SGX-Step is an open-source framework to facilitate side-channel assault analysis on Intel SGX platforms. SGX-Step is composed of an
that securely shops execution context within the enclave’s SSA body, initializes CPU registers, and vectors to the (person area) interrupt handler registered within the IDT.
/dev/sgx-stepmotive force provides an non-compulsory IOCTL name for the privileged
Construction and Working
0. Gadget Necessities
SGX-Step calls for an Intel processor, and an off-the-shelf Linux kernel. Our analysis was once carried out on i7-6500U/6700 CPUs, working Ubuntu 16.04 with a inventory Linux 4.15.0 kernel. We summarize Linux underneath.
|Linux kernel parameter||Motivation|
|Configure native APIC tool in memory-mapped I/O mode (to use SGX-Step’s actual single-stepping options).|
|Suppress unneeded caution messages within the kernel logs.|
|Affinitize the sufferer procedure to an remoted CPU core.|
|Disable CPU microcode updates (/L1TF mitigations might impact single-stepping period).|
Move the required boot parameters to the kernel as follows:
$ sudo vim /and so forth/default/grub
# GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nox2apic iomem=comfy no_timer_check isolcpus=1"
$ sudo update-grub && sudo reboot
In the end, to be able to reproduce our experimental effects, be sure to disable C-States and SpeedStep generation within the BIOS configuration. The desk underneath lists lately supported Intel CPUs, in conjunction with their single-stepping APIC timer period (
|Style identify||CPU||Base frequency||APIC timer period|
|Kaby Lake R||1.9 GHz||34|
|Espresso Lake R||3.6 GHz||21|
1. Patch and set up SGX SDK
To permit simple registration of a customized Asynchronous Go out Pointer (AEP) stub, we changed the untrusted runtime of the reputable Intel SGX SDK. Continue as follows to checkout v2.6 and observe our patches.
$ git submodule init
$ git submodule replace
$ ./install_SGX_driver.sh # examined on Ubuntu 16.04
$ ./install_SGX_SDK.sh # examined on Ubuntu 16.04
The above set up
Notice (native set up). The patched SGX SDK and PSW applications will also be put in in the neighborhood, with out affecting a suitable system-wide ‘linux-sgx’ set up. For this, the instance Makefiles reinforce an
SGX_SDK surroundings variable that issues to the native SDK set up listing. When detecting a non-default SDK trail (i.e., now not
/choose/intel/sgxsdk), the “run” Makefile goals moreover dynamically hyperlink towards the patched
libsgx_urts.so untrusted runtime constructed within the native
linux-sgx listing (the usage of the
LD_LIBRARY_PATH surroundings variable).
Notice (32-bit reinforce). Directions for development 32-bit variations of the SGX SDK and SGX-Step will also be present in .
2. Construct and cargo
SGX-Step comes with a loadable kernel module that exports an IOCTL interface to the
libsgxstep user-space library. The driving force is basically liable for (i) hooking the APIC timer interrupt handler, (ii) amassing untrusted web page desk mappings, and optionally (iii) fetching the interrupted instruction pointer for benchmark enclaves.
To construct and cargo the
/dev/sgx-step motive force, execute:
$ cd kernel
$ make blank load
Notice (/dev/isgx). Our motive force makes use of some inner symbols and knowledge constructions from the reputable Intel
/dev/isgx motive force. We due to this fact come with a git submodule that issues to an unmodified v2.1 .
Notice (/dev/mem). We depend on Linux’s digital
/dev/mem tool to build user-level digital reminiscence mappings for APIC bodily memory-mapped I/O registers and web page desk entries of pastime. Fresh Linux distributions normally permit the
CONFIG_STRICT_DEVMEM choice which prevents such use, on the other hand. Our
/dev/sgx-step motive force due to this fact contains an to avoid
devmem_is_allowed exams, with no need to recompile the kernel.
3. Construct and run check programs
Consumer-space programs can hyperlink to the
libsgxstep library to use SGX-Step’s single-stepping and web page desk options. Take a look at the instance programs within the “app” listing.
As an example, to construct and run the
strlen assault from the paper for a benchmark enclave that processes the name of the game string 100 repeated instances, execute:
$ cd app/bench
$ NUM=100 STRLEN=1 make parse # then again range NUM and use BENCH=1 or ZIGZAG=1
$ # (above command defaults to the Dell Inspiron 13 7359 analysis pc gadget;
$ # use DESKTOP=1 to construct for a Dell Optiplex 7040 gadget)
$ # use SGX_SDK=/house/jo/sgxsdk/ for a neighborhood SDK set up
$ # use M32=1 To provide a 32-bit executable
The above command builds
libsgxstep, the benchmark sufferer enclave, and the untrusted attacker host procedure, the place the assault situation and example dimension are configured by the use of the corresponding surroundings variables. The similar command additionally runs the ensuing binary non-interactively (to make sure deterministic timer periods), and in any case calls an attack-specific post-processing Python script to parse the ensuing enclave instruction pointer benchmark effects.
Notice (efficiency). Unmarried-stepping enclaved execution incurs a considerable slowdown. We measured execution instances of as much as 15 mins for the experiments described within the paper. SGX-Step’s web page desk manipulation options permit to begin single-stepping for decided on purposes simplest, as an example through revoking get admission to rights on particular code or knowledge pages of pastime.
Notice (timer period). The precise timer period price will depend on CPU frequency, and therefore stays inherently platform-specific. Configure an acceptable price in
/app/bench/primary.c. We established actual timer periods for our analysis platforms (see desk above) through tweaking and watching the NOP microbenchmark enclave instruction pointer hint effects.
The use of SGX-Step for your personal tasks
One of the best ways to get began the usage of the SGX-Step framwork for your personal tasks, is thru :
$ cd my/git/mission
$ git submodule upload [email protected]:jovanbulck/sgx-step.git
$ cd sgx-step # Now construct `/dev/sgx-step` and `libsgxstep` as described above
Take a look on the Makefiles within the
app listing to peer how a shopper software can hyperlink to
libsgxstep plus any native SGX SDK/PSW applications.