Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AEP trampoline sgx-gdb compatibility #9

Open
jovanbulck opened this issue Mar 16, 2019 · 9 comments
Open

AEP trampoline sgx-gdb compatibility #9

jovanbulck opened this issue Mar 16, 2019 · 9 comments
Labels
bug

Comments

@jovanbulck
Copy link
Owner

Custom AEP trampoline seems to cause sgx-gdb to crash with a segmentation fault. Full output for the aep-redirect sample program:

GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Source directories searched: /opt/intel/sgxsdk/lib64/gdb-sgx-plugin:$cdir:$cwd
Setting environment variable "LD_PRELOAD" to null value.
Reading symbols from ./app...done.
(gdb) r
Starting program: /home/jo/write_buffer_writeup/code/sgx-step/app/aep-redirect/app 
detect urts is loaded, initializing
Function "random_stack_notify_gdb" not defined.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[main.c] Creating enclave...
add-symbol-file '/home/jo/write_buffer_writeup/code/sgx-step/app/aep-redirect/Enclave/encl.so' 0x7ffff5c00bd0 -readnow -s .interp 0x7ffff5c00238  -s .note.gnu.build-id 0x7ffff5c00254  -s .gnu.hash 0x7ffff5c00278  -s .dynsym 0x7ffff5c003d8  -s .dynstr 0x7ffff5c007c8  -s .rela.dyn 0x7ffff5c00a88  -s .plt 0x7ffff5c00bb0  -s .plt.got 0x7ffff5c00bc0  -s .nipx 0x7ffff5c12ca0  -s .rodata 0x7ffff5c134d0  -s .niprod 0x7ffff5c13c80  -s .eh_frame_hdr 0x7ffff5c144c0  -s .eh_frame 0x7ffff5c148a8  -s .fini_array 0x7ffff5e16e20  -s .data.rel.ro 0x7ffff5e16e40  -s .dynamic 0x7ffff5e16ea0  -s .got 0x7ffff5e16fe0  -s .got.plt 0x7ffff5e17000  -s .data 0x7ffff5e17020  -s .nipd 0x7ffff5e17904  -s .bss 0x7ffff5e18000 
==== Victim Enclave ====
[pt.c] /dev/sgx-step opened!
    Base:   0x7ffff5c00000
    Size:   4194304
    Limit:  0x7ffff6000000
    TCS:    0x7ffff5f7a000
    SSA:    0x7ffff5f7bf48
    AEP:    0x402c82
    EDBGRD: debug
[main.c] revoking a access rights..

Program received signal SIGSEGV, Segmentation fault.
0x00007fffffffd9c5 in ?? ()
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff79a6269 in raise (sig=11) at ../sysdeps/unix/sysv/linux/pt-raise.c:35
35	../sysdeps/unix/sysv/linux/pt-raise.c: No such file or directory.
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) quit

After some digging it seems this is caused by the is_eresume() function of upstream SDK, which assumes the AEP is always a single ENCLU instruction. As such, sgx-gdb compatibility will probably require another SDK patch...

https://github.com/intel/linux-sgx/blob/master/sdk/debugger_interface/linux/se_ptrace.c#L368

static int is_eresume(pid_t pid, struct user_regs_struct *regs)
{
    unsigned int instr;

