Shulou(Shulou.com)11/24 Report--

This article comes from the official account of Wechat: programming Technology Universe (ID:xuanyuancoding), author: Xuanyuan Wind O

Mysterious Project this is Ah Q from CPU No.1 Workshop. Yes, I'm doing it again.

Recently, I got off work several times with Huzi in the No. 2 workshop next door, and he refused to have time, but he didn't see what he was doing.

A few days ago, I went to see him again, but I didn't see anyone else, but I accidentally found a document on his desk. I opened it to see if it was a mysterious project codenamed SGX, or whether the leaders of the factory took the lead in attacking the fortifications themselves.

After taking a closer look, it turns out that since the last attack, the leaders have been worried. Although they relied on the methods provided by the operating system at that time to temporarily solve the urgent needs, we have always had our own defects, and there is no guarantee that we will have to turn over the car one day.

This mysterious project, code-named SGX, whose full name is Software Guard Extensions, aims to comprehensively reform and improve the security capabilities of our CPU.

I was suddenly unhappy about eavesdropping on the meeting. I was not invited to attend such an important project.

Then I came to the leader's office, and sure enough, they were having a secret meeting, and I leaned around to eavesdrop.

"ladies and gentlemen, you are all the core backbone of our factory. Do you have any thoughts on this safety capability improvement when you go back? please speak freely!" I heard the leader talking.

Core backbone? Isn't my Ah Q the core backbone? It's so cold!

After being dull for a while, Huzi in the No. 2 workshop next door said, "Don't we have a secure access level now? from Ring0 to Ring3, it is good enough to isolate application attacks."

The leader shook his head. "nevertheless, some malware can take advantage of loopholes in the operating system to gain access to Ring0, and our existing security protection is gone."

"that's also the pot of the operating system. If you want to improve it, you should let them do it. What do we care?" Huzi went on to say.

Have you forgotten the attack on our CPU some time ago?

As soon as these words came out, the meeting room was instantly quiet. At this level, the leader unexpectedly invited him not to invite me!

The leader slowed down and went on to say, "We can't always rely on the security protection of the operating system, and we have to do something about it ourselves." I think the existing security mechanism is not enough, the operating system loopholes are frequent, it is easy to break, we can not trust the operating system now, we need a thorough and comprehensive reform! "

At this time, the representative of Workshop 5 said, "Leader, I went back to do some research and learned that our competitors have introduced a technology called TrustZone, which is used to support trusted computing. It claims to provide a very secure environment for programs that require extremely high security, such as payment, fingerprint verification, and so on. If we want to do it, we can refer to it."

After listening to the introduction of TrustZone, the elder brother in No. 3 workshop seemed to find inspiration and said excitedly, "I have it!" We can delimit a special area in memory as a top secret space. Put highly confidential program code and data to run here, and then introduce a new working mode. Our CPU is allowed to access this secure space only in this mode, otherwise we cannot access it even if we have the authority of Ring0! "

The idea of introducing a new mode of work is very new, and people are talking about it one after another.

"how can this safe space be technically realized?"

"how does a thread enter and exit a safe space? what if a malicious program goes in?"

"how do I call a function in an external ordinary space? what if the external function is attacked?"

"what if you need a system call? what about interrupts and exceptions?"

In a short period of time, everyone asked a lot of questions

The leaders assigned tasks to several of them one by one, went down to think about the solutions to these problems, and discussed them in a few days.

I left in a hurry before they left the meeting.

This is a good opportunity to take the initiative. If the above problems can be solved, the leader may be able to let me join the project team.

As for the implementation of secure space, since it is an area delimited from memory, it is natural to do something about the access control of memory. I have some friendship with Xiao Hei, the memory management unit MMU in our factory, and I'm going to ask him for advice.

After listening to my needs, Blackie didn't care. "it's no big deal. I'll check the permissions when I access memory. At that time, in addition to the previous checks, I can add another check: if you find that you want to visit the safe space page, then check whether the current working mode is correct."

