Skip to content

Commit

Permalink
Merge pull request #4354 from oasisprotocol/andrej/feature/devsgx-aut…
Browse files Browse the repository at this point in the history 
…odetect

go/runtime/host/sgx: Autodetect SGX device name
  • Loading branch information
@abukosek
abukosek authored Nov 12, 2021
2 parents 94237e2 + 3b30b54 commit a3491a8
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
1 change: 1 addition & 0 deletions .changelog/4333.feature.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
go/runtime/host/sgx: Autodetect SGX device name
27 changes: 25 additions & 2 deletions go/runtime/host/sgx/sgx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"fmt"
"io"
"io/ioutil"
"os"
"path/filepath"
"sync"
"time"
Expand Down Expand Up @@ -145,6 +146,23 @@ func (s *sgxProvisioner) loadEnclaveBinaries(rtCfg host.Config) ([]byte, []byte,
return sgxs, sig, nil
}

func (s *sgxProvisioner) discoverSGXDevice() (string, error) {
// Different versions of Intel SGX drivers provide different names for
// the SGX device. Autodetect which one actually exists.
sgxDevices := []string{"/dev/sgx", "/dev/sgx/enclave", "/dev/sgx_enclave", "/dev/isgx"}
for _, dev := range sgxDevices {
fi, err := os.Stat(dev)
if err != nil {
continue
}
if fi.Mode()&os.ModeDevice != 0 {
return dev, nil
}
}

return "", fmt.Errorf("no SGX device was found on this system")
}

func (s *sgxProvisioner) getSandboxConfig(rtCfg host.Config, socketPath, runtimeDir string) (process.Config, error) {
// To try to avoid bad things from happening if the signature/enclave
// binaries change out from under us, and because the enclave binary
Expand All @@ -161,6 +179,12 @@ func (s *sgxProvisioner) getSandboxConfig(rtCfg host.Config, socketPath, runtime
return process.Config{}, fmt.Errorf("host/sgx: failed to load enclave/signature: %w", err)
}

sgxDev, err := s.discoverSGXDevice()
if err != nil {
return process.Config{}, fmt.Errorf("host/sgx: %w", err)
}
s.logger.Info("found SGX device", "path", sgxDev)

return process.Config{
Path: s.cfg.LoaderPath,
Args: []string{
Expand All @@ -173,8 +197,7 @@ func (s *sgxProvisioner) getSandboxConfig(rtCfg host.Config, socketPath, runtime
aesmdSocketPath: "/var/run/aesmd/aesm.socket",
},
BindDev: map[string]string{
// TODO: Support different kinds of SGX drivers.
"/dev/isgx": "/dev/isgx",
sgxDev: sgxDev,
},
BindData: map[string]io.Reader{
runtimePath: bytes.NewReader(sgxs),
Expand Down

0 comments on commit a3491a8

Please sign in to comment.