Skip to content

Simulate prohibited instructions #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bluele merged 2 commits into from
Jul 17, 2025
Merged

Simulate prohibited instructions #6

bluele merged 2 commits into from
Jul 17, 2025

Conversation

@bluele
Copy link
Member

@bluele bluele commented Jul 15, 2025

No description provided.

@bluele bluele requested a review from Copilot July 16, 2025 00:32

This comment was marked as outdated.

Sign in to view

@bluele bluele force-pushed the simulate-prohibited-instructions branch from baa10ea to 8c559bd Compare July 17, 2025 08:22
bluele added 2 commits July 17, 2025 18:10
@bluele
simulate prohibited instructions
4d74516 
Signed-off-by: Jun Kimura <junkxdev@gmail.com>
@bluele
apply toml formatter
471540e 
Signed-off-by: Jun Kimura <junkxdev@gmail.com>
@bluele bluele force-pushed the simulate-prohibited-instructions branch from 8c559bd to 471540e Compare July 17, 2025 09:11
@bluele bluele requested a review from Copilot July 17, 2025 09:15
Copilot AI reviewed Jul 17, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds support for simulating and testing prohibited CPU instructions in SGX simulation mode by patching them to UD2 and handling them via a SIGILL handler.

  • Introduces test_signal.rs with unit tests for trapping CPUID, SYSCALL, SYSENTER, and INT 0x80 in the enclave simulation.
  • Implements a SIGILL handler and instruction counter in the untrusted app to catch and verify UD2 traps.
  • Adds simulate module in sgx-urts to patch prohibited instructions in the enclave binary and configures build scripts for sgx_sim mode.

Reviewed Changes

Copilot reviewed 11 out of 17 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
unit-test/enclave/src/test_signal.rs Adds simulation-mode trap tests for various CPU instructions
unit-test/enclave/build.rs Sets SGX_MODE env var and emits cfg(sgx_sim) build flags
unit-test/enclave/src/lib.rs Registers new signal handler tests in the enclave test runner
unit-test/app/src/main.rs Installs SIGILL handler, counts UD2 traps, and verifies trap counts
unit-test/app/build.rs Mirrors SGX_MODE handling for the untrusted app
unit-test/app/Cargo.toml Adds simulate_utils, libc, tracing, and tracing-subscriber
sgx-urts/src/simulate.rs Implements patch_enclave_binary and patched enclave creation
sgx-urts/src/lib.rs Exposes simulate module under feature flag
sgx-urts/Cargo.toml Adds optional dependencies for simulate_utils feature
samples/hello-rust/app/src/main.rs Updates debug flag logic to use .unwrap_or_default() == "1"
Makefile Splits test into enclave-test and untrusted-test targets

unit-test/enclave/build.rs
let sgx_mode = std::env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string());

// Set configuration based on SGX_MODE
println!("cargo:rustc-check-cfg=cfg(sgx_sim)");
Copy link

Copilot AI Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The directive cargo:rustc-check-cfg=cfg(sgx_sim) is not a valid Cargo build-script key. Replace it with println!("cargo:rustc-cfg=sgx_sim"); to correctly enable the sgx_sim cfg flag.

Suggested change
println!("cargo:rustc-check-cfg=cfg(sgx_sim)");
println!("cargo:rustc-cfg=sgx_sim");

Copilot uses AI. Check for mistakes.
unit-test/app/build.rs
let sgx_mode = std::env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string());

// Set configuration based on SGX_MODE
println!("cargo:rustc-check-cfg=cfg(sgx_sim)");
Copy link

Copilot AI Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The directive cargo:rustc-check-cfg=cfg(sgx_sim) is not recognized by Cargo. It should be println!("cargo:rustc-cfg=sgx_sim"); to actually define the sgx_sim configuration.

Suggested change
println!("cargo:rustc-check-cfg=cfg(sgx_sim)");
println!("cargo:rustc-cfg=sgx_sim");

Copilot uses AI. Check for mistakes.
@bluele bluele marked this pull request as ready for review July 17, 2025 09:28
@bluele bluele merged commit 0e2f63e into main Jul 17, 2025
1 check passed
@bluele bluele deleted the simulate-prohibited-instructions branch July 17, 2025 09:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bluele