sgx_status_t SGXLaunchToken::update_launch_token( bool force_update_tok) { sgx_status_t status = SGX_SUCCESS; if (get_enclave_creator()->is_in_kernel_driver() == true) { memset(&m_launch, 0, sizeof(m_launch)); m_launch_updated = false; return status; } if (force_update_tok || SE_ERROR_INVALID_LAUNCH_TOKEN == chk_launch_token(m_css, m_secs_attr, &m_launch)) { status = ::get_launch_token(m_css, m_secs_attr, &m_launch); if (status == SGX_SUCCESS) m_launch_updated = true; else return status; } return status; }
extern "C" sgx_status_t sgx_create_enclave_from_buffer_ex(uint8_t *buffer, uint64_t buffer_size, const int debug, sgx_enclave_id_t *enclave_id, sgx_misc_attribute_t *misc_attr, const uint32_t ex_features, const void* ex_features_p[32]) { sgx_status_t ret = SGX_SUCCESS; // Only true or false is valid if (TRUE != debug && FALSE != debug) { return SGX_ERROR_INVALID_PARAMETER; } if (!_check_ex_params_(ex_features, ex_features_p)) { return SGX_ERROR_INVALID_PARAMETER; } se_file_t file = {NULL, 0, false}; ret = _create_enclave_from_buffer_ex(!!debug, buffer, buffer_size, file, NULL, enclave_id, misc_attr, ex_features, ex_features_p); if (SGX_SUCCESS != ret && misc_attr) { sgx_misc_attribute_t plat_cap; memset(&plat_cap, 0, sizeof(plat_cap)); get_enclave_creator()->get_plat_cap(&plat_cap); memcpy_s(misc_attr, sizeof(sgx_misc_attribute_t), &plat_cap, sizeof(sgx_misc_attribute_t)); } return ret; }
extern "C" sgx_status_t __sgx_create_enclave_ex(const char *file_name, const int debug, sgx_launch_token_t *launch_token, int *launch_token_updated, sgx_enclave_id_t *enclave_id, sgx_misc_attribute_t *misc_attr, const uint32_t ex_features, const void* ex_features_p[32]) { sgx_status_t ret = SGX_SUCCESS; //Only true or false is valid if(TRUE != debug && FALSE != debug) return SGX_ERROR_INVALID_PARAMETER; if (!_check_ex_params_(ex_features, ex_features_p)) { return SGX_ERROR_INVALID_PARAMETER; } int fd = open(file_name, O_RDONLY); if(-1 == fd) { SE_TRACE(SE_TRACE_ERROR, "Couldn't open the enclave file, error = %d\n", errno); return SGX_ERROR_ENCLAVE_FILE_ACCESS; } se_file_t file = {NULL, 0, false}; char resolved_path[PATH_MAX]; file.name = realpath(file_name, resolved_path); file.name_len = (uint32_t)strlen(resolved_path); ret = _create_enclave_ex(!!debug, fd, file, NULL, launch_token, launch_token_updated, enclave_id, misc_attr, ex_features, ex_features_p); if(SGX_SUCCESS != ret && misc_attr) { sgx_misc_attribute_t plat_cap; memset(&plat_cap, 0, sizeof(plat_cap)); get_enclave_creator()->get_plat_cap(&plat_cap); memcpy_s(misc_attr, sizeof(sgx_misc_attribute_t), &plat_cap, sizeof(sgx_misc_attribute_t)); } close(fd); return ret; }
int CLoader::build_mem_region(const section_info_t * const sec_info) { int ret = SGX_SUCCESS; uint8_t added_page[SE_PAGE_SIZE]; uint64_t offset = 0; uint8_t *raw_ptr = NULL; uint64_t rva = 0; sec_info_t sinfo; memset(&sinfo, 0, sizeof(sinfo)); rva = sec_info->rva + offset; while(offset < TRIM_TO_PAGE(sec_info->raw_data_size)) { raw_ptr = sec_info->raw_data + offset; sinfo.flags = sec_info->flag; //check if the page is writable. if(sec_info->bitmap && sec_info->bitmap->size()) { uint64_t page_frame = rva >> SE_PAGE_SHIFT; //NOTE: // Current enclave size is not beyond 64G, so the type-casting from (uint64>>15) to (size_t) is OK. // In the future, if the max enclave size is extended to beyond (1<<49), this type-casting will not work. // It only impacts the enclave signing process. (32bit signing tool to sign 64 bit enclaves) if((*sec_info->bitmap)[(size_t)(page_frame / 8)] & (1 << (page_frame % 8))) sinfo.flags = sec_info->flag | SI_FLAG_W; } //call driver API to add page; raw_ptr needn't be page align, driver will handle page align; if(SGX_SUCCESS != (ret = get_enclave_creator()->add_enclave_page(ENCLAVE_ID_IOCTL, raw_ptr, rva, sinfo, ADD_EXTEND_PAGE))) { //if add page failed , we should remove enclave somewhere; return ret; } offset += SE_PAGE_SIZE; rva = sec_info->rva + offset; }