patch and compile a Linux kernel with
FSGSBASE support below are written around Ubuntu 18.04 LTS (Bionic Beaver) with
a Linux 5.4 LTS stable kernel but can be adapted for other distros as necessary.
These instructions ensure that the resulting kernel has FSGSBASE support and up
to date security mitigations.
The following instructions to patch and compile a Linux kernel with FSGSBASE
support below are written around Ubuntu 18.04 LTS (Bionic Beaver) with a Linux
5.4 LTS stable kernel but can be adapted for other distros as necessary. These
instructions ensure that the resulting kernel has FSGSBASE support and up to
date security mitigations.

#. Clone the repository with patches::

Expand Down Expand Up @@ -138,9 +136,10 @@ FSGSBASE feature available in recent processors.

.. warning::

This module is a |~| quick-and-dirty hack with gaping security hole.
"Do not use for production" is not a |~| joke. We use it only for testing
on very old kernels when the patchset does not apply cleanly.
This module is a |~| quick-and-dirty hack with dangerous security hole
(allows unauthorised local privilege escalation). "Do not use for production"
is not a |~| joke. We use it only for testing on very old kernels where the
patchset does not apply cleanly.

To install the Graphene FSGSBASE driver, run the following commands::

Expand Down

0 comments on commit db43e79

Please sign in to comment.