问题描述
- 环境:Ubuntu16版本,2.6版本graphene和对应的SGX-driver
- 问题具体:
安装好SGX需要的driver,psw,sdk之后编译graphene成功,同样进入到测试目录`
make SGX=1成功,显示为
但是当运行SGX=1 ./pal_loader curl之后却出现
并不是预期结果
3.自己用grep -r 找"Creating enclave failed"输出,发现在$GRAPHENE/Pal/src/host/Linux-SGX目录下的sgx_main.c当中的 initialize_enclave函数当中的
这一段是输出这句话的地方,可能是ret值小于0导致输出这句话,再次寻找create_enclave 这个函数, 在sgx_framesork.c当中找到定义
,具体的代码如下:
int create_enclave(sgx_arch_secs_t * secs,
sgx_arch_token_t * token)
{
assert(secs->size && IS_POWER_OF_2(secs->size));
assert(IS_ALIGNED(secs->base, secs->size));
int flags = MAP_SHARED;
if (!zero_page) {
zero_page = (void *)
INLINE_SYSCALL(mmap, 6, NULL, g_page_size,
PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0);
if (IS_ERR_P(zero_page))
return -ENOMEM;
}
secs->ssa_frame_size = get_ssaframesize(token->body.attributes.xfrm) / g_page_size;
secs->misc_select = token->masked_misc_select_le;
memcpy(&secs->attributes, &token->body.attributes, sizeof(sgx_attributes_t));
/* Do not initialize secs->mr_signer and secs->mr_enclave here as they are
* not used by ECREATE to populate the internal SECS. SECS's mr_enclave is
* computed dynamically and SECS's mr_signer is populated based on the
* SIGSTRUCT during EINIT (see pp21 for ECREATE and pp34 for
* EINIT in https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf). */
uint64_t addr = INLINE_SYSCALL(mmap, 6, secs->base, secs->size,
PROT_READ|PROT_WRITE|PROT_EXEC,
flags|MAP_FIXED, isgx_device, 0);
if (IS_ERR_P(addr)) {
if (ERRNO_P(addr) == 1 && (flags | MAP_FIXED))
pal_printf("Permission denied on mapping enclave. "
"You may need to set sysctl vm.mmap_min_addr to zero\n");
SGX_DBG(DBG_I, "enclave ECREATE failed in allocating EPC memory "
"(errno = %ld)\n", ERRNO_P(addr));
return -ENOMEM;
}
assert(secs->base == addr);
struct sgx_enclave_create param = {
.src = (uint64_t) secs,
};
int ret = INLINE_SYSCALL(ioctl, 3, isgx_device, SGX_IOC_ENCLAVE_CREATE, ¶m);
if (IS_ERR(ret)) {
SGX_DBG(DBG_I, "enclave ECREATE failed in enclave creation ioctl - %d\n", ERRNO(ret));
return -ERRNO(ret);
}
if (ret) {
SGX_DBG(DBG_I, "enclave ECREATE failed - %d\n", ret);
return -EPERM;
}
secs->attributes.flags |= SGX_FLAGS_INITIALIZED;
SGX_DBG(DBG_I, "enclave created:\n");
SGX_DBG(DBG_I, " base: 0x%016lx\n", secs->base);
SGX_DBG(DBG_I, " size: 0x%016lx\n", secs->size);
SGX_DBG(DBG_I, " misc_select: 0x%08x\n", secs->misc_select);
SGX_DBG(DBG_I, " attr.flags: 0x%016lx\n", secs->attributes.flags);
SGX_DBG(DBG_I, " attr.xfrm: 0x%016lx\n", secs->attributes.xfrm);
SGX_DBG(DBG_I, " ssa_frame_size: %d\n", secs->ssa_frame_size);
SGX_DBG(DBG_I, " isv_prod_id: 0x%08x\n", secs->isv_prod_id);
SGX_DBG(DBG_I, " isv_svn: 0x%08x\n", secs->isv_svn);
return 0;
}
现在想要正常运行graphene,应该怎么改呢?
