From b65cb4e0177648b666aa45cba8beae72642a7198 Mon Sep 17 00:00:00 2001
From: zhubojun <zhubojun.zbj@antgroup.com>
Date: Wed, 1 Jun 2022 12:22:46 +0800
Subject: [PATCH] [tools] Support configuring PKU in Occlum.json

---
 README.md                           | 10 +++++++++-
 etc/template/Occlum.json            |  3 ++-
 test/Occlum.json                    |  3 ++-
 tools/gen_internal_conf/src/main.rs |  3 +++
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c1ea7b5a..66292a82 100644
--- a/README.md
+++ b/README.md
@@ -124,7 +124,15 @@ Occlum can be configured easily via a configuration file named `Occlum.json`, wh
         "version_number": 0,
         // Whether the enclave is debuggable through special SGX instructions.
         // For production enclave, it is IMPORTANT to set this value to false.
-        "debuggable": true
+        "debuggable": true,
+        // Whether to turn on PKU feature in Occlum
+        // Occlum uses PKU for isolation between LibOS and userspace program,
+        // It is useful for developers to detect potential bugs.
+        //
+        // "pkru" = 0: PKU feature must be disabled
+        // "pkru" = 1: PKU feature must be enabled
+        // "pkru" = 2: PKU feature is enabled if the platform supports it
+        "pkru": 0
     },
     // Mount points and their file systems
     //
diff --git a/etc/template/Occlum.json b/etc/template/Occlum.json
index c5a45d24..99a07de6 100644
--- a/etc/template/Occlum.json
+++ b/etc/template/Occlum.json
@@ -33,7 +33,8 @@
         "ext_prod_id": {
             "high": "0x0",
             "low": "0x0"
-        }
+        },
+        "pkru": 0
     },
     "mount": [
         {
diff --git a/test/Occlum.json b/test/Occlum.json
index a2811e04..703d391d 100644
--- a/test/Occlum.json
+++ b/test/Occlum.json
@@ -36,7 +36,8 @@
         "ext_prod_id": {
             "high": "0x0",
             "low": "0x0"
-        }
+        },
+        "pkru": 0
     },
     "mount": [
         {
diff --git a/tools/gen_internal_conf/src/main.rs b/tools/gen_internal_conf/src/main.rs
index 56847763..5b683832 100644
--- a/tools/gen_internal_conf/src/main.rs
+++ b/tools/gen_internal_conf/src/main.rs
@@ -204,6 +204,7 @@ fn main() {
             ISVEXTPRODID_L: kss_tuple.2,
             ISVFAMILYID_H: kss_tuple.3,
             ISVFAMILYID_L: kss_tuple.4,
+            PKRU: occlum_config.metadata.pkru,
         };
         let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap();
         debug!("The enclave config:{:?}", enclave_config);
@@ -452,6 +453,7 @@ struct OcclumMetadata {
     enable_kss: bool,
     family_id: OcclumMetaID,
     ext_prod_id: OcclumMetaID,
+    pkru: u32,
 }
 
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
@@ -512,6 +514,7 @@ struct EnclaveConfiguration {
     ISVEXTPRODID_L: u64,
     ISVFAMILYID_H: u64,
     ISVFAMILYID_L: u64,
+    PKRU: u32,
 }
 
 #[derive(Debug, PartialEq, Clone, Serialize)]