I also have my own ideas on several other issues. Safe spaces are used in the order of creation-initialization-entry-exit-destruction.

Create: create a safe space by executing the ECREATE instruction

Initialization: initialize the safe space you just created by executing the EINIT instruction

Enter & exit: enter and exit the safe space by executing the EENTER/EEXIT instruction, similar to the SYSENTER / SYSEXIT instruction of the system call. Set the entrance address in advance, and after entering the safe space, you need to start from the designated place to avoid outside programs. While executing these two instructions, CPU switches the safe mode.

Interrupts & exceptions: when interrupts and exceptions are encountered, the operating system kernel processing code needs to be executed instead, and the operating system cannot be trusted. You need to execute the AEX instruction to exit, saving the context of execution in the safe space so that you can go back to execution.

System call: the system call is a bit troublesome and needs to enter the kernel space of the operating system. Because the operating system cannot be trusted, it is also necessary to exit the safe space first and then come in after executing the system call.

Function calls: safe space and external functions can call each other, ordinary space calls safe space functions called ECALL, safe space calls external space functions called OCALL. The way of calling is similar to the system call of the operating system, except that the function of the operating system is provided by the kernel, and the function of the security space is defined by the application itself.

Destroy: destroy a safe space by executing the EREMOVE instruction

I also named this safe space Enclave, and naturally our CPU working mode is divided into Enclave mode and non-Enclave mode.

After the memory encryption, I sorted out my ideas, went to the leader's office and volunteered to join the SGX project team.

The leader was obviously surprised by my arrival, but after reading the materials I prepared, I was satisfied with my application and asked me to participate in the next discussion.

Soon it will be the next meeting, and I will no longer have to eavesdrop outside the door.

At the meeting, my plan was unanimously approved by everyone, but only the representative of the eighth workshop disagreed: "the safe space scheme is very good, but there is still a lack of the most important thing, if this is added, it will be perfect!"

"what is it?" Everyone looked at Hachi together.

"these various attacks end up reading and writing in-memory data, and what is the root cause of their repeated success?" Well, Hachi said.

Everyone was at a loss as to what he was trying to say.

"Hachi, don't worry about it, just say it!"

Eight stood up and said, "the fundamental reason is that the data in memory is plaintext, and once the data is leaked, it may cause serious consequences." and what if we encrypt the in-memory data in the secure space? even if our lines of defense are lost, the other party will only get the encrypted data and can do nothing! "

If Hachi hit me in the head, why didn't I consider it in this direction?

"encryption? when will it be decrypted?" Huzi asked.

"that's a good question. I suggest that our memory management department set up a memory encryption engine circuit MEE (memory encryption engine) to transparently encrypt and decrypt the data in the safe space, encrypt the data when it is written into memory, and decrypt it when it is read into our CPU!"

As soon as Huzi heard, "Oh, this is good. I suggest it be promoted in an all-round way. Why only use it in a safe space?"

Old eight patted Hu Zi on the head: "say you are a tiger, you are really a tiger, the impact of this thing on performance can not be underestimated, how can you use it casually, good steel should be used on the blade!"

"good! eight is a good suggestion. I've decided that Hachi will take the lead in this project!" The leader rose up in the case.

After the meeting, Huzi laughed that I had been busy for a long time but did not become the leader. I was very open to it. It would be good to participate together. Learning technology is the king.

After the launch of the Egg SGX project, the security of our CPU has been greatly improved, but is this safe space really as unbreakable as an iron bucket that we have made so much effort to create?

To predict what will happen in the future, please pay attention to the wonderful future.

Limited by the story form, many implementation details of SGX technology are inconvenient to unfold. Friends who are interested in the implementation principle can refer to the following article:

Analysis and Research of SGX Technology: http://www.jos.org.cn/ html / 2018/9/5594.htm

Intel SGX Learning: https://zhuanlan.zhihu.com/ pamp 50894009

Intel official documentation: https://software.intel.com/ sites / default / files / article / 413936 / hasp-2013-innovative-instructions-and-software-model-for-isolated-execution.pdf

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.