general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[tools] Support configuring PKU in Occlum.json

Browse Source
This commit is contained in:
zhubojun 2022-06-01 12:22:46 +08:00 committed by Zongmin.Gu
parent 338dda643b
commit b65cb4e017
4 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -124,7 +124,15 @@ Occlum can be configured easily via a configuration file named `Occlum.json`, wh
"version_number": 0, "version_number": 0,
// Whether the enclave is debuggable through special SGX instructions. // Whether the enclave is debuggable through special SGX instructions.
// For production enclave, it is IMPORTANT to set this value to false. // For production enclave, it is IMPORTANT to set this value to false.
"debuggable": true "debuggable": true,
// Whether to turn on PKU feature in Occlum
// Occlum uses PKU for isolation between LibOS and userspace program,
// It is useful for developers to detect potential bugs.
//
// "pkru" = 0: PKU feature must be disabled
// "pkru" = 1: PKU feature must be enabled
// "pkru" = 2: PKU feature is enabled if the platform supports it
"pkru": 0
}, },
// Mount points and their file systems // Mount points and their file systems
// //

3
etc/template/Occlum.json
View File

@ -33,7 +33,8 @@
"ext_prod_id": { "ext_prod_id": {
"high": "0x0", "high": "0x0",
"low": "0x0" "low": "0x0"
} },
"pkru": 0
}, },
"mount": [ "mount": [
{ {

3
test/Occlum.json
View File

@ -36,7 +36,8 @@
"ext_prod_id": { "ext_prod_id": {
"high": "0x0", "high": "0x0",
"low": "0x0" "low": "0x0"
} },
"pkru": 0
}, },
"mount": [ "mount": [
{ {

3
tools/gen_internal_conf/src/main.rs
View File

@ -204,6 +204,7 @@ fn main() {
ISVEXTPRODID_L: kss_tuple.2, ISVEXTPRODID_L: kss_tuple.2,
ISVFAMILYID_H: kss_tuple.3, ISVFAMILYID_H: kss_tuple.3,
ISVFAMILYID_L: kss_tuple.4, ISVFAMILYID_L: kss_tuple.4,
PKRU: occlum_config.metadata.pkru,
}; };
let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap(); let enclave_config = serde_xml_rs::to_string(&sgx_enclave_configuration).unwrap();
debug!("The enclave config:{:?}", enclave_config); debug!("The enclave config:{:?}", enclave_config);
@ -452,6 +453,7 @@ struct OcclumMetadata {
enable_kss: bool, enable_kss: bool,
family_id: OcclumMetaID, family_id: OcclumMetaID,
ext_prod_id: OcclumMetaID, ext_prod_id: OcclumMetaID,
pkru: u32,
} }
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
@ -512,6 +514,7 @@ struct EnclaveConfiguration {
ISVEXTPRODID_L: u64, ISVEXTPRODID_L: u64,
ISVFAMILYID_H: u64, ISVFAMILYID_H: u64,
ISVFAMILYID_L: u64, ISVFAMILYID_L: u64,
PKRU: u32,
} }
#[derive(Debug, PartialEq, Clone, Serialize)] #[derive(Debug, PartialEq, Clone, Serialize)]