Penglai TEE 信息

Penglai-PMP 中提供的功能

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71


 /* include/sm/sm.h */
 // secure monitor functions -> 初始化sm，分配enclave内存，创建enclave，enclave认证，运行enclave，暂停/恢复enclave，销毁enclave（删除enclave结构，清空被分配的内存），ocall（调用外部程序），get_key（获取enclave的密钥），退出enclave？，do_timer_irq？
 //实现的功能基本都是对enclave.h当中的函数的封装
 void sm_init();
 ​
 uintptr_t sm_mm_init(uintptr_t paddr, unsigned long size);
 ​
 uintptr_t sm_mm_extend(uintptr_t paddr, unsigned long size);
 ​
 uintptr_t sm_alloc_enclave_mem(uintptr_t mm_alloc_arg);
 ​
 uintptr_t sm_create_enclave(uintptr_t enclave_create_args);
 ​
 uintptr_t sm_attest_enclave(uintptr_t enclave_id, uintptr_t report, uintptr_t nonce);
 ​
 uintptr_t sm_run_enclave(uintptr_t *regs, uintptr_t enclave_id);
 ​
 uintptr_t sm_debug_print(uintptr_t *regs, uintptr_t enclave_id);
 ​
 uintptr_t sm_stop_enclave(uintptr_t *regs, uintptr_t enclave_id);
 ​
 uintptr_t sm_resume_enclave(uintptr_t *regs, uintptr_t enclave_id);
 ​
 uintptr_t sm_destroy_enclave(uintptr_t *regs, uintptr_t enclave_id);
 ​
 uintptr_t sm_enclave_ocall(uintptr_t *regs, uintptr_t ocall_func_id, uintptr_t arg0, uintptr_t arg1);
 ​
 uintptr_t sm_enclave_get_key(uintptr_t* regs, uintptr_t salt_va, uintptr_t salt_len,
                         uintptr_t key_buf_va, uintptr_t key_buf_len);
 ​
 uintptr_t sm_exit_enclave(uintptr_t *regs, unsigned long retval);
 ​
 uintptr_t sm_do_timer_irq(uintptr_t *regs, uintptr_t mcause, uintptr_t mepc);
 ​
 int check_in_enclave_world();

 /* include/sm/thread.h */  //enclave线程切换相关操作
 ​
 /* enclave thread state */
 struct thread_state_t
 {
   uintptr_t encl_ptbr;
   uintptr_t prev_stvec;
   uintptr_t prev_mie;
   uintptr_t prev_mideleg;
   uintptr_t prev_medeleg;
   uintptr_t prev_mepc;
   uintptr_t prev_cache_binding;
   struct general_registers_t prev_state;
 };
 ​
 /* swap previous and current thread states */
 void swap_prev_state(struct thread_state_t* state, uintptr_t* regs);
 void swap_prev_mepc(struct thread_state_t* state, uintptr_t mepc);
 void swap_prev_stvec(struct thread_state_t* state, uintptr_t stvec);
 void swap_prev_cache_binding(struct thread_state_t* state, uintptr_t cache_binding);
 void swap_prev_mie(struct thread_state_t* state, uintptr_t mie);
 void swap_prev_mideleg(struct thread_state_t* state, uintptr_t mideleg);
 void swap_prev_medeleg(struct thread_state_t* state, uintptr_t medeleg);

 /* include/sm/attest.h */ //提供有关enclave认证的函数，包括hash、签名、验证功能
 ​
 void attest_init();
 ​
 void hash_enclave(struct enclave_t* enclave, void* hash, uintptr_t nonce);
 ​
 void update_enclave_hash(char *output, void* hash, uintptr_t nonce_arg);
 ​
 void sign_enclave(void* signature, unsigned char *message, int len);
 ​
 int verify_enclave(void* signature, unsigned char *message, int len);

Penglai-TVM 中提供的功能：

shadow_enclave
attest_enclave

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73


 static int sbi_ecall_penglai_handler(unsigned long extid, unsigned long funcid,
                   unsigned long *args, unsigned long *out_val,
                   struct sbi_trap_info *out_trap)
 {
   uintptr_t arg0 = args[10], arg1 = args[11], arg2 = args[12], arg3 = args[13], arg4 = args[14], retval;
   csr_write(CSR_MEPC, args[32] + 4);
   switch (funcid) {
     case SBI_SET_PTE:
       retval = sm_set_pte(arg0, (uintptr_t*)arg1, arg2, arg3);
       break;
     case SBI_SM_INIT:
       retval = sm_sm_init(arg0, arg1, arg2, arg3, arg4);
       break;
     case SBI_SM_PT_AREA_SEPARATION:
       retval = sm_pt_area_separation(arg0, arg1);
       break;
     case SBI_SM_MAP_PTE:
       retval = sm_map_pte((uintptr_t *)arg0, (uintptr_t *)arg1);
       break;
     case SBI_MEMORY_EXTEND:
       retval = sm_mm_extend(arg0, arg1);
       break;
     case SBI_CREATE_ENCLAVE:
       retval = sm_create_enclave(arg0);
       break;
     case SBI_RUN_ENCLAVE:
       retval = sm_run_enclave(args, arg0, arg1);
       break;
     case SBI_STOP_ENCLAVE:
       retval = sm_stop_enclave(args, arg0);
       break;
     case SBI_RESUME_ENCLAVE:
       retval = sm_resume_enclave(args, arg0, arg1);
       break;
     case SBI_DESTROY_ENCLAVE:
       retval = sm_destroy_enclave(args, arg0);
       break;
     case SBI_ATTEST_ENCLAVE:
       retval = sm_attest_enclave(arg0, arg1, arg2);
       break;
     case SBI_CREATE_SERVER_ENCLAVE:
       retval = sm_create_server_enclave(arg0);
       break;
     case SBI_CREATE_SHADOW_ENCLAVE:
       retval = sm_create_shadow_enclave(arg0);
       break;
     case SBI_RUN_SHADOW_ENCLAVE:
       retval = sm_run_shadow_enclave(args, arg0, arg1);
       break;
     case SBI_ATTEST_SHADOW_ENCLAVE:
       retval = sm_attest_shadow_enclave(arg0, arg1, arg2);
       break;
     case SBI_DESTROY_SHADOW_ENCLAVE:
       retval = sm_destroy_shadow_enclave(args, arg0);
       break;
     case SBI_DESTROY_SERVER_ENCLAVE:
       retval = sm_destroy_server_enclave(args, arg0);
       break;
     case SBI_SCHRODINGER_INIT:
       retval = sm_schrodinger_init(arg0, arg1);
       break;
     case 84:
       retval = sm_print(arg0, arg1);
       break;
 ​
     default:
         retval = SBI_ENOTSUPP;
     }
   args[32] = csr_read(CSR_MEPC);
   args[33] = csr_read(CSR_MSTATUS);
   *out_val = retval;
     return retval;
 }

核对未实现的函数，确认其影响，尤其是直接返回0的函数

RISC-V miscs

RISC-V harts

简而言之，hart 是一个 RISC-V 执行上下文，它包含一整套 RISC-V 架构寄存器，并且独立于 RISC-V 系统中的其他 hart 执行其程序。构成“RISC-V 系统”的内容取决于软件的执行环境，但对于标准的用户级程序，它意味着用户可见的 harts 和内存（即多线程 Unix 用户进程）。“独立执行”意味着每个 hart 最终将按程序顺序获取并执行其下一条指令，而不管其他 hart 的活动（至少在用户级别）sniper。