Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sgx-detect: interactive debug #264

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

sgx-detect: interactive debug #264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5698108
Add support to write EFI variables to the environment
shreevari Jul 3, 2020
b5f867c
Update tests to match struct definitions
shreevari Jul 4, 2020
3306077
Use dialoguer for interactive prompts
shreevari Jul 25, 2020
744a018
Enable SGX via software
shreevari Aug 2, 2020
9ae1879
[WIP] Fix permission issue while writing EFI variables
shreevari Aug 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions sgxs-tools/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ serde = "1.0.84" # MIT/Apache-2.0
serde_derive = "1.0.84" # MIT/Apache-2.0
serde_yaml = "0.8.8" # MIT/Apache-2.0
pe = { version = "0.1", optional = true } # GPL
dialoguer = "0.6.2" # MIT

[target.'cfg(unix)'.dependencies]
"dcap-ql" = { version = "0.3.0", path = "../dcap-ql" }
Expand Down
41 changes: 36 additions & 5 deletions sgxs-tools/src/sgx_detect/imp/linux.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use std::collections::HashMap;
use std::ffi::OsString;
use std::fs::{File, read_dir};
use std::io::{BufRead, BufReader, ErrorKind, Read, Seek, SeekFrom};
use std::fs::{File, OpenOptions, read_dir};
use std::io::{BufRead, BufReader, ErrorKind, Read, Write, Seek, SeekFrom};
use std::os::unix::ffi::OsStringExt;
use std::path::PathBuf;
use std::process::Command;
Expand Down Expand Up @@ -46,7 +46,7 @@ pub fn rdmsr(address: u64) -> Result<u64, Error> {
}
}

pub fn read_efi_var(name: &str, guid: &str) -> Result<Vec<u8>, Error> {
pub fn read_efi_var(name: &str, guid: &str) -> Result<(Vec<u8>, u32), Error> {
let fspath = (|| {
for line in BufReader::new(File::open("/proc/self/mountinfo")?).split(b'\n') {
let line = line?;
Expand All @@ -65,14 +65,45 @@ pub fn read_efi_var(name: &str, guid: &str) -> Result<Vec<u8>, Error> {
(|| {
let mut file = File::open(fspath.join(&format!("{}-{}", name, guid)))?;
let mut buf = [0u8; 4];
file.read_exact(&mut buf)?; // skip EFI attributes
file.read_exact(&mut buf)?; // read EFI attributes
let attr = u32::from_le_bytes(buf);
let mut buf = vec![];
file.read_to_end(&mut buf)?;
Ok(buf)
Ok((buf, attr))
})()
.map_err(|e| DetectError::EfiVariableError(e).into())
}

pub fn write_efi_var(name: &str, guid: &str, value: Vec<u8>, attributes: u32) -> Result<(), Error> {
let fspath = (|| {
for line in BufReader::new(File::open("/proc/self/mountinfo")?).split(b'\n') {
let line = line?;
let mut mountinfo = line.split(|&c| c == b' ');
if let Some(path) = mountinfo.nth(4) {
let fs = mountinfo.skip(1).skip_while(|&i| i != b"-").nth(1);
if fs == Some(b"efivarfs") {
return Ok(PathBuf::from(OsString::from_vec(path.into())));
}
}
}
Err(ErrorKind::NotFound.into())
})()
.map_err(|e| Error::from(DetectError::EfiFsError(e)))?;

(|| {
let mut file = OpenOptions::new().write(true).create(true).open(fspath.join(&format!("{}-{}", name, guid)))?;
if file.write(&attributes.to_le_bytes())? < 4 {
return Err(std::io::Error::last_os_error());
}
if file.write(&value)? < value.len() {
return Err(std::io::Error::last_os_error());
}
Ok(())
})()
.map_err(|e| e.into())

}

pub fn aesm_status() -> Result<AesmStatus, Error> {
let out = Command::new("systemctl")
.args(&["show", "-p", "LoadState,ActiveState", "aesmd.service"])
Expand Down
34 changes: 29 additions & 5 deletions sgxs-tools/src/sgx_detect/imp/windows.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,48 @@ pub fn rdmsr(_address: u64) -> Result<u64, Error> {
bail!("RDMSR not implemented on Windows")
}

pub fn read_efi_var(name: &str, guid: &str) -> Result<Vec<u8>, Error> {
pub fn read_efi_var(name: &str, guid: &str) -> Result<(Vec<u8>, u32), Error> {
let mut env: Vec<u8> = vec![0; 1024];
let name = CString::new(name)?;
let guid = CString::new(guid)?;
let attr = 0 as DWORD;
let ret: DWORD = unsafe {
GetFirmwareEnvironmentVariableA(
GetFirmwareEnvironmentVariableExA(
name.as_ptr(),
guid.as_ptr(),
env.as_mut_ptr() as _,
env.len() as _
env.len() as _,
attr.as_mut_ptr() as _,
)
};
if ret == 0 {
return Err(DetectError::EfiVariableError(std::io::Error::last_os_error()).into())
return Err(DetectError::EfiVariableError(std::io::Error::last_os_error()).into());
}
else {
env.truncate(ret as usize);
return Ok(env);
return Ok((env, attr));
}
}

pub fn write_efi_var(name: &str, guid: &str, value: Vec<u8>, attributes: u32) -> Result<(), Error> {
let name = CString::new(name)?;
let guid = CString::new(guid)?;

let ret: DWORD = unsafe {
SetFirmwareEnvironmentVariableExA(
name.as_ptr(),
guid.as_ptr(),
value.as_mut_ptr() as _,
value.len() as _,
attributes as _,
)
};

if ret == 0 {
return Err(DetectError::EfiVariableError(std::io::Error::last_or_error()).into());
}
else {
return Ok(());
}
}

Expand Down