[PAL/Linux-SGX] Add AEX-Notify support #1530
Open
Commits on Apr 29, 2024
-
[PAL/Linux-SGX] Add AEX-Notify feature enabling code and update doc.
AEX-Notify is a security feature used to mitigate the SGX-Step type attacks on SGX. The SGX-Step type attacks rely on frequent enclave preemptions (e.g. interrupts) to execute an SGX enclave in small increments and strategically extract secret data from the enclave through one or more side channels. The AEX Notify feature allows a mitigation handler to run after ERESUME from each Async Exit, aiming to mitigate the side-channel information exposed by the attacks. This commit includes below changes for aex-notify support: - add a new manifest option `sgx.enable_aex_notify` - update related structures for aex-notify feature - add initialization/finalization code for aex-notify - update document Co-authored-by: Gu, Junjun <[email protected]> Co-authored-by: Dmitrii Kuvaiskii <[email protected]> Signed-off-by: Gu, Junjun <[email protected]> Signed-off-by: Dmitrii Kuvaiskii <[email protected]> Signed-off-by: Zhang, Lili Z <[email protected]>
3 people committedApr 29, 2024 -
[PAL/Linux-SGX] Add AEX-Notify enabling and documentation.
AEX-Notify is a security feature used to mitigate the SGX-Step type attacks on SGX. The SGX-Step type attacks rely on frequent enclave preemptions (e.g. interrupts) to execute an SGX enclave in small increments and strategically extract secret data from the enclave through one or more side channels. The AEX-Notify feature allows a mitigation handler to run after each asynchronous exit (AEX). This commit is first in a series that adds the complete AEX-Notify feature. It includes the following enablement changes: - add a new manifest option `sgx.experimental_enable_aex_notify` - update related structures for AEX-Notify feature - add initialization/finalization code for aex-notify - update documentation Signed-off-by: Zhang, Lili Z <[email protected]>
-
fixup! [PAL/Linux-SGX] Add AEX-Notify enabling and documentation.
Signed-off-by: Zhang, Lili Z <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.