    if(!se_read_process_mem(pid, (void *)regs->REG(ip), (char *)&instr, sizeof(instr), NULL))
        return FALSE;
    if((ENCLU == (instr & 0xffffff))
            && (SE_ERESUME == regs->REG(ax)))
        return TRUE;
    return FALSE;
}
```
@jovanbulck jovanbulck added the bug label Mar 16, 2019
jovanbulck added a commit that referenced this issue Mar 16, 2019
@jovanbulck
app/aep-redirect: add Makefile debug target (cf., issue #9).
3fa2afa
@jovanbulck jovanbulck reopened this Apr 23, 2019
@GeorgeGogos
Copy link

Hello Mr. Bulck,I am trying to execute foreshadow attack on my laptop and i get the following output:

[===] Enclave [===]
[RM] encl.o encl.unsigned.so encl.so libencl_proxy.a
[RM] encl_t.o encl_u.o encl_t.h encl_t.c encl_u.h encl_u.c
[===] ../../libsgxstep [===]
[RM] apic.o cpu.o debug.o enclave.o file.o foreshadow.o gdt.o idt.o pt.o sched.o spy.o aep_trampoline.o irq_entry.o rtm.o transient.o libsgx-step.a
[RM] main.o app
[===] Enclave [===]
[GEN] sgx_edger8r encl.edl
[CC] encl_t.c (trusted edge)
[CC] encl.c (core)
[LD] encl.o encl_t.o -lsgx_trts encl.unsigned.so
[SGN] encl.unsigned.so
[CC] encl_u.c (untrusted edge)
[AR] libencl_proxy.a
[===] ../../libsgxstep [===]
[CC] apic.c
[CC] cpu.c
[CC] debug.c
[CC] enclave.c
[CC] file.c
[CC] foreshadow.c
[CC] gdt.c
[CC] idt.c
[CC] pt.c
[CC] sched.c
[CC] spy.c
[AS] aep_trampoline.S
[AS] irq_entry.S
[AS] rtm.S
[AS] transient.S
[AR] libsgx-step.a
[CC] main.c
[LD] main.o -o app
./app: symbol lookup error: ./app: undefined symbol: sgx_get_aep
Makefile:48: recipe for target 'run' failed
make: *** [run] Error 127

Before you open the issue I got the output you introduced in README.md. Is the error because of the above issue or I made a mistake while installing the sgx-step framework?

Thank you for your time

@jovanbulck
Copy link
Owner Author

Hi George,

No, this error should be unrelated to this issue. The linker error you get is because your SGX-SDK installation was not properly patched to export the needed sgx_get_aep functions. See the ./patch_sdk.sh script and instructions in the top-level README.md file.

Hope this helps!

@GeorgeGogos
Copy link

I will check it again.
Thank you for your help!

@kuldeeps5
Copy link

Hi George,

No, this error should be unrelated to this issue. The linker error you get is because your SGX-SDK installation was not properly patched to export the needed sgx_get_aep functions. See the ./patch_sdk.sh script and instructions in the top-level README.md file.

Hope this helps!

I am also facing the same issue mentioned by @GeorgeGogos, any update regarding this issue. @jovanbulck ?

@jovanbulck
Copy link
Owner Author

If you get this undefined symbol error, it basically means you have to make sure you're loading the patched SDK urts library. Make sure to purge any SGX libraries installed with apt-get and properly patch and install the patched library under /opt/intel/sgxsdk. You should check whether that one is being loaded with ldd

See more info and help suggestions here:

#24

Hope this helps, let me know with concrete details if you run into more troubles and I can try to help out:)

@kuldeeps5
Copy link

If you get this undefined symbol error, it basically means you have to make sure you're loading the patched SDK urts library. Make sure to purge any SGX libraries installed with apt-get and properly patch and install the patched library under /opt/intel/sgxsdk. You should check whether that one is being loaded with ldd

See more info and help suggestions here:

#24

Hope this helps, let me know with concrete details if you run into more troubles and I can try to help out:)

Compilation is done successfully, but i am getting this error when running the app:

[idt.c] locking IRQ handler pages 0x55555555a000/0x555555560000
[main.c] Creating enclave...
Error calling enclave at main.c:165 (rv=0x4004)
Aborted (core dumped)

Can you help me figure out this?
Thank you.

@jovanbulck
Copy link
Owner Author

Hm this indicates that there's a problem with creating the enclave, not sgx-step itself. The error is thrown by the Intel SGX-SDK code, see also this related issue:

#34

In particular it seems 0x4004 is SGX_ERROR_SERVICE_INVALID_PRIVILEGE, so most likely you're trying to launch a production (non-debug) SGX enclave or so?

https://github.com/intel/linux-sgx/blob/d10c025eb0bfe0c53e524a486f2d17307d0f1206/common/inc/sgx_error.h#L83

Make sure the DEBUG parameter is set to 1 in the call to sgx_create_enclave. ALso, you prob want to try to first run one of the sample SGX SDK applications (in sdk/intel-sdk/linux-sgx/SampleCode/) to make sure your setup works before moving on with sgx-step

@wuyifancaixukyun
Copy link

@jovanbulck

I got error when I ./app in foreshadow : undefined symbol: sgx_get_aep

I follew lines:
$ cd sdk/intel-sdk/
$ ./install_SGX_SDK.sh # tested on Ubuntu 18.04/20.04
$ source /opt/intel/sgxsdk/environment # add to ~/.bashrc to preserve across terminal sessions
$ sudo service aesmd status # stop/start aesmd service if needed

but I can't execute correctly.
Can you help me figure out this?
Thank you.

@jovanbulck
Copy link
Owner Author

Following up @wuyifancaixukyun , not sure if you already found a solution, but this error means that you didn't properly link to the patched SDK. Normally this should be fine if you follow the instructions above and nothing errors and you execute in the same terminal where you executed the source command.

For more directions and troubleshooting, have a look at issue #24 and let me know if it helps?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jovanbulck @GeorgeGogos @kuldeeps5 @wuyifancaixukyun