Clean up leftovers from EPID/legacy drivers deprecation

mkow · mkow · commit edb071b9f496 · 2025-02-02T01:22:59.000+01:00
Signed-off-by: Michał Kowalczyk &lt;mkow@invisiblethingslab.com&gt;
diff --git a/.pylintrc b/.pylintrc
@@ -160,8 +160,6 @@ ignored-classes=
     optparse.Values,
     pathlib.PurePath,
     thread._local,
-    GetTokenReq,
-    GetTokenRet,
 
 # List of module names for which member attributes should not be checked
 # (useful for modules/projects where namespaces are manipulated during runtime
diff --git a/Documentation/devel/coding-style.rst b/Documentation/devel/coding-style.rst
@@ -200,3 +200,10 @@ Meson
    tied to the script name (see :file:`meson.build` there). The scripts should
    be written in Python except for things that clearly benefit from being
    written in ``sh``.
+
+Tools outputs
+-------------
+
+When writing a Gramine tool which outputs data (e.g. dumps some SGX structures)
+please follow the formatting and conventions used in
+:program:`gramine-sgx-sigstruct-view`.
diff --git a/pal/src/host/linux-sgx/host_framework.c b/pal/src/host/linux-sgx/host_framework.c
@@ -13,27 +13,17 @@ static void*  g_zero_pages      = NULL;
 static size_t g_zero_pages_size = 0;
 
 int open_sgx_driver(void) {
-    const char* paths_to_try[] = {
-        /* DCAP and upstreamed version used different paths in the past. */
-        "/dev/sgx_enclave",
-        "/dev/sgx/enclave",
-    };
-    int ret;
-    for (size_t i = 0; i < ARRAY_SIZE(paths_to_try); i++) {
-        ret = DO_SYSCALL(open, paths_to_try[i], O_RDWR | O_CLOEXEC, 0);
-        if (ret == -EACCES) {
-            log_error("Cannot open %s (permission denied). This may happen because the current "
-                      "user has insufficient permissions to this device.", paths_to_try[i]);
-            return ret;
-        }
-        if (ret >= 0) {
-            g_isgx_device = ret;
-            return 0;
-        }
+    const char* path = "/dev/sgx_enclave";
+    int ret = DO_SYSCALL(open, path, O_RDWR | O_CLOEXEC, 0);
+    if (ret < 0) {
+        log_error("Cannot open %s (%s). This may happen because the current user has insufficient"
+                  "permissions to this device, your kernel is too old or your machine doesn't "
+                  "support SGX. Use is-sgx-available tool to get more information.",
+                  path, unix_strerror(ret));
+        return ret;
     }
-    log_error("Cannot open SGX driver device. Please make sure you're using an up-to-date kernel "
-              "or the standalone Intel SGX kernel module is loaded.");
-    return ret;
+    g_isgx_device = ret;
+    return 0;
 }
 
 static void get_optional_sgx_features(uint64_t xfrm, uint64_t xfrm_mask, uint64_t* out_xfrm) {
diff --git a/python/gramine-sgx-sigstruct-view b/python/gramine-sgx-sigstruct-view
@@ -49,7 +49,6 @@ def main(sigfile, verbose, output_format, output):
     elif output_format == "json":
         json.dump(sig_readable, output_txt, indent=4)
     else:
-        # plaintext format imitates the legacy output of `gramine-sgx-get-token` tool
         print('Attributes:', file=output_txt)
         for key, value in sig_readable.items():
             print(f'    {key}: {value}', file=output_txt)
