INTERNALSself tests on sgx2 system with patches: self testsrun makethen

1. INTERNALS
2.  
3. self tests on sgx2 system with patches: self tests
4. run make
5. then run self test binary
6.  
7. 3 ioctls in kernel interface. expects ptrs to types as u64s. these aren't public interfaces in kernel. so we have to use internal kernel types. look at make file lines 36 and 37.
8.  
9. look at x86 calling conv. order of functions passed into registers.
10.  
11. encl_body copies from rdi to rsi. thus output will be same as input.
12.  
13. pages to create an enclave:
14. SECS page
15. each thread has a TCS page; requires other pages to build this, but they are implicit in TCS page
16. SIGSTRUCT page (transient, used to contain signature and ID info about enclave)
17.  
18. page = 4096 bytes (4k)
19.  
20. .tcs section above that (lines 10-24 in enclave_bootstrap.S)
21. contains encl_entry: when you jump in using this tcs structure, it will start executing at this encl_entry function (technically a named address).
22.  
23. .text section of binary = code and data
24.  
25. EENTER will always start execution at encl_entry
26.  
27. NSSA = number of SSAs. not modified by running.
28. CSSA is current SSA. this is incremented / decremented.
29.  
30. xsave_area = ??
31.  
32.  
33. asynch exit vs. eexit.
34. one of them changes the SSA area, the other doesn't.
35.  
36. stack grows in opp direction of everything else.
37. code in .c file is appended after the stack.
38.  
39. this enclave_boostrap.S + encl.c (with linking script. encl.lds determining layout of ELF binary) = ELF binary
40.  
41. --> look at encl.elf file (output as final binary before it's signed) with readelf.
42. this requires kernel patches.
43. copy nixOS config. modify slightly for our usage. then do install using that config. = fully fledges.
44. alternative: send PR to n's config to add user account adding own ssh key.
45.  
46. ---------------------------
47.  
48. EXTERNALS
49.  
50. our use case: we'll pull in components are runtime, reassemble, tool to sign it.
51.  
52. make enclave:
53. 1. create (SECS page)
54. 2. add pages (mult times maybe) (TCS and TEXT pages must be done separately)
55. 3. init
56.  
57. sgxsign.c simulates this (eadd and eextend are two steps of add pages). code to measure binary is mimicking kernel API for creating enclave. result is structure SIGSTRUCT = signing info, internal kernel structure but is documented as part of hw interface by intel.
58.  
59. sgx/arch.h
60. sgx_sigstruct header and body defined
61. this is one of the structures we need to port to rust, then generate this by signing a binary, able to pass it using same mem rep to kernel.
62.  
63. convert 3 sigstruct structures to rust.
64.  
65. #[repr(c)] means mem layout must be same as it would be in C.
66. packed means fields aren't aligned.
67.  
68. possible constructors:
69. load from file, give hash of binary into mrenclave.
70.  
71. ON THIS HEADER:
72. asm/sgx.h
73. call bindgen, which should resolve the macros. then fix it because it is ugly, so we clean up by hand.
74.  
75. IOCTLS take only one argument, so we must bundle into struct.
76.  
77. for add_pages, kernel is going through one at a time of pages we put in bundle. EADD then EEXTEND (16 times) are happening behind page. kernel interface simplifies this.
78.  
79. go one struct at a time.
80. SECS, TECS, SIGINFO, SIGSTRUCT pages.
81. create a repo and merge them one struct at a time.
82.  
83. assembly of enclave currently done at compile time, this is how we are able to run static binary is that we do assembly at runtime intstead.
84. static binary will be .c file and stuff in .s file will be broken in to components: TCS dynamically constructed at runtime, same for SSAs (one array of SSA per TCS). all the stuff from .s file we'll instead take in as input and dynamically generate. create enclave, measure, load at runtime.