Comments (6)
Hi,
I would not say that it is “the entire Linux kernel”. Large parts of the Linux kernel are device drivers and functionality that directly interacts with the hardware. This is not meaningful or required for SGX enclaves, and we create an Linux kernel version that only includes the bare minimum of functionality that is needed to implement the POSIX system call interface inside the enclave.
Since Linux binaries require a compliant implementation of the POSIX interface to execute, one cannot avoid providing that implementation as part of the TCB inside the enclave.
from sgx-lkl.
I understand that SGX-LKL does not need to include the part of Linux kernel that interacts with hardware directly. But it is still a bit of vague to me as to how much is "the bare minimum" of Linux. Could you give the total number of the lines of code of LKL that is included in the enclave? Or, you can just give me a list of directories so that I can do the math myself.
Thanks a lot.
from sgx-lkl.
Hmm, it's not that easy. You could look at an SGX-LKL build and consider all source files whose object files are linked into libsgxlkl.so.
The problem with this is that we haven't optimised the kernel configuration yet, and currently we are including functions that aren't necessary (e.g. parts of the USB stack, unnecessary file systems etc). We should update the kernel configuration to remove these before building SGX-LKL.
More fundamentally, counting source code lines is a crude way of measuring the TCB size to judge security. For example, the Linux kernel code has a maturity that other experimental library OSs have not. In that sense, having more Linux kernel code in the enclave may be more secure than having fewer lines of code but with security vulnerabilities :-)
from sgx-lkl.
Given the complexity of Linux's build system, I don't think counting all the source files is a trivial task. So, looking for a quick answer, I built the sgx-lkl according to the README and found that libsgxlkl.so is as large as 65MB. I didn't use DEBUG=1
so I don't think there are debug symbols in the resulting libsgxlkl.so. In my experience, a binary of size of this magnitude means millions of lines of C code.
This is a good project. I am not judging anything; I am just looking for some answers. Thanks for you kind explanations.
from sgx-lkl.
Hi @tatetian,
I think even when building without DEBUG=true
the file does not get stripped and will contain some debug information. If you look at the output of size
you'll get a better idea of the size of loadable segments that will actually end up inside the enclave. For me, it shows a size of 7.25MB.
I have previously tried to get an estimate of the lines of code of the Linux kernel that get included. It's indeed not very straightforward. If you simply look at the lines of code of all *.o files generated, the result is around ~420k lines of code. However, this will ignore conditional code blocks controlled via preprocessor defines as well as header files. So this is a very rough estimate.
As @prp already mentioned, there is definitely a lot of potential for optimisation. We haven't really looked into optimizing the kernel configuration to get rid of unused features. Same for third party dependencies.
In any case, there are always trade offs. In the case of SGX-LKL the TCB definitely has a significant size. The benefit of this approach is the minimal reliance on the host system even for complex applications. The alternative would be to increase the reliance on the host by doing more work outside of the enclave. For example, you could rely on the host file system rather than having a file system inside the enclave. Obviously you now expose a lot more information to the host and you'll have to find a way to sufficiently protect the integrity and confidentiality of that data.
from sgx-lkl.
Hi @cpriebe ,
I agree that different SGX LibOSes have different trade-offs. It is exactly for this reason that I raised this question, trying to figure out the TCB of SGX-LKL. Eventually, it is up to the end users to decide which tradeoffs are most suitable for them.
Thanks @prp and @cpriebe for your inputs. This clarifies the TCB issue for me and other people who are interested in the project.
from sgx-lkl.
Related Issues (20)
- [Test] Enable back 5 tests failing with ethreads=1 after bugs fixed HOT 1
- [Test] LTP test is not reported failed if binary is not built successfully HOT 2
- [Test] Build only enabled LTP tests
- [Test] Fix LTP tests for sync_file_range02 and fdatasync03 HOT 1
- Dead code in sgx-lkl-musl HOT 3
- Linux kernel version 5.3 is no longer being updated with functional and security patches
- Feature: multi party attestation HOT 2
- Fix broken samples HOT 2
- A futex wait interrupted by a signal returns the wrong errno value (516 vs EINTR)
- branch cleanup-musl deleted ? HOT 2
- Benchmarking file system operations in the enclave; caching ? HOT 1
- problem with redis
- helloworld sample case failed in SGX1
- Unable to use JVM (openjdk-15) inside enclave
- Disk integrity protection status
- ERROR: Failed to map /geth: Resource busy
- helloworld fails on SGX2
- SGX driver used by OpenEnclave is not supported by the latest Ubuntu 18.04 (kernel version 5.4.0)
- Specify the Maximum Heap Size in Enclave HOT 1
- ERROR: Failed to map /foo: Resource busy
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sgx-lkl.